def auth_basic(method, service, app, caller, config, credentials=None):
"""basic authentication"""
if credentials is not None and len(credentials) == 2:
username, password = credentials
elif 'username' in config and 'password' in config:
username = config['username']
password = config['password']
else:
raise Exception(
"You must specify some authentication in the "
"configuration, either by using the 'username' and 'password' "
"global configuration settings, or by passing the parameters to "
"the controller")
# not being authenticated should return a 401
if not _err(caller, service.path, status=401):
return False
# let's generate the hash
base64string = base64.encodestring('%s:%s' % (username, password))[:-1]
# an authenticated request should work and return something else,
# starting by # 2xx or 3xx
return _err(caller,
service.path,
headers={"Authorization": "Basic %s" % base64string},
status=200)
def auth_basic(method, service, app, caller, config, credentials=None):
"""basic authentication"""
if credentials is not None and len(credentials) == 2:
username, password = credentials
elif 'username' in config and 'password' in config:
username = config['username']
password = config['password']
else:
raise Exception("You must specify some authentication in the "
"configuration, either by using the 'username' and 'password' "
"global configuration settings, or by passing the parameters to "
"the controller")
# not being authenticated should return a 401
if not _err(caller, service.path, status=401):
return False
# let's generate the hash
base64string = base64.encodestring('%s:%s' % (username, password))[:-1]
# an authenticated request should work and return something else,
# starting by # 2xx or 3xx
return _err(caller, service.path,
headers={"Authorization": "Basic %s" % base64string},
status=200)
def check_404(app, config, services, *params):
"""Non-existant paths return a 404"""
path = random_path()
for meth in METHS:
caller = getattr(app, meth.lower())
if not _err(caller, path, status=404):
return False
return True
def check_404(app, config, services, *params):
"""Non-existant paths return a 404"""
path = random_path()
for meth in METHS:
caller = getattr(app, meth.lower())
if not _err(caller, path, status=404):
return False
return True
def check_405(app, config, services, *params):
"""Wrong HTTP method on a right URI returns a 405"""
# from the list of services, get one with not all methods defined
for service in services.values():
diff = set(METHS) - set(service.methods)
if diff:
return _err(getattr(app, diff.pop().lower()),
service.path, status=405)
def json_breaker(method, service, app, caller, config):
"""Sending a broken JSON object returns a 400"""
bomb = {}
for param in service.params:
bomb[param] = "{test:json]" # aouch!
expected_status = 400 if bomb else 200
return _err(caller, service.path, params=bomb, status=expected_status)
def check_405(app, config, services, *params):
"""Wrong HTTP method on a right URI returns a 405"""
# from the list of services, get one with not all methods defined
for service in services.values():
diff = set(METHS) - set(service.methods)
if diff:
return _err(getattr(app,
diff.pop().lower()),
service.path,
status=405)
def check_411(method, service, app, caller, config):
"""Missing content-length on PUT or POST returns a 411"""
class PatchedRequest(TestRequest):
"""Patched to remove Content-Length"""
@classmethod
def blank(cls, path, environ=None, **kw):
environ.pop('CONTENT_LENGTH')
return super(PatchedRequest, cls).blank(path, environ, *kw)
# monkey patch!
_old = app.RequestClass
app.RequestClass = PatchedRequest
try:
return _err(caller, service.path, params={"test": "yay"}, status=411)
finally:
app.RequestClass = _old
def check_411(method, service, app, caller, config):
"""Missing content-length on PUT or POST returns a 411"""
class PatchedRequest(TestRequest):
"""Patched to remove Content-Length"""
@classmethod
def blank(cls, path, environ=None, **kw):
environ.pop('CONTENT_LENGTH')
return super(PatchedRequest, cls).blank(path, environ, *kw)
# monkey patch!
_old = app.RequestClass
app.RequestClass = PatchedRequest
try:
return _err(caller, service.path, params={"test": "yay"}, status=411)
finally:
app.RequestClass = _old
def check_413(method, service, app, caller, config, params=[]):
"""Large PUT|POST returns a 413"""
size = int(params[0] if len(params) > 0 else 3)
big_string = u"a" * 1048613 * size # "a" is about 1 byte.
return _err(caller, service.path, params={"test": big_string}, status=413)
def check_406(method, service, app, caller, config):
"""Unsupported Content-Type values in the headers returns a 406"""
return _err(caller, service.path, headers={"Accept": "cheese"}, status=406)
def auth_breaker(method, service, app, caller, config):
"""Broken authorization headers returns a 400"""
return _err(caller,
service.path,
headers={"Authorization": "yeah!"},
status=400)
def check_414(method, service, app, caller, config, params=[]):
"""Checks that uri > 4096 generates a 414"""
size = int(params[0] if len(params) > 0 else 5000)
path = service.path + '?' + 'o' * size + '=1'
return _err(caller, path, status=414)
def check_413(method, service, app, caller, config, params=[]):
"""Large PUT|POST returns a 413"""
size = int(params[0] if len(params) > 0 else 3)
big_string = u"a" * 1048613 * size # "a" is about 1 byte.
return _err(caller, service.path, params={"test": big_string}, status=413)
def check_406(method, service, app, caller, config):
"""Unsupported Content-Type values in the headers returns a 406"""
return _err(caller, service.path, headers={"Accept": "cheese"},
status=406)
def auth_breaker(method, service, app, caller, config):
"""Broken authorization headers returns a 400"""
return _err(caller, service.path, headers={"Authorization": "yeah!"},
status=400)
