Ejemplo n.º 1
0
    def test_active_service_account_in_ds(self):
        expected_json = 'fake service account json'
        caller_uid = self._random_subject_id()
        real_user_id = self._random_subject_id()

        ftvm = FenceTokenVendingMachine(
            None, self._mock_sam_api(real_user_id, "*****@*****.**"),
            self._mock_oauth_adapter("fake_token"), provider_name)

        TokenStore.save(real_user_id, "fake_refresh_token",
                        datetime.datetime.now(), "*****@*****.**", provider_name)

        fsa_key = ftvm._fence_service_account_key(real_user_id)
        stored_fsa = FenceServiceAccount(key_json=expected_json,
                                         expires_at=datetime.datetime.now() +
                                         datetime.timedelta(days=5),
                                         update_lock_timeout=None,
                                         key=fsa_key)
        stored_fsa.put()

        self.assertIsNone(memcache.get(namespace=provider_name,
                                       key=caller_uid))

        service_account_json = ftvm.get_service_account_key_json(
            UserInfo(caller_uid, "*****@*****.**", "fake_token_too", 10))

        self.assertEqual(expected_json, service_account_json)
        self.assertIsNotNone(
            memcache.get(namespace=provider_name, key=caller_uid))
Ejemplo n.º 2
0
    def test_no_service_account(self):
        expected_json = 'fake service account json'
        caller_uid = self._random_subject_id()
        real_user_id = self._random_subject_id()

        ftvm = FenceTokenVendingMachine(self._mock_fence_api(expected_json),
                                        self._mock_sam_api(real_user_id, "*****@*****.**"),
                                        self._mock_oauth_adapter("fake_token"), provider_name)

        TokenStore.save(real_user_id, "fake_refresh_token", datetime.datetime.now(), "*****@*****.**", provider_name)

        self.assertIsNone(memcache.get(namespace=provider_name, key=caller_uid))
        fsa_key = ftvm._fence_service_account_key(real_user_id)
        self.assertIsNone(fsa_key.get())

        service_account_json = ftvm.get_service_account_key_json(
            UserInfo(caller_uid, "*****@*****.**", "fake_token_too", 10))

        self.assertEqual(expected_json, service_account_json)
        self.assertIsNotNone(memcache.get(namespace=provider_name, key=caller_uid))
        stored_fsa = fsa_key.get()
        self.assertIsNotNone(stored_fsa)
        self.assertIsNone(stored_fsa.update_lock_timeout)
        self.assertEqual(expected_json, stored_fsa.key_json)
        self.assertGreater(stored_fsa.expires_at, datetime.datetime.now())
Ejemplo n.º 3
0
    def test_no_service_account(self):
        expected_json = 'fake service account json'
        caller_uid = self._random_subject_id()
        real_user_id = self._random_subject_id()

        ftvm = FenceTokenVendingMachine(
            self._mock_fence_api(expected_json),
            self._mock_sam_api(real_user_id, "*****@*****.**"),
            self._mock_oauth_adapter("fake_token"), provider_name)

        TokenStore.save(real_user_id, "fake_refresh_token",
                        datetime.datetime.now(), "*****@*****.**", provider_name)

        self.assertIsNone(memcache.get(namespace=provider_name,
                                       key=caller_uid))
        fsa_key = ftvm._fence_service_account_key(real_user_id)
        self.assertIsNone(fsa_key.get())

        service_account_json = ftvm.get_service_account_key_json(
            UserInfo(caller_uid, "*****@*****.**", "fake_token_too", 10))

        self.assertEqual(expected_json, service_account_json)
        self.assertIsNotNone(
            memcache.get(namespace=provider_name, key=caller_uid))
        stored_fsa = fsa_key.get()
        self.assertIsNotNone(stored_fsa)
        self.assertIsNone(stored_fsa.update_lock_timeout)
        self.assertEqual(expected_json, stored_fsa.key_json)
        self.assertGreater(stored_fsa.expires_at, datetime.datetime.now())
Ejemplo n.º 4
0
 def test_lookup(self):
     TokenStore.save(self.user_id, self.token_str, self.issued_at,
                     self.username, provider_name)
     persisted_token = TokenStore.lookup(self.user_id, provider_name)
     self.assertEqual(self.token_str, persisted_token.token)
     self.assertEqual(self.issued_at, persisted_token.issued_at)
     self.assertEqual(self.username, persisted_token.username)
Ejemplo n.º 5
0
    def _test_with_lock(self, lock_timeout, update_fsa_fxn=None, api_json=None):
        expected_json = 'fake service account json'
        if not api_json:
            api_json = expected_json
        caller_uid = self._random_subject_id()
        real_user_id = self._random_subject_id()

        ftvm = FenceTokenVendingMachine(self._mock_fence_api(api_json), self._mock_sam_api(real_user_id, "*****@*****.**"),
                                        self._mock_oauth_adapter("fake_token"), provider_name)

        TokenStore.save(real_user_id, "fake_refresh_token", datetime.datetime.now(), "*****@*****.**", provider_name)

        fsa_key = ftvm._fence_service_account_key(real_user_id)
        stored_fsa = FenceServiceAccount(key_json="expired json",
                                         expires_at=datetime.datetime.now() - datetime.timedelta(days=5),
                                         update_lock_timeout=lock_timeout,
                                         key=fsa_key)
        stored_fsa.put()

        self.assertIsNone(memcache.get(namespace=provider_name, key=caller_uid))

        if update_fsa_fxn:
            threading.Thread(target=update_fsa_fxn, args=(fsa_key, expected_json)).start()

        service_account_json = ftvm.get_service_account_key_json(
            UserInfo(caller_uid, "*****@*****.**", "fake_token_too", 10))

        self.assertEqual(expected_json, service_account_json)
        self.assertIsNotNone(memcache.get(namespace=provider_name, key=caller_uid))
        stored_fsa = fsa_key.get()
        self.assertIsNotNone(stored_fsa)
        self.assertIsNone(stored_fsa.update_lock_timeout)
        self.assertEqual(expected_json, stored_fsa.key_json)
        self.assertGreater(stored_fsa.expires_at, datetime.datetime.now())
Ejemplo n.º 6
0
 def test_link_info_exists(self):
     token = str(uuid.uuid4())
     TokenStore.save(user_id=self.user_id,
                     refresh_token_str=token,
                     issued_at=datetime.fromtimestamp(self.issued_at_epoch),
                     username=self.name,
                     provider_name=provider_name)
     link_info = self.bond.get_link_info(UserInfo(str(uuid.uuid4()), "", "", 30))
     self.assertEqual(token, link_info.token)
Ejemplo n.º 7
0
 def test_generate_access_token(self):
     token = str(uuid.uuid4())
     TokenStore.save(user_id=self.user_id,
                     refresh_token_str=token,
                     issued_at=datetime.fromtimestamp(self.issued_at_epoch),
                     username=self.name,
                     provider_name=provider_name)
     access_token, expires_at = self.bond.generate_access_token(UserInfo(str(uuid.uuid4()), "", "", 30))
     self.assertEqual(self.fake_access_token, access_token)
     self.assertEqual(datetime.fromtimestamp(self.expires_at_epoch), expires_at)
Ejemplo n.º 8
0
    def test_revoke_link_exists(self):
        token = str(uuid.uuid4())
        TokenStore.save(self.user_id, token, datetime.now(), self.name, provider_name)
        user_info = UserInfo(str(uuid.uuid4()), "", "", 30)
        self.bond.fence_tvm.get_service_account_key_json(user_info)
        self.assertIsNotNone(self.bond.fence_tvm._fence_service_account_key(self.user_id).get())

        self.bond.unlink_account(user_info)

        self.assertIsNone(self.bond.fence_tvm._fence_service_account_key(self.user_id).get())
        self.assertIsNone(TokenStore.lookup(self.user_id, provider_name))
        self.bond.oauth_adapter.revoke_refresh_token.assert_called_once()
        self.bond.fence_api.delete_credentials_google.assert_called_once()
Ejemplo n.º 9
0
 def test_save(self):
     self.assertIsNone(self.key.get())
     result_key = TokenStore.save(self.user_id, self.token_str, self.issued_at, self.username, provider_name)
     self.assertEqual(result_key, self.key)
     saved_token = self.key.get()
     self.assertIsNotNone(saved_token)
     self.assertEqual(self.token_str, saved_token.token)
     self.assertEqual(self.issued_at, saved_token.issued_at)
     self.assertEqual(self.username, saved_token.username)
Ejemplo n.º 10
0
    def _test_with_lock(self,
                        lock_timeout,
                        update_fsa_fxn=None,
                        api_json=None):
        expected_json = 'fake service account json'
        if not api_json:
            api_json = expected_json
        caller_uid = self._random_subject_id()
        real_user_id = self._random_subject_id()

        ftvm = FenceTokenVendingMachine(
            self._mock_fence_api(api_json),
            self._mock_sam_api(real_user_id, "*****@*****.**"),
            self._mock_oauth_adapter("fake_token"), provider_name)

        TokenStore.save(real_user_id, "fake_refresh_token",
                        datetime.datetime.now(), "*****@*****.**", provider_name)

        fsa_key = ftvm._fence_service_account_key(real_user_id)
        stored_fsa = FenceServiceAccount(key_json="expired json",
                                         expires_at=datetime.datetime.now() -
                                         datetime.timedelta(days=5),
                                         update_lock_timeout=lock_timeout,
                                         key=fsa_key)
        stored_fsa.put()

        self.assertIsNone(memcache.get(namespace=provider_name,
                                       key=caller_uid))

        if update_fsa_fxn:
            threading.Thread(target=update_fsa_fxn,
                             args=(fsa_key, expected_json)).start()

        service_account_json = ftvm.get_service_account_key_json(
            UserInfo(caller_uid, "*****@*****.**", "fake_token_too", 10))

        self.assertEqual(expected_json, service_account_json)
        self.assertIsNotNone(
            memcache.get(namespace=provider_name, key=caller_uid))
        stored_fsa = fsa_key.get()
        self.assertIsNotNone(stored_fsa)
        self.assertIsNone(stored_fsa.update_lock_timeout)
        self.assertEqual(expected_json, stored_fsa.key_json)
        self.assertGreater(stored_fsa.expires_at, datetime.datetime.now())
Ejemplo n.º 11
0
 def exchange_authz_code(self, authz_code, redirect_uri, user_info):
     """
     Given an authz_code and user information, exchange that code for an OAuth Access Token and Refresh Token.  Store
     the refresh token for later, and return the datetime the token was issued along with the username for whom it
     was issued to by the OAuth provider.
     :param authz_code: Authorization code from OAuth provider
     :param redirect_uri: redirect url that was used when generating the code - will use default if None
     :param user_info: Information of the user who issued the request to Bond (not necessarily the same as
     the username for whom the refresh token was issued by the OAuth provider)
     :return: Two values: datetime when token was issued, username for whom the token was issued
     """
     token_response = self.oauth_adapter.exchange_authz_code(authz_code, redirect_uri)
     jwt_token = JwtToken(token_response.get(FenceKeys.ID_TOKEN), self.user_name_path_expr)
     user_id = self.sam_api.user_info(user_info.token)[SamKeys.USER_ID_KEY]
     if FenceKeys.REFRESH_TOKEN_KEY not in token_response:
         raise endpoints.BadRequestException("authorization response did not include " + FenceKeys.REFRESH_TOKEN_KEY)
     TokenStore.save(user_id, token_response.get(FenceKeys.REFRESH_TOKEN_KEY), jwt_token.issued_at,
                     jwt_token.username, self.provider_name)
     return jwt_token.issued_at, jwt_token.username
Ejemplo n.º 12
0
 def test_save(self):
     self.assertIsNone(self.key.get())
     result_key = TokenStore.save(self.user_id, self.token_str,
                                  self.issued_at, self.username,
                                  provider_name)
     self.assertEqual(result_key, self.key)
     saved_token = self.key.get()
     self.assertIsNotNone(saved_token)
     self.assertEqual(self.token_str, saved_token.token)
     self.assertEqual(self.issued_at, saved_token.issued_at)
     self.assertEqual(self.username, saved_token.username)
Ejemplo n.º 13
0
    def test_active_service_account_in_ds(self):
        expected_json = 'fake service account json'
        caller_uid = self._random_subject_id()
        real_user_id = self._random_subject_id()

        ftvm = FenceTokenVendingMachine(None, self._mock_sam_api(real_user_id, "*****@*****.**"),
                                        self._mock_oauth_adapter("fake_token"), provider_name)

        TokenStore.save(real_user_id, "fake_refresh_token", datetime.datetime.now(), "*****@*****.**", provider_name)

        fsa_key = ftvm._fence_service_account_key(real_user_id)
        stored_fsa = FenceServiceAccount(key_json=expected_json,
                                         expires_at=datetime.datetime.now() + datetime.timedelta(days=5),
                                         update_lock_timeout=None,
                                         key=fsa_key)
        stored_fsa.put()

        self.assertIsNone(memcache.get(namespace=provider_name, key=caller_uid))

        service_account_json = ftvm.get_service_account_key_json(
            UserInfo(caller_uid, "*****@*****.**", "fake_token_too", 10))

        self.assertEqual(expected_json, service_account_json)
        self.assertIsNotNone(memcache.get(namespace=provider_name, key=caller_uid))
Ejemplo n.º 14
0
 def test_lookup(self):
     TokenStore.save(self.user_id, self.token_str, self.issued_at, self.username, provider_name)
     persisted_token = TokenStore.lookup(self.user_id, provider_name)
     self.assertEqual(self.token_str, persisted_token.token)
     self.assertEqual(self.issued_at, persisted_token.issued_at)
     self.assertEqual(self.username, persisted_token.username)