def test_authentication_with_data_denied_srai(self):
yaml = YamlConfigurationFile()
self.assertIsNotNone(yaml)
yaml.load_from_text(
"""
brain:
security:
authentication:
classname: programy.security.authenticate.passthrough.PassThroughAuthenticationService
denied_srai: AUTHENTICATION_FAILED
""", ConsoleConfiguration(), ".")
brain_config = yaml.get_section("brain")
self.assertIsNotNone(brain_config)
services_config = yaml.get_section("security", brain_config)
self.assertIsNotNone(services_config)
service_config = BrainSecurityConfiguration("authentication")
service_config.load_config_section(yaml, services_config, ".")
self.assertEqual(
"programy.security.authenticate.passthrough.PassThroughAuthenticationService",
service_config.classname)
self.assertEqual("AUTHENTICATION_FAILED", service_config.denied_srai)
self.assertEqual(BrainSecurityConfiguration.DEFAULT_ACCESS_DENIED,
service_config.denied_text)
def test_authorisation_with_data_denied_text(self):
yaml = YamlConfigurationFile()
self.assertIsNotNone(yaml)
yaml.load_from_text(
"""
brain:
security:
authorisation:
classname: programy.security.authorise.passthrough.PassThroughAuthorisationService
denied_text: Authorisation Failed
""", ConsoleConfiguration(), ".")
brain_config = yaml.get_section("brain")
self.assertIsNotNone(brain_config)
services_config = yaml.get_section("security", brain_config)
self.assertIsNotNone(services_config)
service_config = BrainSecurityConfiguration("authorisation")
service_config.load_config_section(yaml, services_config, ".")
self.assertEqual(
"programy.security.authorise.passthrough.PassThroughAuthorisationService",
service_config.classname)
self.assertEqual("Authorisation Failed", service_config.denied_text)
self.assertIsNone(service_config.denied_srai)
class BrainSecuritiesConfiguration(BaseSectionConfigurationData):
def __init__(self):
BaseSectionConfigurationData.__init__(self, "security")
self._authorisation = None
self._authentication = None
@property
def authorisation(self):
return self._authorisation
@property
def authentication(self):
return self._authentication
def load_config_section(self, configuration_file, configuration, bot_root):
securities = configuration_file.get_section(self.section_name,
configuration)
if securities is not None:
self._authentication = BrainSecurityConfiguration("authentication")
self._authentication.load_config_section(configuration_file,
securities, bot_root)
self._authorisation = BrainSecurityConfiguration("authorisation")
self._authorisation.load_config_section(configuration_file,
securities, bot_root)
def load_config_section(self, configuration_file, configuration, bot_root):
securities = configuration_file.get_section(self.section_name,
configuration)
if securities is not None:
self._authentication = BrainSecurityConfiguration("authentication")
self._authentication.load_config_section(configuration_file,
securities, bot_root)
self._authorisation = BrainSecurityConfiguration("authorisation")
self._authorisation.load_config_section(configuration_file,
securities, bot_root)
def test_usersgroups(self):
service_config = BrainSecurityConfiguration("authorisation")
service_config._usergroups = os.path.dirname(
__file__) + os.sep + "test_usergroups.yaml"
service = BasicUserGroupAuthorisationService(service_config)
self.assertIsNotNone(service)
self.assertTrue(service.authorise("console", "root"))
self.assertFalse(service.authorise("console", "uber"))
with self.assertRaises(AuthorisationException):
service.authorise("anyone", "root")
def test_init(self):
service = ClientIdAuthenticationService(BrainSecurityConfiguration("authentication"))
self.assertIsNotNone(service)
self._client_context._userid = "console"
self.assertTrue(service.authenticate(self._client_context))
self._client_context._userid = "anyone"
self.assertFalse(service.authenticate(self._client_context))
def get_brain_config(self):
brain_config = BrainConfiguration()
brain_config.security._authorisation = BrainSecurityConfiguration(
"authorisation")
brain_config.security.authorisation._classname = "programy.security.authorise.usergroupsauthorisor.BasicUserGroupAuthorisationService"
brain_config.security.authorisation._denied_srai = "ACCESS_DENIED"
brain_config.security.authorisation._usergroups = "$BOT_ROOT/usergroups.yaml"
return brain_config
def test_authorise_success(self):
service = MockClientIdAuthenticationService(BrainSecurityConfiguration("authentication"))
service.should_authorised = True
self.assertTrue("console" in service.authorised)
self._client_context._userid = "console"
self.assertTrue(service.authenticate(self._client_context))
self.assertFalse("unknown" in service.authorised)
self._client_context._userid = "unknown"
self.assertTrue(service.authenticate(self._client_context))
self.assertTrue("unknown" in service.authorised)
def test_authenticator_with_empty_config(self):
client_context = ClientContext(TestClient(), "console")
client_context.bot = Bot(BotConfiguration())
client_context.bot.configuration.conversations._max_histories = 3
client_context.brain = client_context.bot.brain
service = Authenticator(BrainSecurityConfiguration("authentication"))
self.assertIsNotNone(service)
self.assertIsNotNone(service.configuration)
self.assertIsNone(service.get_default_denied_srai())
self.assertFalse(service.authenticate(client_context))
def load_configuration(self, arguments):
super(AuthoriseTestClient, self).load_configuration(arguments)
self.configuration.client_configuration.configurations[
0].configurations[0].files.aiml_files._files = [
os.path.dirname(__file__)
]
self.configuration.client_configuration.configurations[
0].configurations[
0].security._authorisation = BrainSecurityConfiguration(
"authorisation")
self.configuration.client_configuration.configurations[0].configurations[
0].security.authorisation._classname = "programy.security.authorise.usergroupsauthorisor.BasicUserGroupAuthorisationService"
self.configuration.client_configuration.configurations[
0].configurations[
0].security.authorisation._denied_srai = "ACCESS_DENIED"
self.configuration.client_configuration.configurations[
0].configurations[
0].security.authorisation._usergroups = os.path.dirname(
__file__) + os.sep + "usergroups.yaml"
def test_authoriser(self):
authoriser = Authoriser(BrainSecurityConfiguration("authorisation"))
self.assertIsNotNone(authoriser)
self.assertFalse(authoriser.authorise("console", "sysadmin"))
def load_configuration(self, arguments):
super(AuthenticateTestClient, self).load_configuration(arguments)
self.configuration.client_configuration.configurations[0].configurations[0].files.aiml_files._files = [os.path.dirname(__file__)]
self.configuration.client_configuration.configurations[0].configurations[0].security._authentication = BrainSecurityConfiguration("authentication")
self.configuration.client_configuration.configurations[0].configurations[0].security.authentication._classname = "programytest.aiml_tests.authenticate_tests.test_authenticate_aiml.MockAuthenticationService"
self.configuration.client_configuration.configurations[0].configurations[0].security.authentication._denied_srai = "AUTHENTICATED_FAILED"
def test_authorise_exception(self):
service = MockClientIdAuthenticationService(BrainSecurityConfiguration("authentication"))
service.should_authorised = True
service.raise_exception = True
self.assertFalse(service.authenticate(self._client_context._userid))
def test_authorise_failure(self):
service = MockClientIdAuthenticationService(BrainSecurityConfiguration("authentication"))
service.should_authorised = False
self.assertFalse("unknown" in service.authorised)
self.assertFalse(service.authenticate(self._client_context))
