def test_identify(create_app_and_client):

    @asyncio.coroutine
    def create(request):
        response = web.Response()
        yield from remember(request, response, 'Andrew')
        return response

    @asyncio.coroutine
    def check(request):
        policy = request.app[IDENTITY_KEY]
        user_id = yield from policy.identify(request)
        assert 'Andrew' == user_id
        return web.Response()

    app, client = yield from create_app_and_client()
    _setup(app, CookiesIdentityPolicy(), Autz())
    app.router.add_route('GET', '/', check)
    app.router.add_route('POST', '/', create)
    resp = yield from client.post('/')
    assert 200 == resp.status
    yield from resp.release()
    resp = yield from client.get('/')
    assert 200 == resp.status
    yield from resp.release()
async def test_is_anonymous(loop, test_client):

    async def index(request):
        is_anon = await is_anonymous(request)
        if is_anon:
            return web.HTTPUnauthorized()
        return web.HTTPOk()

    async def login(request):
        response = web.HTTPFound(location='/')
        await remember(request, response, 'UserID')
        return response

    async def logout(request):
        response = web.HTTPFound(location='/')
        await forget(request, response)
        return response

    app = web.Application(loop=loop)
    _setup(app, CookiesIdentityPolicy(), Autz())
    app.router.add_route('GET', '/', index)
    app.router.add_route('POST', '/login', login)
    app.router.add_route('POST', '/logout', logout)
    client = await test_client(app)
    resp = await client.get('/')
    assert web.HTTPUnauthorized.status_code == resp.status

    await client.post('/login')
    resp = await client.get('/')
    assert web.HTTPOk.status_code == resp.status

    await client.post('/logout')
    resp = await client.get('/')
    assert web.HTTPUnauthorized.status_code == resp.status
def test_forget(create_app_and_client):

    @asyncio.coroutine
    def index(request):
        return web.Response()

    @asyncio.coroutine
    def login(request):
        response = web.HTTPFound(location='/')
        yield from remember(request, response, 'Andrew')
        return response

    @asyncio.coroutine
    def logout(request):
        response = web.HTTPFound(location='/')
        yield from forget(request, response)
        return response

    app, client = yield from create_app_and_client()
    _setup(app, CookiesIdentityPolicy(), Autz())
    app.router.add_route('GET', '/', index)
    app.router.add_route('POST', '/login', login)
    app.router.add_route('POST', '/logout', logout)
    resp = yield from client.post('/login')
    assert 200 == resp.status
    assert resp.url.endswith('/')
    assert 'Andrew' == client.cookies['AIOHTTP_SECURITY'].value
    yield from resp.release()
    resp = yield from client.post('/logout')
    assert 200 == resp.status
    assert resp.url.endswith('/')
    assert '' == client.cookies['AIOHTTP_SECURITY'].value
    yield from resp.release()
def test_authorized_userid(loop, test_client):

    @asyncio.coroutine
    def login(request):
        response = web.HTTPFound(location='/')
        yield from remember(request, response, 'UserID')
        return response

    @asyncio.coroutine
    def check(request):
        userid = yield from authorized_userid(request)
        assert 'Andrew' == userid
        return web.Response(text=userid)

    app = web.Application(loop=loop)
    _setup(app, CookiesIdentityPolicy(), Autz())
    app.router.add_route('GET', '/', check)
    app.router.add_route('POST', '/login', login)
    client = yield from test_client(app)

    resp = yield from client.post('/login')
    assert 200 == resp.status
    txt = yield from resp.text()
    assert 'Andrew' == txt
    yield from resp.release()
Example #5
0
def test_identify(loop, test_client):
    @asyncio.coroutine
    def create(request):
        response = web.Response()
        yield from remember(request, response, 'Andrew')
        return response

    @asyncio.coroutine
    def check(request):
        policy = request.app[IDENTITY_KEY]
        user_id = yield from policy.identify(request)
        assert 'Andrew' == user_id
        return web.Response()

    app = web.Application(loop=loop)
    _setup(app, CookiesIdentityPolicy(), Autz())
    app.router.add_route('GET', '/', check)
    app.router.add_route('POST', '/', create)
    client = yield from test_client(app)
    resp = yield from client.post('/')
    assert 200 == resp.status
    yield from resp.release()
    resp = yield from client.get('/')
    assert 200 == resp.status
    yield from resp.release()
async def test_check_authorized(loop, aiohttp_client):
    async def index(request):
        await check_authorized(request)
        return web.Response()

    async def login(request):
        response = web.HTTPFound(location='/')
        await remember(request, response, 'UserID')
        raise response

    async def logout(request):
        response = web.HTTPFound(location='/')
        await forget(request, response)
        raise response

    app = web.Application()
    _setup(app, CookiesIdentityPolicy(), Autz())
    app.router.add_route('GET', '/', index)
    app.router.add_route('POST', '/login', login)
    app.router.add_route('POST', '/logout', logout)
    client = await aiohttp_client(app)
    resp = await client.get('/')
    assert web.HTTPUnauthorized.status_code == resp.status

    await client.post('/login')
    resp = await client.get('/')
    assert web.HTTPOk.status_code == resp.status

    await client.post('/logout')
    resp = await client.get('/')
    assert web.HTTPUnauthorized.status_code == resp.status
Example #7
0
async def test_forget(loop, aiohttp_client):

    async def index(request):
        return web.Response()

    async def login(request):
        response = web.HTTPFound(location='/')
        await remember(request, response, 'Andrew')
        raise response

    async def logout(request):
        response = web.HTTPFound(location='/')
        await forget(request, response)
        raise response

    app = web.Application()
    _setup(app, CookiesIdentityPolicy(), Autz())
    app.router.add_route('GET', '/', index)
    app.router.add_route('POST', '/login', login)
    app.router.add_route('POST', '/logout', logout)
    client = await aiohttp_client(app)
    resp = await client.post('/login')
    assert 200 == resp.status
    assert str(resp.url).endswith('/')
    cookies = client.session.cookie_jar.filter_cookies(
        client.make_url('/'))
    assert 'Andrew' == cookies['AIOHTTP_SECURITY'].value

    resp = await client.post('/logout')
    assert 200 == resp.status
    assert str(resp.url).endswith('/')
    cookies = client.session.cookie_jar.filter_cookies(
        client.make_url('/'))
    assert 'AIOHTTP_SECURITY' not in cookies
Example #8
0
def test_permits(loop, test_client):
    @asyncio.coroutine
    def login(request):
        response = web.HTTPFound(location='/')
        yield from remember(request, response, 'UserID')
        return response

    @asyncio.coroutine
    def check(request):
        ret = yield from permits(request, 'read')
        assert ret
        ret = yield from permits(request, 'write')
        assert ret
        ret = yield from permits(request, 'unknown')
        assert not ret
        return web.Response()

    app = web.Application(loop=loop)
    _setup(app, CookiesIdentityPolicy(), Autz())
    app.router.add_route('GET', '/', check)
    app.router.add_route('POST', '/login', login)
    client = yield from test_client(app)
    resp = yield from client.post('/login')
    assert 200 == resp.status
    yield from resp.release()
Example #9
0
def test_forget(create_app_and_client):
    @asyncio.coroutine
    def index(request):
        return web.Response()

    @asyncio.coroutine
    def login(request):
        response = web.HTTPFound(location='/')
        yield from remember(request, response, 'Andrew')
        return response

    @asyncio.coroutine
    def logout(request):
        response = web.HTTPFound(location='/')
        yield from forget(request, response)
        return response

    app, client = yield from create_app_and_client()
    _setup(app, CookiesIdentityPolicy(), Autz())
    app.router.add_route('GET', '/', index)
    app.router.add_route('POST', '/login', login)
    app.router.add_route('POST', '/logout', logout)
    resp = yield from client.post('/login')
    assert 200 == resp.status
    assert resp.url.endswith('/')
    assert 'Andrew' == client.cookies['AIOHTTP_SECURITY'].value
    yield from resp.release()
    resp = yield from client.post('/logout')
    assert 200 == resp.status
    assert resp.url.endswith('/')
    with pytest.raises(KeyError):
        _ = client.cookies['AIOHTTP_SECURITY']  # noqa
    yield from resp.release()
def test_permits(create_app_and_client):

    @asyncio.coroutine
    def login(request):
        response = web.HTTPFound(location='/')
        yield from remember(request, response, 'UserID')
        return response

    @asyncio.coroutine
    def check(request):
        ret = yield from permits(request, 'read')
        assert ret
        ret = yield from permits(request, 'write')
        assert ret
        ret = yield from permits(request, 'unknown')
        assert not ret
        return web.Response()

    app, client = yield from create_app_and_client()
    _setup(app, CookiesIdentityPolicy(), Autz())
    app.router.add_route('GET', '/', check)
    app.router.add_route('POST', '/login', login)
    resp = yield from client.post('/login')
    assert 200 == resp.status
    yield from resp.release()
Example #11
0
def test_forget(loop, test_client):
    @asyncio.coroutine
    def index(request):
        return web.Response()

    @asyncio.coroutine
    def login(request):
        response = web.HTTPFound(location='/')
        yield from remember(request, response, 'Andrew')
        return response

    @asyncio.coroutine
    def logout(request):
        response = web.HTTPFound(location='/')
        yield from forget(request, response)
        return response

    app = web.Application(loop=loop)
    _setup(app, CookiesIdentityPolicy(), Autz())
    app.router.add_route('GET', '/', index)
    app.router.add_route('POST', '/login', login)
    app.router.add_route('POST', '/logout', logout)
    client = yield from test_client(app)
    resp = yield from client.post('/login')
    assert 200 == resp.status
    assert resp.url.endswith('/')
    cookies = client.session.cookie_jar.filter_cookies(client.make_url('/'))
    assert 'Andrew' == cookies['AIOHTTP_SECURITY'].value
    yield from resp.release()
    resp = yield from client.post('/logout')
    assert 200 == resp.status
    assert resp.url.endswith('/')
    cookies = client.session.cookie_jar.filter_cookies(client.make_url('/'))
    assert 'AIOHTTP_SECURITY' not in cookies
    yield from resp.release()
async def test_has_permission(loop, aiohttp_client):

    with pytest.warns(DeprecationWarning):

        @has_permission('read')
        async def index_read(request):
            return web.Response()

        @has_permission('write')
        async def index_write(request):
            return web.Response()

        @has_permission('forbid')
        async def index_forbid(request):
            return web.Response()

        async def login(request):
            response = web.HTTPFound(location='/')
            await remember(request, response, 'UserID')
            return response

        async def logout(request):
            response = web.HTTPFound(location='/')
            await forget(request, response)
            raise response

        app = web.Application()
        _setup(app, CookiesIdentityPolicy(), Autz())
        app.router.add_route('GET', '/permission/read', index_read)
        app.router.add_route('GET', '/permission/write', index_write)
        app.router.add_route('GET', '/permission/forbid', index_forbid)
        app.router.add_route('POST', '/login', login)
        app.router.add_route('POST', '/logout', logout)
        client = await aiohttp_client(app)

        resp = await client.get('/permission/read')
        assert web.HTTPUnauthorized.status_code == resp.status
        resp = await client.get('/permission/write')
        assert web.HTTPUnauthorized.status_code == resp.status
        resp = await client.get('/permission/forbid')
        assert web.HTTPUnauthorized.status_code == resp.status

        await client.post('/login')
        resp = await client.get('/permission/read')
        assert web.HTTPOk.status_code == resp.status
        resp = await client.get('/permission/write')
        assert web.HTTPOk.status_code == resp.status
        resp = await client.get('/permission/forbid')
        assert web.HTTPForbidden.status_code == resp.status

        await client.post('/logout')
        resp = await client.get('/permission/read')
        assert web.HTTPUnauthorized.status_code == resp.status
        resp = await client.get('/permission/write')
        assert web.HTTPUnauthorized.status_code == resp.status
        resp = await client.get('/permission/forbid')
        assert web.HTTPUnauthorized.status_code == resp.status
Example #13
0
def test_authorized_userid_not_authorized(create_app_and_client):
    @asyncio.coroutine
    def check(request):
        userid = yield from authorized_userid(request)
        assert userid is None
        return web.Response()

    app, client = yield from create_app_and_client()
    _setup(app, CookiesIdentityPolicy(), Autz())
    app.router.add_route('GET', '/', check)
    resp = yield from client.get('/')
    assert 200 == resp.status
    yield from resp.release()
Example #14
0
async def test_authorized_userid_not_authorized(loop, aiohttp_client):
    async def check(request):
        userid = await authorized_userid(request)
        assert userid is None
        return web.Response()

    app = web.Application()
    _setup(app, CookiesIdentityPolicy(), Autz())
    app.router.add_route('GET', '/', check)
    client = await aiohttp_client(app)

    resp = await client.get('/')
    assert 200 == resp.status
Example #15
0
def test_remember(create_app_and_client):
    @asyncio.coroutine
    def handler(request):
        response = web.Response()
        yield from remember(request, response, 'Andrew')
        return response

    app, client = yield from create_app_and_client()
    _setup(app, CookiesIdentityPolicy(), Autz())
    app.router.add_route('GET', '/', handler)
    resp = yield from client.get('/')
    assert 200 == resp.status
    assert 'Andrew' == resp.cookies['AIOHTTP_SECURITY'].value
    yield from resp.release()
def test_authorized_userid_not_authorized(create_app_and_client):

    @asyncio.coroutine
    def check(request):
        userid = yield from authorized_userid(request)
        assert userid is None
        return web.Response()

    app, client = yield from create_app_and_client()
    _setup(app, CookiesIdentityPolicy(), Autz())
    app.router.add_route('GET', '/', check)
    resp = yield from client.get('/')
    assert 200 == resp.status
    yield from resp.release()
Example #17
0
async def test_remember(loop, aiohttp_client):

    async def handler(request):
        response = web.Response()
        await remember(request, response, 'Andrew')
        return response

    app = web.Application()
    _setup(app, CookiesIdentityPolicy(), Autz())
    app.router.add_route('GET', '/', handler)
    client = await aiohttp_client(app)
    resp = await client.get('/')
    assert 200 == resp.status
    assert 'Andrew' == resp.cookies['AIOHTTP_SECURITY'].value
def test_remember(create_app_and_client):

    @asyncio.coroutine
    def handler(request):
        response = web.Response()
        yield from remember(request, response, 'Andrew')
        return response

    app, client = yield from create_app_and_client()
    _setup(app, CookiesIdentityPolicy(), Autz())
    app.router.add_route('GET', '/', handler)
    resp = yield from client.get('/')
    assert 200 == resp.status
    assert 'Andrew' == client.cookies['AIOHTTP_SECURITY'].value
    yield from resp.release()
Example #19
0
async def test_permits_unauthorized(loop, aiohttp_client):
    async def check(request):
        ret = await permits(request, 'read')
        assert not ret
        ret = await permits(request, 'write')
        assert not ret
        ret = await permits(request, 'unknown')
        assert not ret
        return web.Response()

    app = web.Application()
    _setup(app, CookiesIdentityPolicy(), Autz())
    app.router.add_route('GET', '/', check)
    client = await aiohttp_client(app)
    resp = await client.get('/')
    assert 200 == resp.status
Example #20
0
async def test_authenticate_user_by_request(loop, aiohttp_client):
    async def login(request):
        credentials = await request.json()
        user = await authenticate_user(credentials, request)
        return web.Response(text=user)

    app = web.Application()
    _setup(app, CookiesIdentityPolicy(), Autz(), Auth())
    app.router.add_route('POST', '/login', login)
    client = await aiohttp_client(app)

    resp = await client.post('/login',
                             json={'username': '******', 'password': '******'})
    assert 200 == resp.status
    txt = await resp.text()
    assert 'Andrew' == txt
Example #21
0
def test_permits_unauthorized(create_app_and_client):
    @asyncio.coroutine
    def check(request):
        ret = yield from permits(request, 'read')
        assert not ret
        ret = yield from permits(request, 'write')
        assert not ret
        ret = yield from permits(request, 'unknown')
        assert not ret
        return web.Response()

    app, client = yield from create_app_and_client()
    _setup(app, CookiesIdentityPolicy(), Autz())
    app.router.add_route('GET', '/', check)
    resp = yield from client.get('/')
    assert 200 == resp.status
    yield from resp.release()
def test_permits_unauthorized(create_app_and_client):

    @asyncio.coroutine
    def check(request):
        ret = yield from permits(request, 'read')
        assert not ret
        ret = yield from permits(request, 'write')
        assert not ret
        ret = yield from permits(request, 'unknown')
        assert not ret
        return web.Response()

    app, client = yield from create_app_and_client()
    _setup(app, CookiesIdentityPolicy(), Autz())
    app.router.add_route('GET', '/', check)
    resp = yield from client.get('/')
    assert 200 == resp.status
    yield from resp.release()
Example #23
0
async def test_identify(loop, make_token, aiohttp_client):
    kwt_secret_key = 'Key'

    token = make_token({'login': '******'}, kwt_secret_key)

    async def check(request):
        policy = request.app[IDENTITY_KEY]
        identity = await policy.identify(request)
        assert 'Andrew' == identity['login']
        return web.Response()

    app = web.Application()
    _setup(app, JWTIdentityPolicy(kwt_secret_key), Autz())
    app.router.add_route('GET', '/', check)

    client = await aiohttp_client(app)
    headers = {'Authorization': 'Bearer {}'.format(token.decode('utf-8'))}
    resp = await client.get('/', headers=headers)
    assert 200 == resp.status
async def test_permits_enum_permission(loop, aiohttp_client):
    class Permission(enum.Enum):
        READ = '101'
        WRITE = '102'
        UNKNOWN = '103'

    class Autz(AbstractAuthorizationPolicy):

        async def permits(self, identity, permission, context=None):
            if identity == 'UserID':
                return permission in {Permission.READ, Permission.WRITE}
            else:
                return False

        async def authorized_userid(self, identity):
            if identity == 'UserID':
                return 'Andrew'
            else:
                return None

    async def login(request):
        response = web.HTTPFound(location='/')
        await remember(request, response, 'UserID')
        raise response

    async def check(request):
        ret = await permits(request, Permission.READ)
        assert ret
        ret = await permits(request, Permission.WRITE)
        assert ret
        ret = await permits(request, Permission.UNKNOWN)
        assert not ret
        return web.Response()

    app = web.Application()
    _setup(app, CookiesIdentityPolicy(), Autz())
    app.router.add_route('GET', '/', check)
    app.router.add_route('POST', '/login', login)
    client = await aiohttp_client(app)
    resp = await client.post('/login')
    assert 200 == resp.status
Example #25
0
async def test_provide_user(loop, aiohttp_client):
    async def login(request):
        response = web.HTTPFound(location='/')
        await remember(request, response, 'UserID')
        raise response

    async def check(request):
        user = await authorized_userid(request)
        assert 'Andrew' == user
        return web.Response(text=user)

    app = web.Application()
    _setup(app, CookiesIdentityPolicy(), Autz())
    app.router.add_route('GET', '/', check)
    app.router.add_route('POST', '/login', login)
    client = await aiohttp_client(app)

    resp = await client.post('/login')
    assert 200 == resp.status
    txt = await resp.text()
    assert 'Andrew' == txt
def test_forget(loop, test_client):

    @asyncio.coroutine
    def index(request):
        return web.Response()

    @asyncio.coroutine
    def login(request):
        response = web.HTTPFound(location='/')
        yield from remember(request, response, 'Andrew')
        return response

    @asyncio.coroutine
    def logout(request):
        response = web.HTTPFound(location='/')
        yield from forget(request, response)
        return response

    app = web.Application(loop=loop)
    _setup(app, CookiesIdentityPolicy(), Autz())
    app.router.add_route('GET', '/', index)
    app.router.add_route('POST', '/login', login)
    app.router.add_route('POST', '/logout', logout)
    client = yield from test_client(app)
    resp = yield from client.post('/login')
    assert 200 == resp.status
    assert resp.url.endswith('/')
    cookies = client.session.cookie_jar.filter_cookies(
        client.make_url('/'))
    assert 'Andrew' == cookies['AIOHTTP_SECURITY'].value
    yield from resp.release()
    resp = yield from client.post('/logout')
    assert 200 == resp.status
    assert resp.url.endswith('/')
    cookies = client.session.cookie_jar.filter_cookies(
        client.make_url('/'))
    assert 'AIOHTTP_SECURITY' not in cookies
    yield from resp.release()
Example #27
0
async def test_identify(loop, aiohttp_client):

    async def create(request):
        response = web.Response()
        await remember(request, response, 'Andrew')
        return response

    async def check(request):
        policy = request.app[IDENTITY_KEY]
        user_id = await policy.identify(request)
        assert 'Andrew' == user_id
        return web.Response()

    app = web.Application()
    _setup(app, CookiesIdentityPolicy(), Autz())
    app.router.add_route('GET', '/', check)
    app.router.add_route('POST', '/', create)
    client = await aiohttp_client(app)
    resp = await client.post('/')
    assert 200 == resp.status
    await resp.release()
    resp = await client.get('/')
    assert 200 == resp.status
Example #28
0
def test_authorized_userid(create_app_and_client):
    @asyncio.coroutine
    def login(request):
        response = web.HTTPFound(location='/')
        yield from remember(request, response, 'UserID')
        return response

    @asyncio.coroutine
    def check(request):
        userid = yield from authorized_userid(request)
        assert 'Andrew' == userid
        return web.Response(text=userid)

    app, client = yield from create_app_and_client()
    _setup(app, CookiesIdentityPolicy(), Autz())
    app.router.add_route('GET', '/', check)
    app.router.add_route('POST', '/login', login)

    resp = yield from client.post('/login')
    assert 200 == resp.status
    txt = yield from resp.text()
    assert 'Andrew' == txt
    yield from resp.release()
Example #29
0
async def test_identify_broken_scheme(loop, make_token, aiohttp_client):
    kwt_secret_key = 'Key'

    token = make_token({'login': '******'}, kwt_secret_key)

    async def check(request):
        policy = request.app[IDENTITY_KEY]

        try:
            await policy.identify(request)
        except ValueError as exc:
            raise web.HTTPBadRequest(reason=exc)

        return web.Response()

    app = web.Application()
    _setup(app, JWTIdentityPolicy(kwt_secret_key), Autz())
    app.router.add_route('GET', '/', check)

    client = await aiohttp_client(app)
    headers = {'Authorization': 'Token {}'.format(token.decode('utf-8'))}
    resp = await client.get('/', headers=headers)
    assert 400 == resp.status
    assert 'Invalid authorization scheme' in resp.reason