def test_flushes_an_invalid_token(self):
"""Given an authentic message, we authenticate"""
mws_time = int(time.time())
headers = self.generate_headers("GET", "/mauth/v1/mauth.json", "",
mws_time)
request = mock.Mock(headers=headers,
path="/mauth/v2/mauth.json?open=1",
method="GET",
data="")
with mock.patch(
"flask_mauth.mauth.authenticators.SecurityTokenCacher") as tok:
cacher = tok.return_value
cacher.get.return_value = dict(
app_name="Apple",
app_uuid=self.app_uuid,
security_token=dict(public_key_str="pineapple"),
created_at="2016-11-20 12:08:46 UTC")
flush = mock.Mock()
cacher.flush = flush
authenticator = LocalAuthenticator(
mauth_auth=mock.Mock(),
logger=mock.Mock(),
mauth_api_version='v2',
mauth_base_url='https://mauth-sandbox.imedidata.net')
with self.assertRaises(UnableToAuthenticateError) as exc:
result = authenticator.signature_valid(request)
# bad key gets flushed from the cache
flush.assert_called_once_with(self.app_uuid)
# message is what we expect
assertRegex(self, str(exc.exception),
r'Unable to identify Public Key type from Signature')
def test_does_not_authenticate_a_false_message(self):
"""Given an authentic message, we authenticate"""
mws_time = int(time.time())
headers = self.generate_headers("GET", "/mauth/v1/mauth.json", "",
mws_time)
request = mock.Mock(headers=headers,
path="/mauth/v2/mauth.json?open=1",
method="GET",
data="")
with mock.patch(
"flask_mauth.mauth.authenticators.SecurityTokenCacher") as tok:
cacher = tok.return_value
cacher.get.return_value = dict(
app_name="Apple",
app_uuid=self.app_uuid,
security_token=dict(public_key_str=load_key('pub')),
created_at="2016-11-20 12:08:46 UTC")
authenticator = LocalAuthenticator(
mauth_auth=mock.Mock(),
logger=mock.Mock(),
mauth_api_version='v2',
mauth_base_url='https://mauth-sandbox.imedidata.net')
with self.assertRaises(InauthenticError) as exc:
result = authenticator.signature_valid(request)
self.assertEqual("Signature verification failed for Mock",
str(exc.exception))
def test_authenticates_a_genuine_message_v15(self):
"""Given an authentic message using pkcs#1.5, we authenticate"""
mws_time = int(time.time())
headers = self.generate_headers("GET",
"/mauth/v2/mauth.json",
"",
mws_time,
keytype='pkcs15')
request = mock.Mock(headers=headers,
path="/mauth/v2/mauth.json?open=1",
method="GET",
data="")
with mock.patch(
"flask_mauth.mauth.authenticators.SecurityTokenCacher") as tok:
cacher = tok.return_value
cacher.get.return_value = dict(
app_name="Apple",
app_uuid=self.app_uuid,
security_token=dict(public_key_str=load_key('pub_pkcs15')),
created_at="2016-11-20 12:08:46 UTC")
authenticator = LocalAuthenticator(
mauth_auth=mock.Mock(),
logger=mock.Mock(),
mauth_api_version='v2',
mauth_base_url='https://mauth-sandbox.imedidata.net')
result = authenticator.signature_valid(request)
self.assertTrue(result)
def setUp(self):
self.logger = mock.Mock()
self.authenticator = LocalAuthenticator(
mauth_auth=mock.Mock(),
logger=self.logger,
mauth_api_version='v2',
mauth_base_url='https://mauth-sandbox.imedidata.net')
self.mws_time = "1479392498"
self.app_uuid = 'b0603e5c-c344-488e-83ba-9290ea8dc17d'
def test_authentication_type(self):
"""We self-describe"""
authenticator = LocalAuthenticator(
mauth_auth=mock.Mock(),
logger=mock.Mock(),
mauth_api_version='v2',
mauth_base_url='https://mauth-sandbox.imedidata.net')
self.assertEqual('LOCAL', authenticator.authenticator_type)
class TestLocalAuthenticator(_TestAuthenticator, TestCase):
def setUp(self):
self.logger = mock.Mock()
self.authenticator = LocalAuthenticator(
mauth_auth=mock.Mock(),
logger=self.logger,
mauth_api_version='v2',
mauth_base_url='https://mauth-sandbox.imedidata.net')
self.mws_time = "1479392498"
self.app_uuid = 'b0603e5c-c344-488e-83ba-9290ea8dc17d'
def generate_headers(self,
verb,
path,
body,
mws_time=None,
app_uuid=None,
keytype='pkcs1'):
"""
Generates a Signature String
:param verb: HTTP verb, eg GET
:param path: URL Path (without query strings)
:param body: Body of request
:param time:
:param app_uuid:
:return:
"""
if mws_time is None:
mws_time = self.mws_time
if app_uuid is None:
app_uuid = self.app_uuid
key_suffix = "priv"
if keytype == 'pkcs15':
key_suffix = "priv_pkcs15"
signer = requests_mauth.MAuth(app_uuid=app_uuid,
private_key_data=load_key(key_suffix))
signature_string, seconds_since_epoch = signer.make_signature_string(
verb=verb, url_path=path, body=body, seconds_since_epoch=mws_time)
signed_string = signer.signer.sign(signature_string)
auth_headers = signer.make_authentication_headers(
signed_string, mws_time)
return auth_headers
def test_authenticates_a_genuine_message(self):
"""Given an authentic message, we authenticate"""
mws_time = int(time.time())
headers = self.generate_headers("GET", "/mauth/v2/mauth.json", "",
mws_time)
request = mock.Mock(headers=headers,
path="/mauth/v2/mauth.json?open=1",
method="GET",
data="")
with mock.patch(
"flask_mauth.mauth.authenticators.SecurityTokenCacher") as tok:
cacher = tok.return_value
cacher.get.return_value = dict(
app_name="Apple",
app_uuid=self.app_uuid,
security_token=dict(public_key_str=load_key('pub')),
created_at="2016-11-20 12:08:46 UTC")
authenticator = LocalAuthenticator(
mauth_auth=mock.Mock(),
logger=mock.Mock(),
mauth_api_version='v2',
mauth_base_url='https://mauth-sandbox.imedidata.net')
result = authenticator.signature_valid(request)
self.assertTrue(result)
def test_authenticates_a_genuine_message_v15(self):
"""Given an authentic message using pkcs#1.5, we authenticate"""
mws_time = int(time.time())
headers = self.generate_headers("GET",
"/mauth/v2/mauth.json",
"",
mws_time,
keytype='pkcs15')
request = mock.Mock(headers=headers,
path="/mauth/v2/mauth.json?open=1",
method="GET",
data="")
with mock.patch(
"flask_mauth.mauth.authenticators.SecurityTokenCacher") as tok:
cacher = tok.return_value
cacher.get.return_value = dict(
app_name="Apple",
app_uuid=self.app_uuid,
security_token=dict(public_key_str=load_key('pub_pkcs15')),
created_at="2016-11-20 12:08:46 UTC")
authenticator = LocalAuthenticator(
mauth_auth=mock.Mock(),
logger=mock.Mock(),
mauth_api_version='v2',
mauth_base_url='https://mauth-sandbox.imedidata.net')
result = authenticator.signature_valid(request)
self.assertTrue(result)
def test_authentication_type(self):
"""We self-describe"""
authenticator = LocalAuthenticator(
mauth_auth=mock.Mock(),
logger=mock.Mock(),
mauth_api_version='v2',
mauth_base_url='https://mauth-sandbox.imedidata.net')
self.assertEqual('LOCAL', authenticator.authenticator_type)
def test_does_not_authenticate_a_false_message(self):
"""Given an authentic message, we authenticate"""
mws_time = int(time.time())
headers = self.generate_headers("GET", "/mauth/v1/mauth.json", "",
mws_time)
request = mock.Mock(headers=headers,
path="/mauth/v2/mauth.json?open=1",
method="GET",
data="")
with mock.patch(
"flask_mauth.mauth.authenticators.SecurityTokenCacher") as tok:
cacher = tok.return_value
cacher.get.return_value = dict(
app_name="Apple",
app_uuid=self.app_uuid,
security_token=dict(public_key_str=load_key('pub')),
created_at="2016-11-20 12:08:46 UTC")
authenticator = LocalAuthenticator(
mauth_auth=mock.Mock(),
logger=mock.Mock(),
mauth_api_version='v2',
mauth_base_url='https://mauth-sandbox.imedidata.net')
with self.assertRaises(InauthenticError) as exc:
result = authenticator.signature_valid(request)
self.assertEqual("Signature verification failed for Mock",
str(exc.exception))
def test_flushes_an_invalid_token(self):
"""Given an authentic message, we authenticate"""
mws_time = int(time.time())
headers = self.generate_headers("GET", "/mauth/v1/mauth.json", "",
mws_time)
request = mock.Mock(headers=headers,
path="/mauth/v2/mauth.json?open=1",
method="GET",
data="")
with mock.patch(
"flask_mauth.mauth.authenticators.SecurityTokenCacher") as tok:
cacher = tok.return_value
cacher.get.return_value = dict(
app_name="Apple",
app_uuid=self.app_uuid,
security_token=dict(public_key_str="pineapple"),
created_at="2016-11-20 12:08:46 UTC")
flush = mock.Mock()
cacher.flush = flush
authenticator = LocalAuthenticator(
mauth_auth=mock.Mock(),
logger=mock.Mock(),
mauth_api_version='v2',
mauth_base_url='https://mauth-sandbox.imedidata.net')
with self.assertRaises(UnableToAuthenticateError) as exc:
result = authenticator.signature_valid(request)
# bad key gets flushed from the cache
flush.assert_called_once_with(self.app_uuid)
# message is what we expect
assertRegex(self, str(exc.exception),
r'Unable to identify Public Key type from Signature')
@patch.object(LocalAuthenticator, "authenticate")
def test_is_authentic_all_ok(self, authenticate):
"""We get a True back if all tests pass"""
authenticate.return_value = True
request = mock.Mock(headers={
settings.x_mws_time:
self.mws_time,
settings.x_mws_authentication:
"MWS %s:somethingelse" % self.app_uuid
},
path="/mauth/v2/mauth.json?open=1",
method="GET",
data="")
authentic, status, message = self.authenticator.is_authentic(request)
self.assertTrue(authentic)
self.assertEqual(200, status)
@patch.object(LocalAuthenticator, "authenticate")
def test_is_authentic_fails(self, authenticate):
"""We get a False back if one or more tests fail"""
authenticate.return_value = False
request = mock.Mock(headers={
settings.x_mws_time:
self.mws_time,
settings.x_mws_authentication:
"MWS %s:somethingelse" % self.app_uuid
},
path="/mauth/v2/mauth.json?open=1",
method="GET",
data="")
authentic, status, message = self.authenticator.is_authentic(request)
self.assertFalse(authentic)
@patch.object(LocalAuthenticator, "signature_valid")
@patch.object(LocalAuthenticator, "authentication_present")
@patch.object(LocalAuthenticator, "time_valid")
@patch.object(LocalAuthenticator, "token_valid")
def test_is_authentic_some_token_invalid(self, token_valid, time_valid,
authentication_present,
signature_valid):
"""LocalAuthenticator: We get a False back if token invalid"""
request = mock.Mock(headers={
settings.x_mws_time:
self.mws_time,
settings.x_mws_authentication:
"MWS %s:somethingelse" % self.app_uuid
},
path="/mauth/v2/mauth.json?open=1",
method="GET",
data="")
token_valid.side_effect = InauthenticError()
time_valid.return_value = True
authentication_present.return_value = True
signature_valid.return_value = True
authentic, status, message = self.authenticator.is_authentic(request)
self.assertFalse(authentic)
@patch.object(LocalAuthenticator, "signature_valid")
@patch.object(LocalAuthenticator, "authentication_present")
@patch.object(LocalAuthenticator, "time_valid")
@patch.object(LocalAuthenticator, "token_valid")
def test_is_authentic_some_time_invalid(self, token_valid, time_valid,
authentication_present,
signature_valid):
"""LocalAuthenticator: We get a False back if time invalid"""
request = mock.Mock(headers={
settings.x_mws_time:
self.mws_time,
settings.x_mws_authentication:
"MWS %s:somethingelse" % self.app_uuid
},
path="/mauth/v2/mauth.json?open=1",
method="GET",
data="")
token_valid.return_value = True
time_valid.side_effect = InauthenticError()
authentication_present.return_value = True
signature_valid.return_value = True
authentic, status, message = self.authenticator.is_authentic(request)
self.assertFalse(authentic)
@patch.object(LocalAuthenticator, "signature_valid")
@patch.object(LocalAuthenticator, "authentication_present")
@patch.object(LocalAuthenticator, "time_valid")
@patch.object(LocalAuthenticator, "token_valid")
def test_is_authentic_some_authentication_missing(self, token_valid,
time_valid,
authentication_present,
signature_valid):
"""LocalAuthenticator: We get a False back if mauth missing"""
request = mock.Mock(headers={
settings.x_mws_time:
self.mws_time,
settings.x_mws_authentication:
"MWS %s:somethingelse" % self.app_uuid
},
path="/mauth/v2/mauth.json?open=1",
method="GET",
data="")
token_valid.return_value = True
time_valid.return_value = True
authentication_present.side_effect = InauthenticError()
signature_valid.return_value = True
authentic, status, message = self.authenticator.is_authentic(request)
self.assertFalse(authentic)
@patch.object(LocalAuthenticator, "signature_valid")
@patch.object(LocalAuthenticator, "authentication_present")
@patch.object(LocalAuthenticator, "time_valid")
@patch.object(LocalAuthenticator, "token_valid")
def test_is_authentic_some_signature_invalid(self, token_valid, time_valid,
authentication_present,
signature_valid):
"""LocalAuthenticator: We get a False back if token invalid"""
request = mock.Mock(headers={
settings.x_mws_time:
self.mws_time,
settings.x_mws_authentication:
"MWS %s:somethingelse" % self.app_uuid
},
path="/mauth/v2/mauth.json?open=1",
method="GET",
data="")
token_valid.return_value = True
time_valid.return_value = True
authentication_present.return_value = True
signature_valid.side_effect = InauthenticError()
authentic, status, message = self.authenticator.is_authentic(request)
self.assertFalse(authentic)
@patch.object(LocalAuthenticator, "authenticate")
def test_authenticate_error_conditions_inauthentic(self, authenticate):
""" We get a False back if we raise a InauthenticError """
authenticate.side_effect = InauthenticError("")
request = mock.Mock(headers={
settings.x_mws_time:
self.mws_time,
settings.x_mws_authentication:
"MWS %s:somethingelse" % self.app_uuid
},
path="/mauth/v2/mauth.json?open=1",
method="GET",
data="")
authentic, status, message = self.authenticator.is_authentic(request)
self.assertFalse(authentic)
self.assertEqual(401, status)
self.assertEqual("", message)
@patch.object(LocalAuthenticator, "authenticate")
def test_authenticate_error_conditions_unable(self, authenticate):
"""LocalAuthenticator: We get a False back if we raise a UnableToAuthenticateError """
authenticate.side_effect = UnableToAuthenticateError("")
request = mock.Mock(headers={
settings.x_mws_time:
self.mws_time,
settings.x_mws_authentication:
"MWS %s:somethingelse" % self.app_uuid
},
path="/mauth/v2/mauth.json?open=1",
method="GET",
data="")
authentic, status, message = self.authenticator.is_authentic(request)
self.assertFalse(authentic)
self.assertEqual(500, status)
self.assertEqual("", message)
@patch.object(LocalAuthenticator, "signature_valid")
@patch.object(LocalAuthenticator, "authentication_present")
@patch.object(LocalAuthenticator, "time_valid")
@patch.object(LocalAuthenticator, "token_valid")
def test_authenticate_is_ok(self, token_valid, time_valid,
authentication_present, signature_valid):
"""LocalAuthenticator: We get a True back if all tests pass"""
request = mock.Mock(headers={
settings.x_mws_time:
self.mws_time,
settings.x_mws_authentication:
"MWS %s:somethingelse" % self.app_uuid
},
path="/mauth/v2/mauth.json?open=1",
method="GET",
data="")
token_valid.return_value = True
time_valid.return_value = True
authentication_present.return_value = True
signature_valid.return_value = True
authentic = self.authenticator.authenticate(request)
self.assertTrue(authentic)
@patch.object(LocalAuthenticator, "signature_valid")
@patch.object(LocalAuthenticator, "authentication_present")
@patch.object(LocalAuthenticator, "time_valid")
@patch.object(LocalAuthenticator, "token_valid")
def test_authenticate_fails(self, token_valid, time_valid,
authentication_present, signature_valid):
"""LocalAuthenticator: We get a False back if any tests fail"""
request = mock.Mock(headers={
settings.x_mws_time:
self.mws_time,
settings.x_mws_authentication:
"MWS %s:somethingelse" % self.app_uuid
},
path="/mauth/v2/mauth.json?open=1",
method="GET",
data="")
token_valid.return_value = True
time_valid.return_value = True
authentication_present.return_value = True
signature_valid.return_value = False
authentic = self.authenticator.authenticate(request)
self.assertFalse(authentic)