def test_api_check_raise_on_invalid_cookie(self): """Test raise if there's an invalid session cookie.""" testreq = get_request_with_fernet() _, testreq.cookies['S3BROW_SESSION'] = generate_cookie(testreq) testreq.app['Sessions'] = [] with self.assertRaises(HTTPUnauthorized): api_check(testreq)
def test_decrypt_cookie(self): """Test that the cookie decrypt function works.""" testreq = get_request_with_fernet() # Generate cookie is tested separately, it can be used for testing the # rest of the functions without mockups cookie, testreq.cookies['S3BROW_SESSION'] = generate_cookie(testreq) self.assertEqual(cookie, decrypt_cookie(testreq))
def test_session_check_invtoken(self): """Test session check raise 401 on a stale cookie.""" req = get_request_with_fernet() _, req.cookies['S3BROW_SESSION'] = generate_cookie(req) req.app['Crypt'] = cryptography.fernet.Fernet( cryptography.fernet.Fernet.generate_key()) with self.assertRaises(HTTPUnauthorized): session_check(req)
def test_api_check_raise_on_invalid_fernet(self): """Test raise if the cryptographic key has changed.""" testreq = get_request_with_fernet() _, testreq.cookies['S3BROW_SESSION'] = generate_cookie(testreq) testreq.app['Crypt'] = cryptography.fernet.Fernet( cryptography.fernet.Fernet.generate_key()) with self.assertRaises(HTTPUnauthorized): api_check(testreq)
def test_session_check_nosession(self): """ Test session check function raise 401 on invalid session cookie. (i.e. it cannot be found in the open session list) """ req = get_request_with_fernet() _, req.cookies['S3BROW_SESSION'] = generate_cookie(req) req.app['Sessions'] = [] with self.assertRaises(HTTPUnauthorized): session_check(req)
def test_check_csrf_no_referer(self): """Test check_csrf when no Referer header is present.""" with unittest.mock.patch( "swift_browser_ui._convenience.setd", new={ "auth_endpoint_url": "http://example-auth.exampleosep.com:5001/v3" }): testreq = get_request_with_fernet() cookie, _ = generate_cookie(testreq) cookie = add_csrf_to_cookie(cookie, testreq) encrypt_cookie(cookie, testreq) self.assertTrue(check_csrf(testreq))
def test_api_check_raise_on_no_avail(self): """Test raise if the availability wasn't checked before an API call.""" testreq = get_request_with_fernet() cookie, _ = generate_cookie(testreq) testreq.cookies['S3BROW_SESSION'] = \ get_full_crypted_session_cookie(cookie, testreq.app) session = cookie["id"] testreq.app['Creds'][session] = {} testreq.app['Sessions'] = [session] testreq.app['Creds'][session]['ST_conn'] = "placeholder" testreq.app['Creds'][session]['OS_sess'] = "placeholder" with self.assertRaises(HTTPUnauthorized): api_check(testreq)
def test_api_check_raise_on_no_session(self): """Test raise if there's no established OS session on an API call.""" testreq = get_request_with_fernet() cookie, _ = generate_cookie(testreq) testreq.cookies['S3BROW_SESSION'] = \ get_full_crypted_session_cookie(cookie, testreq.app) session = cookie["id"] testreq.app['Sessions'] = [session] testreq.app['Creds'][session] = {} testreq.app['Creds'][session]['ST_conn'] = "placeholder" testreq.app['Creds'][session]['Avail'] = "placeholder" with self.assertRaises(HTTPUnauthorized): api_check(testreq)
def test_session_check_correct(self): """ Test that the ordinary session check function result is True. Test condition when the request is formed correctly. """ req = get_request_with_fernet() cookie, _ = generate_cookie(req) req.cookies['S3BROW_SESSION'] = \ get_full_crypted_session_cookie(cookie, req.app) req.app['Sessions'].append(cookie["id"]) self.assertTrue(session_check(req) is None)
def test_check_csrf_correct_referer(self): """Test check_csrf when the session is valid.""" with unittest.mock.patch( "swift_browser_ui._convenience.setd", new={ "auth_endpoint_url": "http://example-auth.exampleosep.com:5001/v3" }): testreq = get_request_with_fernet() cookie, _ = generate_cookie(testreq) cookie = add_csrf_to_cookie(cookie, testreq) encrypt_cookie(cookie, testreq) testreq.headers["Referer"] = "http://localhost:8080" self.assertTrue(check_csrf(testreq))
def test_check_csrf_os_skip(self): """Test check_csrf when skipping referer from OS.""" with unittest.mock.patch( "swift_browser_ui._convenience.setd", new={ "auth_endpoint_url": "http://example-auth.exampleosep.com:5001/v3" }): testreq = get_request_with_fernet() cookie, _ = generate_cookie(testreq) cookie = add_csrf_to_cookie(cookie, testreq) encrypt_cookie(cookie, testreq) testreq.headers["Referer"] = "http://example-auth.exampleosep.com" self.assertTrue(check_csrf(testreq))
def test_api_check_success(self): """Test that the api_check function runs with correct input.""" testreq = get_request_with_fernet() cookie, _ = generate_cookie(testreq) testreq.cookies['S3BROW_SESSION'] = \ get_full_crypted_session_cookie(cookie, testreq.app) session = cookie["id"] testreq.app['Sessions'] = [session] testreq.app['Creds'][session] = {} testreq.app['Creds'][session]['Avail'] = "placeholder" testreq.app['Creds'][session]['OS_sess'] = "placeholder" testreq.app['Creds'][session]['ST_conn'] = "placeholder" ret = api_check(testreq) self.assertEqual(ret, cookie["id"])
def test_check_csrf_incorrect_signature(self): """Test check_csrf when signature doesn't match.""" with unittest.mock.patch( "swift_browser_ui._convenience.setd", new={ "auth_endpoint_url": "http://example-auth.exampleosep.com:5001/v3" }): testreq = get_request_with_fernet() cookie, _ = generate_cookie(testreq) cookie = add_csrf_to_cookie(cookie, testreq, bad_sign=True) encrypt_cookie(cookie, testreq) testreq.headers["Referer"] = "http://localhost:8080" with self.assertRaises(HTTPForbidden): check_csrf(testreq)
def get_request_with_mock_openstack(): """Create a request with a openstack mock-up service & session.""" ret = get_request_with_fernet() cookie, _ = generate_cookie(ret) cookie["referer"] = "http://localhost:8080" cookie["signature"] = (hashlib.sha256( (cookie["id"] + cookie["referer"] + ret.app["Salt"]).encode('utf-8'))).hexdigest() session = cookie["id"] ret.cookies["S3BROW_SESSION"] = ret.app["Crypt"].encrypt( json.dumps(cookie).encode('utf-8')).decode('utf-8') ret.app['Sessions'].append(session) ret.app['Creds'][session] = {} ret.app['Creds'][session]['OS_sess'] = Mock_Session() ret.app['Creds'][session]['ST_conn'] = Mock_Service() ret.app['Creds'][session]['Avail'] = { "projects": ['test-project-1', 'test-project-2'], "domains": ['default'] } return session, ret
def get_request_with_mock_openstack(): """Create a request with a openstack mock-up service & session.""" ret = get_request_with_fernet() cookie, _ = generate_cookie(ret) cookie["referer"] = "http://localhost:8080" cookie["signature"] = (hashlib.sha256( (cookie["id"] + cookie["referer"] + ret.app["Salt"]).encode("utf-8"))).hexdigest() session = cookie["id"] ret.cookies["S3BROW_SESSION"] = (ret.app["Crypt"].encrypt( json.dumps(cookie).encode("utf-8")).decode("utf-8")) ret.app["Sessions"][session] = {} ret.app["Sessions"][session]["OS_sess"] = Mock_Session() ret.app["Sessions"][session]["ST_conn"] = Mock_Service() ret.app["Sessions"][session]["Avail"] = { "projects": ["test-project-1", "test-project-2"], "domains": ["default"], } cur_time = time.time() ret.app["Sessions"][session]["last_used"] = cur_time ret.app["Sessions"][session]["max_lifetime"] = cur_time + 28800 return session, ret
def test_generate_cookie(self): """Test that the cookie generation works.""" testreq = get_request_with_fernet() self.assertTrue(generate_cookie(testreq) is not None)