Ejemplo n.º 1
0
    def test_check_active_true(self):
        auth = OAuthAuthentication()

        # No username/api_key details should fail.
        self.request.REQUEST = self.request.GET = {
            'oauth_consumer_key': '123',
            'oauth_nonce': 'abc',
            'oauth_signature': '&',
            'oauth_signature_method': 'PLAINTEXT',
            'oauth_timestamp': str(int(time.time())),
            'oauth_token': 'bar',
        }
        self.request.META['Authorization'] = 'OAuth ' + ','.join([key+'='+value for key, value in self.request.REQUEST.items()])
        resp = auth.is_authenticated(self.request)
        self.assertFalse(resp)
Ejemplo n.º 2
0
    def test_check_active_true(self):
        auth = OAuthAuthentication()

        # No username/api_key details should fail.
        self.request.REQUEST = self.request.GET = {
            'oauth_consumer_key': '123',
            'oauth_nonce': 'abc',
            'oauth_signature': '&',
            'oauth_signature_method': 'PLAINTEXT',
            'oauth_timestamp': str(int(time.time())),
            'oauth_token': 'bar',
        }
        self.request.META['Authorization'] = 'OAuth ' + ','.join([key+'='+value for key, value in self.request.REQUEST.items()])
        resp = auth.is_authenticated(self.request)
        self.assertFalse(resp)
Ejemplo n.º 3
0
    def test_is_authenticated(self):
        from oauth_provider.models import Consumer, Token, Resource
        auth = OAuthAuthentication()
        request = HttpRequest()
        request.META['SERVER_NAME'] = 'testsuite'
        request.META['SERVER_PORT'] = '8080'
        request.REQUEST = request.GET = {}
        request.method = "GET"

        # Invalid request.
        resp = auth.is_authenticated(request)
        self.assertEqual(resp.status_code, 401)

        # No username/api_key details should fail.
        request.REQUEST = request.GET = {
            'oauth_consumer_key': '123',
            'oauth_nonce': 'abc',
            'oauth_signature': '&',
            'oauth_signature_method': 'PLAINTEXT',
            'oauth_timestamp': str(int(time.time())),
            'oauth_token': 'foo',
        }
        user = User.objects.create_user('daniel', '*****@*****.**',
                                        'password')
        request.META['Authorization'] = 'OAuth ' + ','.join(
            [key + '=' + value for key, value in request.REQUEST.items()])
        resource, _ = Resource.objects.get_or_create(
            url='test', defaults={'name': 'Test Resource'})
        consumer, _ = Consumer.objects.get_or_create(key='123',
                                                     defaults={
                                                         'name':
                                                         'Test',
                                                         'description':
                                                         'Testing...'
                                                     })
        token, _ = Token.objects.get_or_create(key='foo',
                                               token_type=Token.ACCESS,
                                               defaults={
                                                   'consumer': consumer,
                                                   'resource': resource,
                                                   'secret': '',
                                                   'user': user,
                                               })
        resp = auth.is_authenticated(request)
        self.assertEqual(resp, True)
        self.assertEqual(request.user.pk, user.pk)
Ejemplo n.º 4
0
    def test_check_active_true(self):
        auth = OAuthAuthentication()

        # No username/api_key details should fail.
        self.request.REQUEST = self.request.GET = {
            "oauth_consumer_key": "123",
            "oauth_nonce": "abc",
            "oauth_signature": "&",
            "oauth_signature_method": "PLAINTEXT",
            "oauth_timestamp": str(int(time.time())),
            "oauth_token": "bar",
        }
        self.request.META["Authorization"] = "OAuth " + ",".join(
            [key + "=" + value for key, value in self.request.REQUEST.items()]
        )
        resp = auth.is_authenticated(self.request)
        self.assertFalse(resp)
Ejemplo n.º 5
0
 class Meta:
     queryset = User.objects.all()
     resource_name = 'users'
     excludes = [
         'email', 'password', 'is_active', 'is_staff', 'is_superuser'
     ]
     authentication = OAuthAuthentication()
     authorization = DjangoAuthorization()
Ejemplo n.º 6
0
class MultiAuthentication(object):
    """
    A custom authentication backend that supports anonymous access, OAuth authentication, and API key authentication.
    """
    def __init__(self, **kwargs):
        super(MultiAuthentication, self).__init__(**kwargs)
        self.ApiKeyBackend = ApiKeyAuthentication()
        self.OAuthBackend = OAuthAuthentication()

    def is_authenticated(self, request, **kwargs):
        """
        Identifies if the user is authenticated to continue or not.

        Should return either ``True`` if allowed, ``False`` if not or an
        ``HttpResponse`` if you need something custom.
        """
        
        if self.ApiKeyBackend.is_valid_request(request):
            check = self.ApiKeyBackend.is_authenticated(request, **kwargs)
            if check is True:
                request._authentication_backend = self.ApiKeyBackend
            return check
        if self.OAuthBackend.is_valid_request(request):
            check = self.OAuthBackend.is_authenticated(request, **kwargs)
            if check is True:
                request._authentication_backend = self.OAuthBackend 
            return check
        else:
            # Authenticate the request as the anonymous user
            request.user = User.objects.get(id=ANONYMOUS_USER_ID)
            return True
        

    def get_identifier(self, request):
        """
        Provides a unique string identifier for the requestor.

        This implementation returns a combination of IP address and hostname.
        """
        try:
            return request._authentication_backend.get_identifier(request)
        except AttributeError:
            return 'nouser'
Ejemplo n.º 7
0
    def test_is_authenticated(self):
        auth = OAuthAuthentication()

        # Invalid request.
        resp = auth.is_authenticated(self.request)
        self.assertEqual(resp.status_code, 401)

        # No username/api_key details should fail.
        self.request.REQUEST = self.request.GET = {
            'oauth_consumer_key': '123',
            'oauth_nonce': 'abc',
            'oauth_signature': '&',
            'oauth_signature_method': 'PLAINTEXT',
            'oauth_timestamp': str(int(time.time())),
            'oauth_token': 'foo',
        }
        self.request.META['Authorization'] = 'OAuth ' + ','.join([key+'='+value for key, value in self.request.REQUEST.items()])
        resp = auth.is_authenticated(self.request)
        self.assertEqual(resp, True)
        self.assertEqual(self.request.user.pk, self.user.pk)
Ejemplo n.º 8
0
    def test_is_authenticated(self):
        auth = OAuthAuthentication()

        # Invalid request.
        resp = auth.is_authenticated(self.request)
        self.assertEqual(resp.status_code, 401)

        # No username/api_key details should fail.
        self.request.REQUEST = self.request.GET = {
            'oauth_consumer_key': '123',
            'oauth_nonce': 'abc',
            'oauth_signature': '&',
            'oauth_signature_method': 'PLAINTEXT',
            'oauth_timestamp': str(int(time.time())),
            'oauth_token': 'foo',
        }
        self.request.META['Authorization'] = 'OAuth ' + ','.join([key+'='+value for key, value in self.request.REQUEST.items()])
        resp = auth.is_authenticated(self.request)
        self.assertEqual(resp, True)
        self.assertEqual(self.request.user.pk, self.user.pk)
Ejemplo n.º 9
0
    def test_is_authenticated(self):
        from oauth_provider.models import Consumer, Token, Resource
        auth = OAuthAuthentication()
        request = HttpRequest()
        request.META['SERVER_NAME'] = 'testsuite'
        request.META['SERVER_PORT'] = '8080'
        request.REQUEST = request.GET = {}
        request.method = "GET"

        # Invalid request.
        resp = auth.is_authenticated(request)
        self.assertEqual(resp.status_code, 401)

        # No username/api_key details should fail.
        request.REQUEST = request.GET = {
            'oauth_consumer_key': '123',
            'oauth_nonce': 'abc',
            'oauth_signature': '&',
            'oauth_signature_method': 'PLAINTEXT',
            'oauth_timestamp': str(int(time.time())),
            'oauth_token': 'foo',
        }
        user = User.objects.create_user('daniel', '*****@*****.**', 'password')
        request.META['Authorization'] = 'OAuth ' + ','.join([key+'='+value for key, value in request.REQUEST.items()])
        resource, _ = Resource.objects.get_or_create(url='test', defaults={
            'name': 'Test Resource'
        })
        consumer, _ = Consumer.objects.get_or_create(key='123', defaults={
            'name': 'Test',
            'description': 'Testing...'
        })
        token, _ = Token.objects.get_or_create(key='foo', token_type=Token.ACCESS, defaults={
            'consumer': consumer,
            'resource': resource,
            'secret': '',
            'user': user,
        })
        resp = auth.is_authenticated(request)
        self.assertEqual(resp, True)
        self.assertEqual(request.user.pk, user.pk)
Ejemplo n.º 10
0
    def test_is_authenticated(self):
        auth = OAuthAuthentication()

        # Invalid request.
        resp = auth.is_authenticated(self.request)
        self.assertEqual(resp.status_code, 401)

        # No username/api_key details should fail.
        self.request.REQUEST = self.request.GET = {
            "oauth_consumer_key": "123",
            "oauth_nonce": "abc",
            "oauth_signature": "&",
            "oauth_signature_method": "PLAINTEXT",
            "oauth_timestamp": str(int(time.time())),
            "oauth_token": "foo",
        }
        self.request.META["Authorization"] = "OAuth " + ",".join(
            [key + "=" + value for key, value in self.request.REQUEST.items()]
        )
        resp = auth.is_authenticated(self.request)
        self.assertEqual(resp, True)
        self.assertEqual(self.request.user.pk, self.user.pk)
Ejemplo n.º 11
0
    def test_whitelisting(self):
        auth = OAuthAuthentication(whitelisted_methods=['a_method'])

        # Calling with a whitelisted method_name without credentials should work
        self.assertEqual(auth.is_authenticated(self.request, method_name='a_method'), True)

        # Calling any other method should require auth
        resp = auth.is_authenticated(self.request, method_name='another_method')
        self.assertEqual(resp.status_code, 401)

        # No username/api_key details should fail.
        self.request.REQUEST = self.request.GET = {
            'oauth_consumer_key': '123',
            'oauth_nonce': 'abc',
            'oauth_signature': '&',
            'oauth_signature_method': 'PLAINTEXT',
            'oauth_timestamp': str(int(time.time())),
            'oauth_token': 'foo',
        }
        self.request.META['Authorization'] = 'OAuth ' + ','.join([key+'='+value for key, value in self.request.REQUEST.items()])
        self.assertEqual(auth.is_authenticated(self.request, method_name='a_method'), True)
        self.assertEqual(auth.is_authenticated(self.request, method_name='another_method'), True)
Ejemplo n.º 12
0
    def test_is_authenticated(self):
        from oauth_provider.models import Consumer, Token, Resource

        auth = OAuthAuthentication()
        request = HttpRequest()
        request.META["SERVER_NAME"] = "testsuite"
        request.META["SERVER_PORT"] = "8080"
        request.REQUEST = request.GET = {}
        request.method = "GET"

        # Invalid request.
        resp = auth.is_authenticated(request)
        self.assertEqual(resp.status_code, 401)

        # No username/api_key details should fail.
        request.REQUEST = request.GET = {
            "oauth_consumer_key": "123",
            "oauth_nonce": "abc",
            "oauth_signature": "&",
            "oauth_signature_method": "PLAINTEXT",
            "oauth_timestamp": str(int(time.time())),
            "oauth_token": "foo",
        }
        user = User.objects.create_user("daniel", "*****@*****.**", "password")
        request.META["Authorization"] = "OAuth " + ",".join(
            [key + "=" + value for key, value in request.REQUEST.items()]
        )
        resource, _ = Resource.objects.get_or_create(url="test", defaults={"name": "Test Resource"})
        consumer, _ = Consumer.objects.get_or_create(key="123", defaults={"name": "Test", "description": "Testing..."})
        token, _ = Token.objects.get_or_create(
            key="foo",
            token_type=Token.ACCESS,
            defaults={"consumer": consumer, "resource": resource, "secret": "", "user": user},
        )
        resp = auth.is_authenticated(request)
        self.assertEqual(resp, True)
        self.assertEqual(request.user.pk, user.pk)
Ejemplo n.º 13
0
 class Meta:
     queryset        = Submission.objects.all()
     resource_name   = 'submission'
     excludes        = ['feedback']
     allowed_methods = ['get']
     include_absolute_url = True
     
     # Rules that enable filtering based on exercise, grader, submitter and grade.
     filtering = {
         "exercise": ('exact',),
         "grader": ('exact',),
         "submitters": ('exact',),
         "grade": ALL,
         "id": ALL
     }
     
     # In this version only superusers are allowed to access
     # submissions after being authenticated with OAuth
     authentication  = OAuthAuthentication()
     authorization   = SuperuserAuthorization()
Ejemplo n.º 14
0
 def __init__(self, **kwargs):
     super(MultiAuthentication, self).__init__(**kwargs)
     self.ApiKeyBackend = ApiKeyAuthentication()
     self.OAuthBackend = OAuthAuthentication()
Ejemplo n.º 15
0
 class Meta:
     queryset = Task.objects.all()
     resource_name = 'tasks'
     authentication = OAuthAuthentication()
     authorization = DjangoAuthorization()