def setUp(self):
self.obj1 = login.views.Logoff()
self.obj2 = login.views.Logoff()
self.permission = KSMP_Permission()
self.zhangsan = self.permission.set_permission('zhangsan')
self.lisi = self.permission.set_permission('lisi')
class TestLogoffView(TestCase):
def setUp(self):
self.obj1 = login.views.Logoff()
self.obj2 = login.views.Logoff()
self.permission = KSMP_Permission()
self.zhangsan = self.permission.set_permission('zhangsan')
self.lisi = self.permission.set_permission('lisi')
def tearDown(self):
session.permission.AuthList = {}
def test_post(self):
# ksmp_permission_method.return_value = MagicMock(get_permission=lambda auth: auth)
# first case
request = MagicMock(
COOKIES={settings.SESSION_COOKIE_NAME: self.zhangsan})
response = self.obj1.post(request)
self.assertEquals(response.status_code, status.HTTP_200_OK)
self.assertEquals(response.data, 'logout success.')
# second case
request = MagicMock(COOKIES={})
response = self.obj1.post(request)
self.assertEquals(response.data, 'never login.')
self.assertEquals(response.status_code, status.HTTP_200_OK)
# third case
request = MagicMock(
COOKIES={settings.SESSION_COOKIE_NAME: 'fneiwapure'})
response = self.obj1.post(request)
self.assertTrue(response.status_code, status.HTTP_200_OK)
self.assertEquals(response.data, 'logout success.')
def exists(self, session_key):
'''
judge whether a session_key is existed
:param: session_key is string with hex code
:return: boolean
'''
pms = KSMP_Permission()
authlist = pms.get_all_auth()
return pms.get_permission(session_key) in authlist
def delete(self, session_key=None):
'''
delete session_key form AuthList
'''
if session_key is None:
if self.session_key is None:
return
session_key = self.session_key
permission = KSMP_Permission()
permission.delete_auth(permission.get_permission(session_key))
def save(self, must_create=False):
'''
update authcode expire time and save to AuthList
'''
current_time = time.time()
if self.session_key is None:
return
permission = KSMP_Permission()
# AuthList = permission.get_all_auth()
auth = permission.get_permission(self.session_key)
permission.save_to_auth(auth, current_time)
def load(self):
'''
load all AuthCode from service
'''
ksmpcrypt = KSMP_Permission()
authlist = ksmpcrypt.get_all_auth()
key = self.session_key
token = ksmpcrypt.get_permission(key)
if token in authlist:
return token
self.create()
return {}
def clear_expired(cls):
'''
delete expired authcode from AuthList
'''
EXPIRE_TIME = settings.SESSION_COOKIE_AGE
ksmpcrypt = KSMP_Permission()
authlist = ksmpcrypt.get_all_auth()
items = []
for item in authlist:
if (time.time() - authlist[item]) > EXPIRE_TIME:
items.append(item)
for item in items:
try:
del authlist[item]
except KeyError:
pass
def post(self, request, format=None):
'''
post method for logined users' logoff
'''
try:
auth = request.COOKIES[settings.SESSION_COOKIE_NAME]
except KeyError:
return Response(data="never login.", status=status.HTTP_200_OK)
permission = KSMP_Permission()
try:
pms = permission.get_permission(auth)
except TypeError:
pms = None
if pms:
try:
permission.delete_auth(pms)
except Exception as e:
return Response(data="logout fail.", status=status.HTTP_500_INTERNAL_SERVER_ERROR)
return Response(data="logout success.", status=status.HTTP_200_OK)
def deleteExpireAuth(session_key, current_time):
'''
delete auths over time
'''
permission = KSMP_Permission()
pms = permission.get_permission(session_key)
authlist = permission.get_all_auth()
# delete all empire auth
session_empiry_time = settings.SESSION_COOKIE_AGE
items = []
for item in authlist:
if (current_time - authlist[item]) > session_empiry_time:
items.append(item)
for i in range(len(items)):
permission.delete_auth(items[i])
def process_request(self, request):
'''
process the request object from upper middleware
the request with valid authcode will be allowed to access resource,
if without valid authcode, but with valid username and password will be allowed,
otherwise access will be denied.
'''
request.isPermissioned = True
session_key = request.COOKIES.get(settings.SESSION_COOKIE_NAME, None)
current_time = time.time()
# delete expire auth
deleteExpireAuth(session_key, current_time)
# fetch new auth
permission = KSMP_Permission()
pms = permission.get_permission(session_key)
authlist = permission.get_all_auth()
data = {}
urls = [
'/login/validatecode/', '/monitor/cpu/load/', '/monitor/mem/',
'/resources/psnetinfo/', '/monitor/disk/io/'
]
if pms in authlist:
permission.save_to_auth(pms, current_time)
elif letpass(urls, request.path):
pass
else:
if request.method == "GET":
data = request.GET.copy()
elif request.method == "POST":
data = request.POST
try:
username = data['username']
password = data['password']
except KeyError:
request.session.flush()
raise PermissionDenied
else:
username = functions.unicorn_decrypt(username)
password = functions.unicorn_decrypt(password)
if not isrootuser(username):
request.isPermissioned = False
raise PermissionDenied
# try_choices = request.COOKIES.get(settings.TRY_TIMES
# check whether is existed or not.
logger.debug(username)
if not userStatus.isUserExist(username):
userStatus.initUserStatus(username)
logger.debug(username + 'check exist')
# check whether username is locked
# check access_time is over age. if both yes, raise denied
if userStatus.isUserLocked(username):
# request.isLocked = True
# check whether lock is over age.
logger.debug(username + 'check locked')
lastAccessTime = userStatus.getLastAccessTime(username)
if lastAccessTime and (current_time - float(lastAccessTime)
< settings.LOCKEDAGE):
request.isPermissioned = False
# request.isLocked = True
raise PermissionDenied
# check username and password. if right, get permissed and reset username's status
if isvalidpassword(username, password):
authcode = permission.set_permission(username)
request.session._session_key = authcode
userStatus.initUserStatus(username)
# raise deny. update access_time and try_times++
else:
request.isPermissioned = False
logger.debug(username + 'update status')
userStatus.updateUserStatus(username=username,
access_time=current_time)
raise PermissionDenied