def test_callback_galaxy_user_not_created_when_custos_authnz_token_exists(self): self.trans.set_cookie(value=self.test_state, name=custos_authnz.STATE_COOKIE_NAME) self.trans.set_cookie(value=self.test_nonce, name=custos_authnz.NONCE_COOKIE_NAME) old_access_token = "old-access-token" old_id_token = "old-id-token" old_refresh_token = "old-refresh-token" old_expiration_time = datetime.now() - timedelta(days=1) old_refresh_expiration_time = datetime.now() - timedelta(hours=3) existing_custos_authnz_token = CustosAuthnzToken( user=User(email=self.test_email, username=self.test_username), external_user_id=self.test_user_id, provider=self.custos_authnz.config['provider'], access_token=old_access_token, id_token=old_id_token, refresh_token=old_refresh_token, expiration_time=old_expiration_time, refresh_expiration_time=old_refresh_expiration_time, ) self.trans.sa_session._query.custos_authnz_token = existing_custos_authnz_token self.assertIsNotNone( self.trans.sa_session.query(CustosAuthnzToken) .filter_by(external_user_id=self.test_user_id, provider=self.custos_authnz.config['provider']) .one_or_none() ), self.assertEqual(0, len(self.trans.sa_session.items)) login_redirect_url, user = self.custos_authnz.callback( state_token="xxx", authz_code=self.test_code, trans=self.trans, login_redirect_url="http://localhost:8000/") self.assertTrue(self._fetch_token_called) self.assertTrue(self._get_userinfo_called) # Make sure query was called with correct parameters self.assertEqual(self.test_user_id, self.trans.sa_session._query.external_user_id) self.assertEqual(self.custos_authnz.config['provider'], self.trans.sa_session._query.provider) self.assertEqual(1, len(self.trans.sa_session.items), "Session has updated CustosAuthnzToken") session_custos_authnz_token = self.trans.sa_session.items[0] self.assertIsInstance(session_custos_authnz_token, CustosAuthnzToken) self.assertIs(existing_custos_authnz_token, session_custos_authnz_token, "existing CustosAuthnzToken should be updated") # Verify both that existing CustosAuthnzToken has the correct values and different values than before self.assertEqual(self.test_access_token, session_custos_authnz_token.access_token) self.assertNotEqual(old_access_token, session_custos_authnz_token.access_token) self.assertEqual(self.test_id_token, session_custos_authnz_token.id_token) self.assertNotEqual(old_id_token, session_custos_authnz_token.id_token) self.assertEqual(self.test_refresh_token, session_custos_authnz_token.refresh_token) self.assertNotEqual(old_refresh_token, session_custos_authnz_token.refresh_token) expected_expiration_time = datetime.now() + timedelta(seconds=self.test_expires_in) expiration_timedelta = expected_expiration_time - session_custos_authnz_token.expiration_time self.assertTrue(expiration_timedelta.total_seconds() < 1) self.assertNotEqual(old_expiration_time, session_custos_authnz_token.expiration_time) expected_refresh_expiration_time = datetime.now() + timedelta(seconds=self.test_refresh_expires_in) refresh_expiration_timedelta = expected_refresh_expiration_time - session_custos_authnz_token.refresh_expiration_time self.assertTrue(refresh_expiration_timedelta.total_seconds() < 1) self.assertNotEqual(old_refresh_expiration_time, session_custos_authnz_token.refresh_expiration_time) self.assertTrue(self.trans.sa_session.flush_called)
def test_disconnect_when_no_associated_provider(self): self.trans.user = User() success, message, redirect_uri = self.custos_authnz.disconnect( "Custos", self.trans, "/") self.assertEqual(0, len(self.trans.sa_session.deleted)) self.assertFalse(self.trans.sa_session.flush_called) self.assertFalse(success) self.assertNotEqual("", message) self.assertIsNone(redirect_uri)
def test_callback_verify_with_state_cookie(self): """Verify that state from cookie is passed to OAuth2Session constructor.""" self.trans.set_cookie(value=self.test_state, name=custos_authnz.STATE_COOKIE_NAME) self.trans.set_cookie(value=self.test_nonce, name=custos_authnz.NONCE_COOKIE_NAME) old_access_token = "old-access-token" old_id_token = "old-id-token" old_refresh_token = "old-refresh-token" old_expiration_time = datetime.now() - timedelta(days=1) old_refresh_expiration_time = datetime.now() - timedelta(hours=3) existing_custos_authnz_token = CustosAuthnzToken( user=User(email=self.test_email, username=self.test_username), external_user_id=self.test_user_id, provider=self.custos_authnz.config['provider'], access_token=old_access_token, id_token=old_id_token, refresh_token=old_refresh_token, expiration_time=old_expiration_time, refresh_expiration_time=old_refresh_expiration_time, ) self.trans.sa_session._query.custos_authnz_token = existing_custos_authnz_token self.assertIsNotNone( self.trans.sa_session.query(CustosAuthnzToken) .filter_by(external_user_id=self.test_user_id, provider=self.custos_authnz.config['provider']) .one_or_none() ) self.trans.sa_session._query.user = User(email=self.test_email, username=self.test_username) # Mock _create_oauth2_session to make sure it is created with cookie state token self.mock_create_oauth2_session(self.custos_authnz) # Intentionally passing a bad state_token to make sure that code under # test uses the state cookie instead when creating the OAuth2Session login_redirect_url, user = self.custos_authnz.callback( state_token="xxx", authz_code=self.test_code, trans=self.trans, login_redirect_url="http://localhost:8000/") self.assertTrue(self._create_oauth2_session_called) self.assertTrue(self._fetch_token_called) self.assertTrue(self._get_userinfo_called) self.assertEqual(login_redirect_url, "http://localhost:8000/") self.assertIsNotNone(user)
def filter_options(self, options, trans, other_values): rval = [] filter_value = self.value try: filter_value = User.expand_user_properties(trans.user, filter_value) except Exception: pass for fields in options: if (self.keep and fields[self.column] == filter_value) or (not self.keep and fields[self.column] != filter_value): rval.append(fields) return rval
def filter_options(self, options, trans, other_values): rval = [] filter_value = self.value try: filter_value = User.expand_user_properties(trans.user, filter_value) except Exception: pass for fields in options: if self.keep == (filter_value == fields[self.column]): rval.append(fields) return rval
def filter_options(self, options, trans, other_values): rval = [] filter_value = self.value try: filter_value = User.expand_user_properties(trans.user, filter_value) except Exception: pass filter_pattern = re.compile(filter_value) for fields in options: if self.keep == (not filter_pattern.match(fields[self.column]) is None): rval.append(fields) return rval
def _setup_mapping_and_user(): with TestConfig(DISK_TEST_CONFIG) as (test_config, object_store): # Start the database and connect the mapping model = mapping.init("/tmp", "sqlite:///:memory:", create_tables=True, object_store=object_store, slow_query_log_threshold=SLOW_QUERY_LOG_THRESHOLD, thread_local_log=THREAD_LOCAL_LOG) u = User(email="*****@*****.**", password="******") h1 = History(name="HistoryCopyHistory1", user=u) model.context.add_all([u, h1]) model.context.flush() yield test_config, object_store, model, h1
def setUp(self): self.setup_app() job = Job() job.id = 345 job.tool_id = TEST_TOOL_ID job.user = User() self.model_objects = {Job: {345: job}} self.app.model.context = MockContext(self.model_objects) self.app.toolbox = MockToolbox(MockTool(self)) self.working_directory = os.path.join(self.test_directory, "working") self.app.object_store = MockObjectStore(self.working_directory) self.queue = MockJobQueue(self.app) self.job = job
def test_callback_nonce_validation_with_bad_nonce(self): self.trans.set_cookie(value=self.test_state, name=custos_authnz.STATE_COOKIE_NAME) self.trans.set_cookie(value=self.test_nonce, name=custos_authnz.NONCE_COOKIE_NAME) self.trans.sa_session._query.user = User(email=self.test_email, username=self.test_username) # Intentionally create a bad nonce self.test_nonce_hash = self.test_nonce_hash + "Z" # self.custos_authnz._fetch_token = fetch_token with self.assertRaises(Exception): self.custos_authnz.callback(state_token="xxx", authz_code=self.test_code, trans=self.trans, login_redirect_url="http://localhost:8000/") self.assertTrue(self._fetch_token_called) self.assertFalse(self._get_userinfo_called)
def test_callback_verify_with_state_cookie(self): """Verify that state from cookie is passed to OAuth2Session constructor.""" self.trans.set_cookie(value=self.test_state, name=custos_authnz.STATE_COOKIE_NAME) self.trans.set_cookie(value=self.test_nonce, name=custos_authnz.NONCE_COOKIE_NAME) self.trans.sa_session._query.user = User(email=self.test_email, username=self.test_username) # Mock _create_oauth2_session to make sure it is created with cookie state token self.mock_create_oauth2_session(self.custos_authnz) # Intentionally passing a bad state_token to make sure that code under # test uses the state cookie instead when creating the OAuth2Session login_redirect_url, user = self.custos_authnz.callback( state_token="xxx", authz_code=self.test_code, trans=self.trans, login_redirect_url="http://localhost:8000/") self.assertTrue(self._create_oauth2_session_called) self.assertTrue(self._fetch_token_called) self.assertTrue(self._get_userinfo_called) self.assertEqual(login_redirect_url, "http://localhost:8000/") self.assertIsNotNone(user)
def test_disconnect_when_more_than_one_associated_token_for_provider(self): self.trans.user = User(email=self.test_email, username=self.test_username) custos_authnz_token1 = CustosAuthnzToken( user=self.trans.user, external_user_id=self.test_user_id + "1", provider=self.custos_authnz.config['provider'], access_token=self.test_access_token, id_token=self.test_id_token, refresh_token=self.test_refresh_token, expiration_time=datetime.now() + timedelta(seconds=self.test_refresh_expires_in), refresh_expiration_time=datetime.now() + timedelta(seconds=self.test_refresh_expires_in), ) custos_authnz_token2 = CustosAuthnzToken( user=self.trans.user, external_user_id=self.test_user_id + "2", provider=self.custos_authnz.config['provider'], access_token=self.test_access_token, id_token=self.test_id_token, refresh_token=self.test_refresh_token, expiration_time=datetime.now() + timedelta(seconds=self.test_refresh_expires_in), refresh_expiration_time=datetime.now() + timedelta(seconds=self.test_refresh_expires_in), ) self.trans.user.custos_auth = [ custos_authnz_token1, custos_authnz_token2 ] success, message, redirect_uri = self.custos_authnz.disconnect( "Custos", self.trans, "/") self.assertEqual(0, len(self.trans.sa_session.deleted)) self.assertFalse(self.trans.sa_session.flush_called) self.assertFalse(success) self.assertNotEqual("", message) self.assertIsNone(redirect_uri)
def test_localdb(): user = User(email='testmail', username='******') user.set_password_cleartext('test123') t = LocalDB() reject = t.authenticate_user(user, 'wrong', {'redact_username_in_logs': False}) accept = t.authenticate_user(user, 'test123', {'redact_username_in_logs': False}) assert reject is False assert accept is True # Password must conform to policy (length etc) try: user.set_password_cleartext('test') except Exception: pass else: raise Exception("Password policy validation failed")
def test_disconnect(self): custos_authnz_token = CustosAuthnzToken( user=User(email=self.test_email, username=self.test_username), external_user_id=self.test_user_id, provider=self.custos_authnz.config['provider'], access_token=self.test_access_token, id_token=self.test_id_token, refresh_token=self.test_refresh_token, expiration_time=datetime.now() + timedelta(seconds=self.test_refresh_expires_in), refresh_expiration_time=datetime.now() + timedelta(seconds=self.test_refresh_expires_in), ) self.trans.user = custos_authnz_token.user self.trans.user.custos_auth = [custos_authnz_token] success, message, redirect_uri = self.custos_authnz.disconnect("Custos", self.trans, "/") self.assertEqual(1, len(self.trans.sa_session.deleted)) deleted_token = self.trans.sa_session.deleted[0] self.assertIs(custos_authnz_token, deleted_token) self.assertTrue(self.trans.sa_session.flush_called) self.assertTrue(success) self.assertEqual("", message) self.assertEqual("/", redirect_uri)
def _create_user(self, sa_session, username, email): user = User(email=email, username=username) user.set_random_password() sa_session.add(user) sa_session.flush() return user