Ejemplo n.º 1
0
    def test_authenticated_userid_does_not_proxy_if_no_forwarded_user(
            self, pyramid_request, BasicAuthAuthenticationPolicy):
        auth_policy = AuthClientPolicy()
        auth_policy.authenticated_userid(pyramid_request)

        assert BasicAuthAuthenticationPolicy.return_value.unauthenticated_userid.call_count == 0
        assert BasicAuthAuthenticationPolicy.return_value.callback.call_count == 0
Ejemplo n.º 2
0
    def test_effective_principals_proxies_to_basic_auth(
            self, pyramid_request, check, BasicAuthAuthenticationPolicy):
        auth_policy = AuthClientPolicy()
        auth_policy.effective_principals(pyramid_request)

        BasicAuthAuthenticationPolicy.return_value.effective_principals.assert_called_once_with(
            pyramid_request)
Ejemplo n.º 3
0
    def test_check_proxies_to_verify_auth_client(self, pyramid_request,
                                                 verify_auth_client):
        AuthClientPolicy.check("someusername", "somepassword", pyramid_request)

        verify_auth_client.assert_called_once_with("someusername",
                                                   "somepassword",
                                                   pyramid_request.db)
Ejemplo n.º 4
0
    def test_check_proxies_to_verify_auth_client(
        self, pyramid_request, verify_auth_client
    ):
        AuthClientPolicy.check("someusername", "somepassword", pyramid_request)

        verify_auth_client.assert_called_once_with(
            "someusername", "somepassword", pyramid_request.db
        )
Ejemplo n.º 5
0
    def test_unauthenticated_userid_doesnt_proxy_to_basic_auth_if_forwarded_user(
            self, pyramid_request, BasicAuthAuthenticationPolicy):
        pyramid_request.headers['X-Forwarded-User'] = '******'
        auth_policy = AuthClientPolicy()

        auth_policy.unauthenticated_userid(pyramid_request)

        assert BasicAuthAuthenticationPolicy.return_value.unauthenticated_userid.call_count == 0
Ejemplo n.º 6
0
    def test_effective_principals_returns_only_Everyone_if_callback_returns_None(
            self, pyramid_request, check):
        check.return_value = None
        policy = AuthClientPolicy(check=check)

        principals = policy.effective_principals(pyramid_request)

        assert principals == ["system.Everyone"]
Ejemplo n.º 7
0
    def test_check_doesnt_proxy_to_principals_for_auth_client_if_forwarded_user(
            self, user_service, pyramid_request, verify_auth_client,
            principals_for_auth_client):
        pyramid_request.headers['X-Forwarded-User'] = '******'

        AuthClientPolicy.check('someusername', 'somepassword', pyramid_request)

        assert principals_for_auth_client.call_count == 0
Ejemplo n.º 8
0
    def test_unauthenticated_userid_proxies_to_basic_auth_if_no_forwarded_user(
            self, pyramid_request, BasicAuthAuthenticationPolicy):
        auth_policy = AuthClientPolicy()
        unauth_id = auth_policy.unauthenticated_userid(pyramid_request)

        BasicAuthAuthenticationPolicy.return_value.unauthenticated_userid.assert_called_once_with(
            pyramid_request)
        assert unauth_id == BasicAuthAuthenticationPolicy.return_value.unauthenticated_userid.return_value
Ejemplo n.º 9
0
    def test_effective_principals_returns_only_Everyone_if_callback_returns_None(
        self, pyramid_request, check
    ):
        check.return_value = None
        policy = AuthClientPolicy(check=check)

        principals = policy.effective_principals(pyramid_request)

        assert principals == ["system.Everyone"]
Ejemplo n.º 10
0
    def test_check_fetches_user_if_forwarded_user(
        self, pyramid_request, verify_auth_client, user_service
    ):

        pyramid_request.headers["X-Forwarded-User"] = "******"

        AuthClientPolicy.check("someusername", "somepassword", pyramid_request)

        user_service.fetch.assert_called_once_with("acct:[email protected]")
Ejemplo n.º 11
0
    def test_check_fetches_user_if_forwarded_user(self, pyramid_request,
                                                  verify_auth_client,
                                                  user_service):

        pyramid_request.headers["X-Forwarded-User"] = "******"

        AuthClientPolicy.check("someusername", "somepassword", pyramid_request)

        user_service.fetch.assert_called_once_with("acct:[email protected]")
Ejemplo n.º 12
0
    def test_effective_principals_returns_list_containing_callback_return_value(
            self, pyramid_request, check):
        check.return_value = ["foople", "blueberry"]
        policy = AuthClientPolicy(check=check)

        principals = policy.effective_principals(pyramid_request)

        assert "foople" in principals
        assert "blueberry" in principals
Ejemplo n.º 13
0
    def test_check_fetches_user_if_forwarded_user(self, pyramid_request,
                                                  verify_auth_client,
                                                  user_service):

        pyramid_request.headers['X-Forwarded-User'] = '******'

        AuthClientPolicy.check('someusername', 'somepassword', pyramid_request)

        user_service.fetch.assert_called_once_with('acct:[email protected]')
Ejemplo n.º 14
0
    def test_effective_principals_proxies_to_basic_auth(
        self, pyramid_request, check, BasicAuthAuthenticationPolicy
    ):
        auth_policy = AuthClientPolicy()
        auth_policy.effective_principals(pyramid_request)

        BasicAuthAuthenticationPolicy.return_value.effective_principals.assert_called_once_with(
            pyramid_request
        )
Ejemplo n.º 15
0
    def test_effective_principals_returns_list_containing_callback_return_value(
        self, pyramid_request, check
    ):
        check.return_value = ["foople", "blueberry"]
        policy = AuthClientPolicy(check=check)

        principals = policy.effective_principals(pyramid_request)

        assert "foople" in principals
        assert "blueberry" in principals
Ejemplo n.º 16
0
    def test_authenticated_userid_returns_None_if_callback_not_OK(
            self, check, pyramid_request):
        check.return_value = None
        policy = AuthClientPolicy(check=check)

        pyramid_request.headers["X-Forwarded-User"] = "******"

        userid = policy.authenticated_userid(pyramid_request)

        assert userid is None
Ejemplo n.º 17
0
    def test_authenticated_userid_proxies_to_basic_auth_policy_if_forwarded_user(
            self, pyramid_request, BasicAuthAuthenticationPolicy):
        pyramid_request.headers['X-Forwarded-User'] = '******'
        auth_policy = AuthClientPolicy()
        auth_policy.authenticated_userid(pyramid_request)

        BasicAuthAuthenticationPolicy.return_value.unauthenticated_userid.assert_called_once_with(
            pyramid_request)
        BasicAuthAuthenticationPolicy.return_value.callback.assert_called_once_with(
            BasicAuthAuthenticationPolicy.return_value.unauthenticated_userid.
            return_value, pyramid_request)
Ejemplo n.º 18
0
    def test_authenticated_userid_does_not_proxy_if_no_forwarded_user(
        self, pyramid_request, BasicAuthAuthenticationPolicy
    ):
        auth_policy = AuthClientPolicy()
        auth_policy.authenticated_userid(pyramid_request)

        assert (
            BasicAuthAuthenticationPolicy.return_value.unauthenticated_userid.call_count
            == 0
        )
        assert BasicAuthAuthenticationPolicy.return_value.callback.call_count == 0
Ejemplo n.º 19
0
    def test_authenticated_userid_returns_None_if_callback_not_OK(
        self, check, pyramid_request
    ):
        check.return_value = None
        policy = AuthClientPolicy(check=check)

        pyramid_request.headers["X-Forwarded-User"] = "******"

        userid = policy.authenticated_userid(pyramid_request)

        assert userid is None
Ejemplo n.º 20
0
    def test_check_doesnt_proxy_to_principals_for_auth_client_if_forwarded_user(
        self,
        user_service,
        pyramid_request,
        verify_auth_client,
        principals_for_auth_client,
    ):
        pyramid_request.headers["X-Forwarded-User"] = "******"

        AuthClientPolicy.check("someusername", "somepassword", pyramid_request)

        assert principals_for_auth_client.call_count == 0
Ejemplo n.º 21
0
    def test_unauthenticated_userid_doesnt_proxy_to_basic_auth_if_forwarded_user(
        self, pyramid_request, BasicAuthAuthenticationPolicy
    ):
        pyramid_request.headers["X-Forwarded-User"] = "******"
        auth_policy = AuthClientPolicy()

        auth_policy.unauthenticated_userid(pyramid_request)

        assert (
            BasicAuthAuthenticationPolicy.return_value.unauthenticated_userid.call_count
            == 0
        )
Ejemplo n.º 22
0
    def test_unauthenticated_userid_proxies_to_basic_auth_if_no_forwarded_user(
        self, pyramid_request, BasicAuthAuthenticationPolicy
    ):
        auth_policy = AuthClientPolicy()
        unauth_id = auth_policy.unauthenticated_userid(pyramid_request)

        BasicAuthAuthenticationPolicy.return_value.unauthenticated_userid.assert_called_once_with(
            pyramid_request
        )
        assert (
            unauth_id
            == BasicAuthAuthenticationPolicy.return_value.unauthenticated_userid.return_value
        )
Ejemplo n.º 23
0
    def test_authenticated_userid_proxies_to_basic_auth_policy_if_forwarded_user(
        self, pyramid_request, BasicAuthAuthenticationPolicy
    ):
        pyramid_request.headers["X-Forwarded-User"] = "******"
        auth_policy = AuthClientPolicy()
        auth_policy.authenticated_userid(pyramid_request)

        BasicAuthAuthenticationPolicy.return_value.unauthenticated_userid.assert_called_once_with(
            pyramid_request
        )
        BasicAuthAuthenticationPolicy.return_value.callback.assert_called_once_with(
            BasicAuthAuthenticationPolicy.return_value.unauthenticated_userid.return_value,
            pyramid_request,
        )
Ejemplo n.º 24
0
    def test_check_returns_None_if_verify_auth_client_fails(
            self, pyramid_request, verify_auth_client):
        verify_auth_client.return_value = None

        principals = AuthClientPolicy.check("someusername", "somepassword",
                                            pyramid_request)

        assert principals is None
    def test_it_instantiates_a_BasicAuthAuthenticationPolicy(
        self, BasicAuthAuthenticationPolicy
    ):
        AuthClientPolicy()

        BasicAuthAuthenticationPolicy.assert_called_once_with(
            check=AuthClientPolicy.check
        )
Ejemplo n.º 26
0
    def test_check_returns_None_if_fetch_forwarded_user_fails(
            self, pyramid_request, verify_auth_client, user_service):
        user_service.fetch.return_value = None
        pyramid_request.headers["X-Forwarded-User"] = "******"

        principals = AuthClientPolicy.check("someusername", "somepassword",
                                            pyramid_request)

        assert principals is None
Ejemplo n.º 27
0
    def test_check_returns_None_if_verify_auth_client_fails(
        self, pyramid_request, verify_auth_client
    ):
        verify_auth_client.return_value = None

        principals = AuthClientPolicy.check(
            "someusername", "somepassword", pyramid_request
        )

        assert principals is None
Ejemplo n.º 28
0
    def test_check_returns_None_if_user_fetch_raises_valueError(
            self, pyramid_request, verify_auth_client, user_service):

        pyramid_request.headers['X-Forwarded-User'] = '******'
        user_service.fetch.side_effect = ValueError('whoops')

        principals = AuthClientPolicy.check('someusername', 'somepassword',
                                            pyramid_request)

        assert principals is None
Ejemplo n.º 29
0
    def test_check_returns_None_if_user_fetch_raises_valueError(
            self, pyramid_request, verify_auth_client, user_service):

        pyramid_request.headers["X-Forwarded-User"] = "******"
        user_service.fetch.side_effect = ValueError("whoops")

        principals = AuthClientPolicy.check("someusername", "somepassword",
                                            pyramid_request)

        assert principals is None
Ejemplo n.º 30
0
    def test_check_proxies_to_principals_for_auth_client_if_no_forwarded_user(
            self, pyramid_request, verify_auth_client,
            principals_for_auth_client):

        principals = AuthClientPolicy.check("someusername", "somepassword",
                                            pyramid_request)

        assert principals == principals_for_auth_client.return_value
        principals_for_auth_client.assert_called_once_with(
            verify_auth_client.return_value)
Ejemplo n.º 31
0
    def test_check_returns_None_if_fetch_forwarded_user_fails(
        self, pyramid_request, verify_auth_client, user_service
    ):
        user_service.fetch.return_value = None
        pyramid_request.headers["X-Forwarded-User"] = "******"

        principals = AuthClientPolicy.check(
            "someusername", "somepassword", pyramid_request
        )

        assert principals is None
Ejemplo n.º 32
0
    def test_check_returns_None_if_userid_is_invalid(self, pyramid_request,
                                                     verify_auth_client,
                                                     user_service):
        pyramid_request.headers["X-Forwarded-User"] = "******"
        user_service.fetch.side_effect = InvalidUserId("badly_formatted")

        principals = AuthClientPolicy.check(mock.sentinel.username,
                                            mock.sentinel.password,
                                            pyramid_request)

        assert principals is None
Ejemplo n.º 33
0
    def test_check_returns_None_if_user_fetch_raises_valueError(
        self, pyramid_request, verify_auth_client, user_service
    ):

        pyramid_request.headers["X-Forwarded-User"] = "******"
        user_service.fetch.side_effect = ValueError("whoops")

        principals = AuthClientPolicy.check(
            "someusername", "somepassword", pyramid_request
        )

        assert principals is None
Ejemplo n.º 34
0
    def test_check_proxies_to_principals_for_auth_client_if_no_forwarded_user(
        self, pyramid_request, verify_auth_client, principals_for_auth_client
    ):

        principals = AuthClientPolicy.check(
            "someusername", "somepassword", pyramid_request
        )

        assert principals == principals_for_auth_client.return_value
        principals_for_auth_client.assert_called_once_with(
            verify_auth_client.return_value
        )
Ejemplo n.º 35
0
    def test_check_returns_None_if_forwarded_user_authority_mismatch(
            self, pyramid_request, verify_auth_client, user_service,
            factories):
        mismatched_user = factories.User(authority="two.com")
        verify_auth_client.return_value = factories.ConfidentialAuthClient(
            authority="one.com")
        user_service.fetch.return_value = mismatched_user
        pyramid_request.headers["X-Forwarded-User"] = mismatched_user.userid

        principals = AuthClientPolicy.check("someusername", "somepassword",
                                            pyramid_request)

        assert principals is None
Ejemplo n.º 36
0
    def test_it_proxies_to_principals_for_user_if_fetch_forwarded_user_ok(
            self, pyramid_request, verify_auth_client, user_service, factories,
            principals_for_auth_client_user):
        matched_user = factories.User(authority="one.com")
        verify_auth_client.return_value = factories.ConfidentialAuthClient(
            authority="one.com")
        user_service.fetch.return_value = matched_user
        pyramid_request.headers['X-Forwarded-User'] = matched_user.userid

        principals = AuthClientPolicy.check('someusername', 'somepassword',
                                            pyramid_request)

        principals_for_auth_client_user.assert_called_once_with(
            matched_user, verify_auth_client.return_value)
        assert principals == principals_for_auth_client_user.return_value
Ejemplo n.º 37
0
    def test_check_returns_None_if_forwarded_user_authority_mismatch(
        self, pyramid_request, verify_auth_client, user_service, factories
    ):
        mismatched_user = factories.User(authority="two.com")
        verify_auth_client.return_value = factories.ConfidentialAuthClient(
            authority="one.com"
        )
        user_service.fetch.return_value = mismatched_user
        pyramid_request.headers["X-Forwarded-User"] = mismatched_user.userid

        principals = AuthClientPolicy.check(
            "someusername", "somepassword", pyramid_request
        )

        assert principals is None
Ejemplo n.º 38
0
    def test_it_proxies_to_principals_for_user_if_fetch_forwarded_user_ok(
        self,
        pyramid_request,
        verify_auth_client,
        user_service,
        factories,
        principals_for_auth_client_user,
    ):
        matched_user = factories.User(authority="one.com")
        verify_auth_client.return_value = factories.ConfidentialAuthClient(
            authority="one.com"
        )
        user_service.fetch.return_value = matched_user
        pyramid_request.headers["X-Forwarded-User"] = matched_user.userid

        principals = AuthClientPolicy.check(
            "someusername", "somepassword", pyramid_request
        )

        principals_for_auth_client_user.assert_called_once_with(
            matched_user, verify_auth_client.return_value
        )
        assert principals == principals_for_auth_client_user.return_value
Ejemplo n.º 39
0
from h.auth.util import default_authority, groupfinder
from h.security import derive_key

__all__ = (
    'DEFAULT_POLICY',
    'WEBSOCKET_POLICY',
)

log = logging.getLogger(__name__)

PROXY_POLICY = RemoteUserAuthenticationPolicy(
    environ_key='HTTP_X_FORWARDED_USER', callback=groupfinder)
TICKET_POLICY = pyramid_authsanity.AuthServicePolicy()

TOKEN_POLICY = TokenAuthenticationPolicy(callback=groupfinder)
AUTH_CLIENT_POLICY = AuthClientPolicy()

API_POLICY = APIAuthenticationPolicy(user_policy=TOKEN_POLICY,
                                     client_policy=AUTH_CLIENT_POLICY)

DEFAULT_POLICY = AuthenticationPolicy(api_policy=API_POLICY,
                                      fallback_policy=TICKET_POLICY)
WEBSOCKET_POLICY = TOKEN_POLICY


def includeme(config):
    global DEFAULT_POLICY
    global WEBSOCKET_POLICY

    # Set up authsanity
    settings = config.registry.settings
Ejemplo n.º 40
0
 def auth_policy(self, check):
     auth_policy = AuthClientPolicy(check=check)
     return auth_policy