Example #1
0
 def test_applicable_admin(self):
     os.environ.update({
         'USER_EMAIL': '*****@*****.**',
         'USER_ID': '123',
         'USER_IS_ADMIN': '1',
     })
     # Actual request is not used by CookieAuthentication.
     self.assertEqual((
         model.Identity(model.IDENTITY_USER, '*****@*****.**'),
         api.new_auth_details(is_superuser=True),
     ), handler.gae_cookie_authentication(webapp2.Request({})))
Example #2
0
 def test_happy_path(self):
     ident, details = self.call({
         'aud': 'https://example.com',
         'google': {
             'compute_engine': {
                 'project_id': 'proj',
                 'instance_name': 'inst',
             },
         },
     })
     self.assertEqual(ident.to_bytes(), 'bot:[email protected]')
     self.assertEqual(
         details,
         api.new_auth_details(gce_instance='inst', gce_project='proj'))
Example #3
0
 def test_custom_realm_and_app_version(self):
     ident, details = self.call({
         'aud': 'https://123-dot-example.com',
         'google': {
             'compute_engine': {
                 'project_id': 'domain.com:proj',
                 'instance_name': 'inst',
             },
         },
     })
     self.assertEqual(ident.to_bytes(), 'bot:[email protected]')
     self.assertEqual(
         details,
         api.new_auth_details(gce_instance='inst',
                              gce_project='domain.com:proj'))
Example #4
0
    def test_auth_method_order(self):
        """Registered auth methods are tested in order."""
        test = self
        calls = []
        ident = model.Identity(model.IDENTITY_USER, '*****@*****.**')
        auth_details = api.new_auth_details()

        def not_applicable(request):
            self.assertEqual('/request', request.path)
            calls.append('not_applicable')
            return None, None

        def applicable(request):
            self.assertEqual('/request', request.path)
            calls.append('applicable')
            return ident, auth_details

        class Handler(handler.AuthenticatingHandler):
            @classmethod
            def get_auth_methods(cls, conf):
                return [not_applicable, applicable]

            @api.public
            def get(self):
                test.assertEqual(ident, api.get_current_identity())
                test.assertIs(auth_details, api.get_auth_details())
                self.response.write('OK')

        app = self.make_test_app('/request', Handler)
        self.assertEqual('OK', app.get('/request').body)

        # Both methods should be tried.
        expected_calls = [
            'not_applicable',
            'applicable',
        ]
        self.assertEqual(expected_calls, calls)
Example #5
0
 def test_is_allowed_oauth_client_id_ok(self):
     self.mock_all('*****@*****.**', 'some-client-id', ['some-client-id'])
     self.assertEqual(
         (self.user('*****@*****.**'), api.new_auth_details()),
         api.extract_oauth_caller_identity())