def test_python_2_ensure_token_is_str(self):
# Note, we don't use assertEqual in this test because
# `"test" == u"test"` is True
auth_context = AuthenticationContext(token=self.VALID_TOKEN.encode())
self.assertIs(type(auth_context._token), str)
auth_context = AuthenticationContext(token=self.VALID_TOKEN.decode())
self.assertIs(type(auth_context._token), str)
def test_python_3_ensure_token_is_bytes(self):
auth_context = AuthenticationContext(token=self.VALID_TOKEN)
self.assertEqual(auth_context._token, self.VALID_TOKEN)
self.assertIs(type(auth_context._token), bytes)
auth_context = AuthenticationContext(token=self.VALID_TOKEN.decode())
self.assertEqual(auth_context._token, self.VALID_TOKEN)
self.assertIs(type(auth_context._token), bytes)
def test_expired_token(self):
authentication = AuthenticationContext(self.EXPIRED_TOKEN, self.store)
request_context = EdgeRequestContext(self.SERIALIZED_HEADER,
authentication)
self.assertEqual(request_context.user.id, None)
self.assertEqual(request_context.user.roles, set())
self.assertFalse(request_context.user.is_logged_in)
self.assertEqual(request_context.user.loid, self.LOID_ID)
self.assertEqual(request_context.user.cookie_created_ms,
self.LOID_CREATED_MS)
self.assertEqual(
request_context.user.event_fields(),
{
"user_id": self.LOID_ID,
"user_logged_in": False,
"cookie_created": self.LOID_CREATED_MS,
},
)
self.assertIs(request_context.oauth_client.id, None)
self.assertFalse(request_context.oauth_client.is_type("third_party"))
self.assertEqual(request_context.session.id, self.SESSION_ID)
self.assertEqual(
request_context.event_fields(),
{
"user_id": self.LOID_ID,
"user_logged_in": False,
"cookie_created": self.LOID_CREATED_MS,
"session_id": self.SESSION_ID,
"oauth_client_id": None,
},
)
def test_missing_secrets(self):
authentication = AuthenticationContext(self.VALID_TOKEN)
request_context = EdgeRequestContext(self.SERIALIZED_HEADER,
authentication)
with self.assertRaises(UndefinedSecretsException):
request_context.user.id
with self.assertRaises(UndefinedSecretsException):
request_context.user.roles
self.assertFalse(request_context.user.is_logged_in)
self.assertEqual(request_context.user.loid, self.LOID_ID)
self.assertEqual(request_context.user.cookie_created_ms,
self.LOID_CREATED_MS)
self.assertEqual(
request_context.user.event_fields(),
{
"user_id": self.LOID_ID,
"user_logged_in": False,
"cookie_created": self.LOID_CREATED_MS,
},
)
with self.assertRaises(UndefinedSecretsException):
request_context.oauth_client.id
with self.assertRaises(UndefinedSecretsException):
request_context.oauth_client.is_type("third_party")
self.assertEqual(request_context.session.id, self.SESSION_ID)
self.assertEqual(
request_context.event_fields(),
{
"user_id": self.LOID_ID,
"user_logged_in": False,
"cookie_created": self.LOID_CREATED_MS,
"session_id": self.SESSION_ID,
"oauth_client_id": None,
},
)
def test_no_context(self):
new_auth_context = AuthenticationContext(None, self.store)
self.assertFalse(new_auth_context.defined)
self.assertFalse(new_auth_context.valid)
with self.assertRaises(WithheldAuthenticationError) as e:
new_auth_context.account_id
def test_create_validation(self):
authentication = AuthenticationContext(self.VALID_TOKEN, self.store)
with self.assertRaises(ValueError):
EdgeRequestContext.create(
authentication_context=authentication,
loid_id="abc123",
loid_created_ms=self.LOID_CREATED_MS,
session_id=self.SESSION_ID,
)
def test_client_proxy_flow(self):
client_memory_trans = TMemoryBuffer()
client_prot = THeaderProtocol(client_memory_trans)
class Pool(object):
@contextlib.contextmanager
def connection(self):
yield client_prot
client_factory = ThriftContextFactory(Pool(), TestService.Client)
span = mock.MagicMock()
child_span = span.make_child().__enter__()
child_span.trace_id = 1
child_span.parent_id = 1
child_span.id = 1
child_span.sampled = True
child_span.flags = None
# We decode the token to unicode to make sure that it is converted to
# bytes correctly by the AuthenticationContext. We do this because a
# unicode token in Python 2 ends up causing a UnicodeDecodeError when
# Thrift tries to write the header.
unicode_token = self.VALID_TOKEN.decode()
auth_context = AuthenticationContext(
token=unicode_token,
secrets=self.secrets,
)
edge_context = EdgeRequestContext(
authentication_context=auth_context,
header=self.SERIALIZED_REQUEST_HEADER,
)
edge_context.attach_context(child_span.context)
client = client_factory.make_object_for_context("test", span)
try:
client.example_simple()
except TTransportException:
pass # we don't have a test response for the client
self.itrans._readBuffer = StringIO(client_memory_trans.getvalue())
self.processor.process(self.iprot, self.oprot, self.server_context)
context, _ = self.observer.on_server_span_created.call_args[0]
try:
self.assertEqual(context.request_context.user.id, "test_user_id")
self.assertEqual(context.request_context.user.roles, set())
self.assertEqual(context.request_context.user.is_logged_in, True)
self.assertEqual(context.request_context.user.loid, "t2_deadbeef")
self.assertEqual(context.request_context.user.cookie_created_ms,
100000)
self.assertEqual(context.request_context.oauth_client.id, None)
self.assertFalse(
context.request_context.oauth_client.is_type("third_party"))
self.assertEqual(context.request_context.session.id, "beefdead")
except jwt.exceptions.InvalidAlgorithmError:
raise unittest.SkipTest("cryptography is not installed")
def test_create(self):
authentication = AuthenticationContext(self.VALID_TOKEN, self.store)
request_context = EdgeRequestContext.create(
authentication_context=authentication,
loid_id=self.LOID_ID,
loid_created_ms=self.LOID_CREATED_MS,
session_id=self.SESSION_ID,
)
self.assertIsNot(request_context._t_request, None)
self.assertEqual(request_context._header, self.SERIALIZED_HEADER)
self.assertEqual(
request_context.header_values(), {
"Edge-Request": self.SERIALIZED_HEADER,
"Authentication": self.VALID_TOKEN,
})
def test_expired_context(self):
new_auth_context = AuthenticationContext(self.EXPIRED_TOKEN,
self.store)
self.assertFalse(new_auth_context.valid)
self.assertEqual(new_auth_context.account_id, None)
def test_valid_context(self):
new_auth_context = AuthenticationContext(self.VALID_TOKEN, self.store)
self.assertTrue(new_auth_context.valid)
self.assertEqual(new_auth_context.account_id, "test_user_id")
def test_no_secrets(self):
new_auth_context = AuthenticationContext("test token")
with self.assertRaises(UndefinedSecretsException) as e:
new_auth_context.valid
def test_empty_context(self):
new_auth_context = AuthenticationContext()
self.assertEqual(new_auth_context._token, None)
