Ejemplos de is_headers_valid en Python

Ejemplo n.º 1

def test_get_token_and_send_request(client, version, https):

    base_url = '%s://localhost' % ('https' if https else 'http')

    # Get valid token
    response = client.post(
        AUTH_PATH,
        data={'username': USERNAME, 'password': PASSWORD},
        base_url=base_url
    )

    assert response.status_code == 200

    data = json.loads(response.get_data(as_text=True))
    token = data.get('token')

    assert token

    headers = prepare_headers(version, https)
    headers[HTTP_AUTHORIZATION] = 'Bearer %s' % token

    # Get correct response for invalid body
    response = client.post(
        INBOX['address'],
        data='invalid-body',
        headers=headers,
        base_url=base_url
    )

    assert response.status_code == 200
    assert is_headers_valid(response.headers, version, https)

    message = as_tm(version).get_message_from_xml(response.data)
    assert message.status_type == ST_BAD_MESSAGE

    request = as_tm(version).DiscoveryRequest(message_id=MESSAGE_ID)
    headers = prepare_headers(version, https)
    headers[HTTP_AUTHORIZATION] = 'Bearer %s' % token

    # Get correct response for valid request
    response = client.post(
        DISCOVERY['address'],
        data=request.to_xml(),
        headers=headers,
        base_url=base_url
    )

    assert response.status_code == 200
    assert is_headers_valid(response.headers, version=version, https=https)

    message = as_tm(version).get_message_from_xml(response.data)

    assert isinstance(message, as_tm(version).DiscoveryResponse)

    from opentaxii import context
    assert not hasattr(context, 'account')

Ejemplo n.º 2

Archivo: test_auth.py Proyecto: EclecticIQ/OpenTAXII

def test_collection_access_private_poll(client, version, https):

    # POLL_CLOSED collection allowed read access
    url, headers = prepare_url_headers(version, https, 'johnny', 'johnny')
    request = prepare_poll_request(
        'collection-1', version, bindings=[CB_STIX_XML_111])

    response = client.post(
        POLL_CLOSED['address'],
        data=request.to_xml(),
        headers=headers,
        base_url=url)
    assert response.status_code == 200
    assert is_headers_valid(response.headers, version, https)
    message = as_tm(version).get_message_from_xml(response.data)
    assert message.message_type == 'Poll_Response'

    # POLL_CLOSED collection disallowed read access
    url, headers = prepare_url_headers(version, https, 'billy', 'billy')
    request = prepare_poll_request(
        'collection-2', version, bindings=[CB_STIX_XML_111])

    response = client.post(
        POLL_CLOSED['address'],
        data=request.to_xml(),
        headers=headers,
        base_url=url)
    assert response.status_code == 200
    assert is_headers_valid(response.headers, version, https)
    message = as_tm(version).get_message_from_xml(response.data)
    assert message.status_type == 'NOT_FOUND'

    # POLL_CLOSED collection admin access
    url, headers = prepare_url_headers(version, https, 'wally', 'wally')
    request = prepare_poll_request(
        'collection-2', version, bindings=[CB_STIX_XML_111])

    response = client.post(
        POLL_CLOSED['address'],
        data=request.to_xml(),
        headers=headers,
        base_url=url)
    assert response.status_code == 200
    assert is_headers_valid(response.headers, version, https)
    message = as_tm(version).get_message_from_xml(response.data)
    assert message.message_type == 'Poll_Response'

Ejemplo n.º 3

def test_request_with_basic_auth(client, version, https):

    base_url = '%s://localhost' % ('https' if https else 'http')
    basic_auth_header = 'Basic {}'.format(
        basic_auth_token(USERNAME, PASSWORD).decode('utf-8'))

    headers = prepare_headers(version, https)
    headers[HTTP_AUTHORIZATION] = basic_auth_header

    # Get correct response for invalid body
    response = client.post(
        INBOX['address'],
        data='invalid-body',
        headers=headers,
        base_url=base_url
    )

    assert response.status_code == 200
    assert is_headers_valid(response.headers, version, https)

    message = as_tm(version).get_message_from_xml(response.data)
    assert message.status_type == ST_BAD_MESSAGE

    request = as_tm(version).DiscoveryRequest(message_id=MESSAGE_ID)
    headers = prepare_headers(version, https)
    headers[HTTP_AUTHORIZATION] = basic_auth_header

    # Get correct response for valid request
    response = client.post(
        DISCOVERY['address'],
        data=request.to_xml(),
        headers=headers,
        base_url=base_url
    )

    assert response.status_code == 200
    assert is_headers_valid(response.headers, version=version, https=https)

    message = as_tm(version).get_message_from_xml(response.data)

    assert isinstance(message, as_tm(version).DiscoveryResponse)

    from opentaxii import context
    assert not hasattr(context, 'account')

Ejemplo n.º 4

Archivo: test_auth.py Proyecto: EclecticIQ/OpenTAXII

def test_unauthorized_request(app, client, version, https):
    base_url = '%s://localhost' % ('https' if https else 'http')
    response = client.post(
        INBOX_OPEN['address'],
        data='invalid-body',
        headers=prepare_headers(version, https),
        base_url=base_url)

    assert response.status_code == 200
    assert is_headers_valid(response.headers, version, https)

    message = as_tm(version).get_message_from_xml(response.data)
    assert message.status_type == ST_UNAUTHORIZED

    from opentaxii import context
    assert not hasattr(context, 'account')

Ejemplo n.º 5

Archivo: test_http.py Proyecto: jiangzhw/OpenTAXII

def test_status_message_response(client, version, https):

    base_url = '%s://localhost' % ('https' if https else 'http')

    response = client.post(
        INBOX['address'],
        data = 'invalid-body',
        headers = prepare_headers(version, https),
        base_url = base_url
    )

    assert response.status_code == 200
    assert is_headers_valid(response.headers, version, https)

    message = as_tm(version).get_message_from_xml(response.data)

    assert message.status_type == ST_BAD_MESSAGE

Ejemplo n.º 6

def test_unauthorized_request(client, version, https):

    base_url = '%s://localhost' % ('https' if https else 'http')

    response = client.post(INBOX['address'],
                           data='invalid-body',
                           headers=prepare_headers(version, https),
                           base_url=base_url)

    assert response.status_code == 200
    assert is_headers_valid(response.headers, version, https)

    message = as_tm(version).get_message_from_xml(response.data)
    assert message.status_type == ST_UNAUTHORIZED

    from opentaxii import context
    assert not hasattr(context, 'account')

Ejemplo n.º 7

def test_invalid_basic_auth_request(client, version, https):

    base_url = '%s://localhost' % ('https' if https else 'http')

    headers = prepare_headers(version, https)
    headers[HTTP_AUTHORIZATION] = 'Basic somevalue'

    request = as_tm(version).DiscoveryRequest(message_id=MESSAGE_ID)
    response = client.post(DISCOVERY['address'],
                           data=request.to_xml(),
                           headers=headers,
                           base_url=base_url)

    assert response.status_code == 200
    assert is_headers_valid(response.headers, version, https)

    message = as_tm(version).get_message_from_xml(response.data)
    assert message.status_type == ST_UNAUTHORIZED

Ejemplo n.º 8

Archivo: test_http.py Proyecto: jiangzhw/OpenTAXII

def test_successful_response(client, version, https):

    request = as_tm(version).DiscoveryRequest(message_id=MESSAGE_ID)
    base_url = '%s://localhost' % ('https' if https else 'http')

    response = client.post(
        DISCOVERY['address'],
        data = request.to_xml(),
        headers = prepare_headers(version=version, https=https),
        base_url = base_url
    )

    assert response.status_code == 200
    assert is_headers_valid(response.headers, version=version, https=https)

    message = as_tm(version).get_message_from_xml(response.data)

    assert isinstance(message, as_tm(version).DiscoveryResponse)
    assert len(message.service_instances) == INSTANCES_CONFIGURED

Ejemplo n.º 9

Archivo: test_auth.py Proyecto: EclecticIQ/OpenTAXII

def test_invalid_basic_auth_request(client, version, https):

    base_url = '%s://localhost' % ('https' if https else 'http')

    headers = prepare_headers(version, https)
    headers[HTTP_AUTHORIZATION] = 'Basic somevalue'

    request = as_tm(version).DiscoveryRequest(message_id=MESSAGE_ID)
    response = client.post(
        DISCOVERY['address'],
        data=request.to_xml(),
        headers=headers,
        base_url=base_url)

    assert response.status_code == 200
    assert is_headers_valid(response.headers, version, https)

    message = as_tm(version).get_message_from_xml(response.data)
    assert message.status_type == ST_UNAUTHORIZED

Ejemplo n.º 10

Archivo: test_http.py Proyecto: jiangzhw/OpenTAXII

def test_post_parse_verification(client, version, https):

    headers = prepare_headers(version, https)
    headers[HTTP_X_TAXII_SERVICES] = 'invalid-services-spec'

    request = as_tm(version).DiscoveryRequest(message_id=MESSAGE_ID)
    base_url = '%s://localhost' % ('https' if https else 'http')

    response = client.post(
        DISCOVERY['address'],
        data = request.to_xml(),
        headers = headers,
        base_url = base_url
    )

    assert response.status_code == 200
    assert is_headers_valid(response.headers, version=version, https=https)

    message = as_tm(version).get_message_from_xml(response.data)

    assert message.status_type == ST_FAILURE
    assert message.in_response_to == MESSAGE_ID

Ejemplo n.º 11

Archivo: test_auth.py Proyecto: EclecticIQ/OpenTAXII

def test_collection_access_private_inbox(client, version, https):
    # INBOX read-only collection access
    url, headers = prepare_url_headers(version, https, 'johnny', 'johnny')
    request = prepare_inbox_message(
        version,
        dest_collection='collection-1',
        blocks=[make_inbox_content(version)])

    response = client.post(
        INBOX_CLOSED['address'],
        data=request.to_xml(),
        headers=headers,
        base_url=url)
    assert response.status_code == 200
    assert is_headers_valid(response.headers, version, https)
    message = as_tm(version).get_message_from_xml(response.data)
    assert message.message_type == 'Status_Message'

    if version == 11:
        assert message.status_type == 'UNAUTHORIZED'
        assert (
            message.message ==
            'User can not write to collection collection-1')
    else:
        # Because in TAXII 1.0 destination collection can not be specified
        # so it impossible to verify access
        assert message.status_type == 'SUCCESS'

    # INBOX modify collection access
    request = prepare_inbox_message(
        version,
        dest_collection='collection-2',
        blocks=[make_inbox_content(version)])

    response = client.post(
        INBOX_CLOSED['address'],
        data=request.to_xml(),
        headers=headers,
        base_url=url)
    assert response.status_code == 200
    assert is_headers_valid(response.headers, version, https)
    message = as_tm(version).get_message_from_xml(response.data)
    assert message.message_type == 'Status_Message'
    assert message.status_type == 'SUCCESS'

    # INBOX modify collection access
    url, headers = prepare_url_headers(version, https, 'wally', 'wally')
    request = prepare_inbox_message(
        version,
        dest_collection='collection-2',
        blocks=[make_inbox_content(version)])

    response = client.post(
        INBOX_CLOSED['address'],
        data=request.to_xml(),
        headers=headers,
        base_url=url)
    assert response.status_code == 200
    assert is_headers_valid(response.headers, version, https)
    message = as_tm(version).get_message_from_xml(response.data)
    assert message.message_type == 'Status_Message'
    assert message.status_type == 'SUCCESS'