Beispiel #1
0
 def test_get_user_pubkeys(self, mock_to_dict, mock_models,
                           mock_get_session):
     session = mock_get_session.return_value
     actual_keys = db.get_user_pubkeys('user_id')
     keys = session \
         .query.return_value \
         .filter_by.return_value \
         .all.return_value
     session.query.assert_called_once_with(mock_models.PubKey)
     session.query.return_value.filter_by.assert_called_once_with(
         openid='user_id')
     self.assertEqual(keys, actual_keys)
Beispiel #2
0
def decode_token(request):
    """Validate request signature.

    ValidationError rises if request is not valid.
    """
    if not request.headers.get(const.JWT_TOKEN_HEADER):
        return
    try:
        auth_schema, token = request.headers.get(const.JWT_TOKEN_HEADER).split(
            ' ', 1)
    except ValueError:
        raise api_exc.ValidationError("Token is not valid")
    if auth_schema != 'Bearer':
        raise api_exc.ValidationError(
            "Authorization schema 'Bearer' should be used")
    try:
        token_data = jwt.decode(token, algorithms='RS256', verify=False)
    except jwt.InvalidTokenError:
        raise api_exc.ValidationError("Token is not valid")

    openid = token_data.get(const.USER_OPENID)
    if not openid:
        raise api_exc.ValidationError("Token does not contain user's openid")
    pubkeys = db.get_user_pubkeys(openid)
    for pubkey in pubkeys:
        try:
            pubkey_string = '%s %s' % (pubkey['format'], pubkey['pubkey'])
            pubkey_obj = serialization.load_ssh_public_key(
                pubkey_string.encode('utf-8'),
                backend=backends.default_backend())
            pem_pubkey = pubkey_obj.public_bytes(
                serialization.Encoding.PEM,
                serialization.PublicFormat.SubjectPublicKeyInfo)
        except (ValueError, IndexError, TypeError, binascii.Error):
            pass
        else:
            try:
                token_data = jwt.decode(token,
                                        key=pem_pubkey,
                                        options={
                                            'verify_signature': True,
                                            'verify_exp': True,
                                            'require_exp': True
                                        },
                                        leeway=const.JWT_VALIDATION_LEEWAY)
                # NOTE(sslipushenko) If at least one key is valid, let
                # the validation pass
                return token_data
            except jwt.InvalidTokenError:
                pass

    # NOTE(sslipushenko) If all user's keys are not valid, the validation fails
    raise api_exc.ValidationError("Token is not valid")
Beispiel #3
0
def decode_token(request):
    """Validate request signature.

    ValidationError rises if request is not valid.
    """
    if not request.headers.get(const.JWT_TOKEN_HEADER):
        return
    try:
        auth_schema, token = request.headers.get(
            const.JWT_TOKEN_HEADER).split(' ', 1)
    except ValueError:
        raise api_exc.ValidationError("Token is not valid")
    if auth_schema != 'Bearer':
        raise api_exc.ValidationError(
            "Authorization schema 'Bearer' should be used")
    try:
        token_data = jwt.decode(token, algorithms='RS256', verify=False)
    except jwt.InvalidTokenError:
        raise api_exc.ValidationError("Token is not valid")

    openid = token_data.get(const.USER_OPENID)
    if not openid:
        raise api_exc.ValidationError("Token does not contain user's openid")
    pubkeys = db.get_user_pubkeys(openid)
    for pubkey in pubkeys:
        try:
            pubkey_string = '%s %s' % (pubkey['format'], pubkey['pubkey'])
            pubkey_obj = serialization.load_ssh_public_key(
                pubkey_string.encode('utf-8'),
                backend=backends.default_backend()
            )
            pem_pubkey = pubkey_obj.public_bytes(
                serialization.Encoding.PEM,
                serialization.PublicFormat.SubjectPublicKeyInfo)
        except (ValueError, IndexError, TypeError, binascii.Error):
            pass
        else:
            try:
                token_data = jwt.decode(
                    token, key=pem_pubkey,
                    options={'verify_signature': True,
                             'verify_exp': True,
                             'require_exp': True},
                    leeway=const.JWT_VALIDATION_LEEWAY)
                # NOTE(sslipushenko) If at least one key is valid, let
                # the validation pass
                return token_data
            except jwt.InvalidTokenError:
                pass

    # NOTE(sslipushenko) If all user's keys are not valid, the validation fails
    raise api_exc.ValidationError("Token is not valid")
Beispiel #4
0
def parse_input_params(expected_input_params):
    """Parse input parameters from request.

    :param expecred_params: (array) Expected input
                            params specified in constants.
    """
    raw_filters = _get_input_params_from_request(expected_input_params)
    filters = copy.deepcopy(raw_filters)
    date_fmt = CONF.api.input_date_format

    for key, value in filters.items():
        if key == const.START_DATE or key == const.END_DATE:
            try:
                filters[key] = timeutils.parse_strtime(value, date_fmt)
            except (ValueError, TypeError) as exc:
                raise api_exc.ParseInputsError(
                    'Invalid date format: %(exc)s' % {'exc': exc})

    start_date = filters.get(const.START_DATE)
    end_date = filters.get(const.END_DATE)
    if start_date and end_date:
        if start_date > end_date:
            raise api_exc.ParseInputsError(
                'Invalid dates: %(start)s more than %(end)s'
                '' % {'start': const.START_DATE, 'end': const.END_DATE})
    if const.SIGNED in filters:
        if is_authenticated():
            uid = get_user_id()
            filters[const.OPENID] = uid
            filters[const.USER_PUBKEYS] = [
                ' '.join((pk['format'], pk['pubkey']))
                for pk in db.get_user_pubkeys(uid)
            ]
        else:
            raise api_exc.ParseInputsError(
                'To see signed test results you need to authenticate')
    return filters
Beispiel #5
0
def get_user_public_keys():
    """Return public keys for authenticated user."""
    return db.get_user_pubkeys(get_user_id())
Beispiel #6
0
def get_user_public_keys():
    """Return public keys for authenticated user."""
    return db.get_user_pubkeys(get_user_id())