Example #1
0
 def testKitchenSink(self):
     # Access specific models using a global read token.
     self.assertScopeValid(
         scope.access_obj(self.obj, "read") + scope.access_obj(self.obj2, "read"),
         scope.access_all("read"),
     )
     # Then fail it by asking for a new permission.
     self.assertScopeInvalid(
         scope.access_obj(self.obj, "read", "write") + scope.access_obj(self.obj2, "read"),
         scope.access_all("read"),
     )
     # Access specific objects using a specific read and write token.
     self.assertScopeValid(
         scope.access_obj(self.obj, "read", "write") + scope.access_obj(self.obj2, "read", "write"),
         scope.access_model(TestModel, "read", "write") + scope.access_model(TestModel2, "read", "write"),
     )
     # Then fail it because access wasn't granted to the second model.
     self.assertScopeInvalid(
         scope.access_obj(self.obj, "read", "write") + scope.access_obj(self.obj2, "read", "write"),
         scope.access_model(TestModel, "read", "write"),
     )
     # Then give it back with a token for the whole app.
     self.assertScopeValid(
         scope.access_obj(self.obj, "read", "write") + scope.access_obj(self.obj2, "read", "write"),
         scope.access_model(TestModel, "read", "write") + scope.access_app("access_tokens", "read", "write"),
     )
     # Finally, give read access to everything, write access to a specific model, and it should work.
     self.assertScopeValid(
         scope.access_obj(self.obj, "read", "write"),
         scope.access_model(self.obj, "write") + scope.access_all("read"),
     )
Example #2
0
 def testExpiredAccessTokenGrantsNothing(self):
     valid_token = self.token_generator.generate(scope.access_all())
     time.sleep(0.1)
     self.assertFalse(
         self.token_generator.validate(valid_token,
                                       scope.access_all(),
                                       max_age=0.05))
Example #3
0
 def testContentTypeTokenGeneratorCreatesSmallerKnownPermissionTokens(self):
     self.assertLess(
         len(
             self.token_generator.generate(
                 scope.access_all("auth.change_permission"))),
         len(
             basic_token_generator.generate(
                 scope.access_all("auth.change_permission"))),
     )
Example #4
0
 def testMismatchedTokenFormatDoesNotError(self):
     for token_generator in (default_token_generator, basic_token_generator, content_type_token_generator, auth_permission_token_generator, kitchen_sink_token_generator):
         self.assertEqual(
             self.token_generator.validate(token_generator.generate(scope.access_all("read")), scope.access_all("read")),
             token_generator._scope_serializer.get_scope_protocol_version() == self.token_generator._scope_serializer.get_scope_protocol_version(),
         )
         self.assertEqual(
             token_generator.validate(self.token_generator.generate(scope.access_all("read")), scope.access_all("read")),
             token_generator._scope_serializer.get_scope_protocol_version() == self.token_generator._scope_serializer.get_scope_protocol_version(),
         )
Example #5
0
 def testMismatchedTokenFormatDoesNotError(self):
     for token_generator in (default_token_generator, basic_token_generator,
                             content_type_token_generator,
                             auth_permission_token_generator,
                             kitchen_sink_token_generator):
         self.assertEqual(
             self.token_generator.validate(
                 token_generator.generate(scope.access_all("read")),
                 scope.access_all("read")),
             token_generator._scope_serializer.get_scope_protocol_version()
             == self.token_generator._scope_serializer.
             get_scope_protocol_version(),
         )
         self.assertEqual(
             token_generator.validate(
                 self.token_generator.generate(scope.access_all("read")),
                 scope.access_all("read")),
             token_generator._scope_serializer.get_scope_protocol_version()
             == self.token_generator._scope_serializer.
             get_scope_protocol_version(),
         )
Example #6
0
 def testKitchenSink(self):
     # Access specific models using a global read token.
     self.assertScopeValid(
         scope.access_obj(self.obj, "read") +
         scope.access_obj(self.obj2, "read"),
         scope.access_all("read"),
     )
     # Then fail it by asking for a new permission.
     self.assertScopeInvalid(
         scope.access_obj(self.obj, "read", "write") +
         scope.access_obj(self.obj2, "read"),
         scope.access_all("read"),
     )
     # Access specific objects using a specific read and write token.
     self.assertScopeValid(
         scope.access_obj(self.obj, "read", "write") +
         scope.access_obj(self.obj2, "read", "write"),
         scope.access_model(TestModel, "read", "write") +
         scope.access_model(TestModel2, "read", "write"),
     )
     # Then fail it because access wasn't granted to the second model.
     self.assertScopeInvalid(
         scope.access_obj(self.obj, "read", "write") +
         scope.access_obj(self.obj2, "read", "write"),
         scope.access_model(TestModel, "read", "write"),
     )
     # Then give it back with a token for the whole app.
     self.assertScopeValid(
         scope.access_obj(self.obj, "read", "write") +
         scope.access_obj(self.obj2, "read", "write"),
         scope.access_model(TestModel, "read", "write") +
         scope.access_app("access_tokens", "read", "write"),
     )
     # Finally, give read access to everything, write access to a specific model, and it should work.
     self.assertScopeValid(
         scope.access_obj(self.obj, "read", "write"),
         scope.access_model(self.obj, "write") + scope.access_all("read"),
     )
Example #7
0
def set_data( request, pk ):
	blob = None
	data = request.POST['data']
	token = request.POST['token']

	

	try:
		blob = DataBlob.objects.get( ref = format(pk) )
	except Exception:
		if( not tokens.validate( token, scope.access_all() ) ):
			return set_universal_access(HttpResponse(json.dumps({'msg':'NOAUTH'})))
		blob = DataBlob.objects.create( data = '', ref = format(pk) )

	if( not tokens.validate( token, scope.access_obj( blob ) ) ):
		return set_universal_access(HttpResponse(json.dumps({'msg':'NOAUTH'})))
	
	blob.data = data
	blob.save()

	return set_universal_access(HttpResponse(json.dumps({'msg':'DONE'})))
Example #8
0
 def testExpiredAccessTokenGrantsNothing(self):
     valid_token = self.token_generator.generate(scope.access_all())
     time.sleep(0.1)
     self.assertFalse(self.token_generator.validate(valid_token, scope.access_all(), max_age=0.05))
Example #9
0
 def testIncorrectSaltGrantsNothing(self):
     valid_token = self.token_generator.generate(scope.access_all())
     self.assertFalse(self.token_generator.validate(valid_token, scope.access_all(), salt="bad_salt"))
Example #10
0
 def testIncorrectKeyGrantsNothing(self):
     valid_token = self.token_generator.generate(scope.access_all())
     self.assertFalse(self.token_generator.validate(valid_token, scope.access_all(), key="bad_key"))
Example #11
0
 def testScopeModelGrants(self):
     # Ask for no access.
     self.assertScopeValid(
         (),
         scope.access_all("read"),
     )
     self.assertScopeValid(
         (),
         scope.access_app("access_tokens", "read"),
     )
     self.assertScopeValid(
         (),
         scope.access_model(TestModel, "read"),
     )
     self.assertScopeValid(
         (),
         scope.access_obj(self.obj, "read"),
     )
     self.assertScopeValid(
         (),
         (),
     )
     # Ask for access, but no permissions
     self.assertScopeValid(
         scope.access_all(),
         scope.access_all("read"),
     )
     self.assertScopeValid(
         scope.access_all(),
         scope.access_app("access_tokens", "read"),
     )
     self.assertScopeValid(
         scope.access_all(),
         scope.access_model(TestModel, "read"),
     )
     self.assertScopeValid(
         scope.access_all(),
         scope.access_obj(self.obj, "read"),
     )
     self.assertScopeValid(
         scope.access_all(),
         (),
     )
     # Ask for obj access.
     self.assertScopeValid(
         scope.access_obj(self.obj, "read"),
         scope.access_all("read"),
     )
     self.assertScopeValid(
         scope.access_obj(self.obj, "read"),
         scope.access_app("access_tokens", "read"),
     )
     self.assertScopeValid(
         scope.access_obj(self.obj, "read"),
         scope.access_model(TestModel, "read"),
     )
     self.assertScopeValid(
         scope.access_obj(self.obj, "read"),
         scope.access_obj(self.obj, "read"),
     )
     self.assertScopeInvalid(
         scope.access_obj(self.obj, "read"),
         (),
     )
     # Ask for model access.
     self.assertScopeValid(
         scope.access_model(TestModel, "read"),
         scope.access_all("read"),
     )
     self.assertScopeValid(
         scope.access_model(TestModel, "read"),
         scope.access_app("access_tokens", "read"),
     )
     self.assertScopeValid(
         scope.access_model(TestModel, "read"),
         scope.access_model(TestModel, "read"),
     )
     self.assertScopeInvalid(
         scope.access_model(TestModel, "read"),
         scope.access_obj(self.obj, "read"),
     )
     self.assertScopeInvalid(
         scope.access_model(TestModel, "read"),
         (),
     )
     # Ask for app access.
     self.assertScopeValid(
         scope.access_app("access_tokens", "read"),
         scope.access_all("read"),
     )
     self.assertScopeValid(
         scope.access_app("access_tokens", "read"),
         scope.access_app("access_tokens", "read"),
     )
     self.assertScopeInvalid(
         scope.access_app("access_tokens", "read"),
         scope.access_model(TestModel, "read"),
     )
     self.assertScopeInvalid(
         scope.access_app("access_tokens", "read"),
         scope.access_obj(self.obj, "read"),
     )
     self.assertScopeInvalid(
         scope.access_app("access_tokens", "read"),
         (),
     )
     # Ask for global access.
     self.assertScopeValid(
         scope.access_all("read"),
         scope.access_all("read"),
     )
     self.assertScopeInvalid(
         scope.access_all("read"),
         scope.access_app("access_tokens", "read"),
     )
     self.assertScopeInvalid(
         scope.access_all("read"),
         scope.access_model(TestModel, "read"),
     )
     self.assertScopeInvalid(
         scope.access_all("read"),
         scope.access_obj(self.obj, "read"),
     )
     self.assertScopeInvalid(
         scope.access_all("read"),
         (),
     )
Example #12
0
 def testInvalidTokenGrantsNothing(self):
     self.assertFalse(self.token_generator.validate("bad_token", scope.access_all()))
Example #13
0
 def testInvalidTokenGrantsNothing(self):
     self.assertFalse(
         self.token_generator.validate("bad_token", scope.access_all()))
Example #14
0
 def testContentTypeTokenGeneratorCreatesSmallerKnownPermissionTokens(self):
     self.assertLess(
         len(self.token_generator.generate(scope.access_all("auth.change_permission"))),
         len(basic_token_generator.generate(scope.access_all("auth.change_permission"))),
     )
Example #15
0
 def testContentTypeTokenGeneratorCreatesEquivalentGlobalTokens(self):
     self.assertEqual(
         len(self.token_generator.generate(scope.access_all())),
         len(basic_token_generator.generate(scope.access_all())),
     )
Example #16
0
 def testContentTypeTokenGeneratorCreatesEquivalentGlobalTokens(self):
     self.assertEqual(
         len(self.token_generator.generate(scope.access_all())),
         len(basic_token_generator.generate(scope.access_all())),
     )
Example #17
0
 def testScopePermissionGrants(self):
     # Asking for no permissions.
     self.assertScopeValid(
         scope.access_all(),
         scope.access_all(),
     )
     self.assertScopeValid(
         scope.access_all(),
         scope.access_all("read"),
     )
     self.assertScopeValid(
         scope.access_all(),
         scope.access_all("read", "write"),
     )
     # Asking for read permissions.
     self.assertScopeInvalid(
         scope.access_all("read"),
         scope.access_all(),
     )
     self.assertScopeValid(
         scope.access_all("read"),
         scope.access_all("read"),
     )
     self.assertScopeValid(
         scope.access_all("read"),
         scope.access_all("read", "write"),
     )
     # Asking for read and write permissions.
     self.assertScopeInvalid(
         scope.access_all("read", "write"),
         scope.access_all(),
     )
     self.assertScopeInvalid(
         scope.access_all("read", "write"),
         scope.access_all("read"),
     )
     self.assertScopeValid(
         scope.access_all("read", "write"),
         scope.access_all("read", "write"),
     )
Example #18
0
 def testScopeModelGrants(self):
     # Ask for no access.
     self.assertScopeValid(
         (),
         scope.access_all("read"),
     )
     self.assertScopeValid(
         (),
         scope.access_app("access_tokens", "read"),
     )
     self.assertScopeValid(
         (),
         scope.access_model(TestModel, "read"),
     )
     self.assertScopeValid(
         (),
         scope.access_obj(self.obj, "read"),
     )
     self.assertScopeValid(
         (),
         (),
     )
     # Ask for access, but no permissions
     self.assertScopeValid(
         scope.access_all(),
         scope.access_all("read"),
     )
     self.assertScopeValid(
         scope.access_all(),
         scope.access_app("access_tokens", "read"),
     )
     self.assertScopeValid(
         scope.access_all(),
         scope.access_model(TestModel, "read"),
     )
     self.assertScopeValid(
         scope.access_all(),
         scope.access_obj(self.obj, "read"),
     )
     self.assertScopeValid(
         scope.access_all(),
         (),
     )
     # Ask for obj access.
     self.assertScopeValid(
         scope.access_obj(self.obj, "read"),
         scope.access_all("read"),
     )
     self.assertScopeValid(
         scope.access_obj(self.obj, "read"),
         scope.access_app("access_tokens", "read"),
     )
     self.assertScopeValid(
         scope.access_obj(self.obj, "read"),
         scope.access_model(TestModel, "read"),
     )
     self.assertScopeValid(
         scope.access_obj(self.obj, "read"),
         scope.access_obj(self.obj, "read"),
     )
     self.assertScopeInvalid(
         scope.access_obj(self.obj, "read"),
         (),
     )
     # Ask for model access.
     self.assertScopeValid(
         scope.access_model(TestModel, "read"),
         scope.access_all("read"),
     )
     self.assertScopeValid(
         scope.access_model(TestModel, "read"),
         scope.access_app("access_tokens", "read"),
     )
     self.assertScopeValid(
         scope.access_model(TestModel, "read"),
         scope.access_model(TestModel, "read"),
     )
     self.assertScopeInvalid(
         scope.access_model(TestModel, "read"),
         scope.access_obj(self.obj, "read"),
     )
     self.assertScopeInvalid(
         scope.access_model(TestModel, "read"),
         (),
     )
     # Ask for app access.
     self.assertScopeValid(
         scope.access_app("access_tokens", "read"),
         scope.access_all("read"),
     )
     self.assertScopeValid(
         scope.access_app("access_tokens", "read"),
         scope.access_app("access_tokens", "read"),
     )
     self.assertScopeInvalid(
         scope.access_app("access_tokens", "read"),
         scope.access_model(TestModel, "read"),
     )
     self.assertScopeInvalid(
         scope.access_app("access_tokens", "read"),
         scope.access_obj(self.obj, "read"),
     )
     self.assertScopeInvalid(
         scope.access_app("access_tokens", "read"),
         (),
     )
     # Ask for global access.
     self.assertScopeValid(
         scope.access_all("read"),
         scope.access_all("read"),
     )
     self.assertScopeInvalid(
         scope.access_all("read"),
         scope.access_app("access_tokens", "read"),
     )
     self.assertScopeInvalid(
         scope.access_all("read"),
         scope.access_model(TestModel, "read"),
     )
     self.assertScopeInvalid(
         scope.access_all("read"),
         scope.access_obj(self.obj, "read"),
     )
     self.assertScopeInvalid(
         scope.access_all("read"),
         (),
     )
Example #19
0
def make_global_token( ):
	return tokens.generate( scope.access_all() )
Example #20
0
 def testIncorrectKeyGrantsNothing(self):
     valid_token = self.token_generator.generate(scope.access_all())
     self.assertFalse(
         self.token_generator.validate(valid_token,
                                       scope.access_all(),
                                       key="bad_key"))
Example #21
0
 def testIncorrectSaltGrantsNothing(self):
     valid_token = self.token_generator.generate(scope.access_all())
     self.assertFalse(
         self.token_generator.validate(valid_token,
                                       scope.access_all(),
                                       salt="bad_salt"))
Example #22
0
def make_global_token():
    return tokens.generate(scope.access_all())
Example #23
0
 def testAuthPermissionTokenGeneratorCreatesEquivalentUnknownPermissionTokens(self):
     self.assertEqual(
         len(self.token_generator.generate(scope.access_all("read"))),
         len(basic_token_generator.generate(scope.access_all("read"))),
     )
Example #24
0
 def testScopePermissionGrants(self):
     # Asking for no permissions.
     self.assertScopeValid(
         scope.access_all(),
         scope.access_all(),
     )
     self.assertScopeValid(
         scope.access_all(),
         scope.access_all("read"),
     )
     self.assertScopeValid(
         scope.access_all(),
         scope.access_all("read", "write"),
     )
     # Asking for read permissions.
     self.assertScopeInvalid(
         scope.access_all("read"),
         scope.access_all(),
     )
     self.assertScopeValid(
         scope.access_all("read"),
         scope.access_all("read"),
     )
     self.assertScopeValid(
         scope.access_all("read"),
         scope.access_all("read", "write"),
     )
     # Asking for read and write permissions.
     self.assertScopeInvalid(
         scope.access_all("read", "write"),
         scope.access_all(),
     )
     self.assertScopeInvalid(
         scope.access_all("read", "write"),
         scope.access_all("read"),
     )
     self.assertScopeValid(
         scope.access_all("read", "write"),
         scope.access_all("read", "write"),
     )
Example #25
0
 def testAuthPermissionTokenGeneratorCreatesEquivalentUnknownPermissionTokens(
         self):
     self.assertEqual(
         len(self.token_generator.generate(scope.access_all("read"))),
         len(basic_token_generator.generate(scope.access_all("read"))),
     )