def test_successful_logout(self):
# Login
handler = self.request({
'username': '******',
'password': '******'
})
yield handler.post()
self.assertTrue(handler.current_user is None)
self.assertTrue('session_id' in self.responses[0])
self.assertEqual(len(GLSessions.keys()), 1)
# Logout
session_id = self.responses[0]['session_id']
handler = self.request({}, headers={'X-Session': session_id})
yield handler.delete()
self.assertTrue(handler.current_user is None)
self.assertEqual(len(GLSessions.keys()), 0)
# A second logout must not be accepted (this validate also X-Session reuse)
handler = self.request({}, headers={'X-Session': session_id})
self.assertRaises(errors.NotAuthenticated, handler.delete)
self.assertTrue(handler.current_user is None)
self.assertEqual(len(GLSessions.keys()), 0)
def initialization(self):
self.responses = []
# we need to reset settings.session to keep each test independent
GLSessions.clear()
# we need to reset GLApiCache to keep each test independent
GLApiCache.invalidate()
def init_glsettings_for_unit_tests():
GLSettings.testing = True
GLSettings.set_devel_mode()
GLSettings.logging = None
GLSettings.failed_login_attempts = 0
GLSettings.working_path = './working_path'
GLSettings.ramdisk_path = os.path.join(GLSettings.working_path, 'ramdisk')
GLSettings.eval_paths()
GLSettings.remove_directories()
GLSettings.create_directories()
GLSettings.orm_tp = FakeThreadPool()
GLSessions.clear()
def test_successful_login(self):
handler = self.request({
'username': '******',
'password': '******',
})
success = yield handler.post()
self.assertTrue('session_id' in self.responses[0])
self.assertEqual(len(GLSessions.keys()), 1)
def test_successful_whistleblower_login(self):
yield self.perform_full_submission_actions()
handler = self.request({
'receipt': self.dummySubmission['receipt']
})
yield handler.post()
self.assertTrue('session_id' in self.responses[0])
self.assertEqual(len(GLSessions.keys()), 1)
def test_successful_session_update_on_auth_request(self):
session = GLSession('admin', 'admin', 'enabled')
date1 = session.getTime()
self.test_reactor.pump([1] * FUTURE)
handler = self.request({}, headers={'X-Session': session.id})
yield handler.get_authenticated()
date2 = GLSessions.get(session.id).getTime()
self.assertEqual(date1 + FUTURE, date2)
def test_accept_login_in_tor2web(self):
handler = self.request({
'username': '******',
'password': '******'
}, headers={'X-Tor2Web': 'whatever'})
GLSettings.memory_copy.accept_tor2web_access['admin'] = True
success = yield handler.post()
self.assertTrue('session_id' in self.responses[0])
self.assertEqual(len(GLSessions.keys()), 1)
def test_accept_whistleblower_login_in_tor2web(self):
yield self.perform_full_submission_actions()
handler = self.request({
'receipt': self.dummySubmission['receipt']
}, headers={'X-Tor2Web': 'whatever'})
GLSettings.memory_copy.accept_tor2web_access['whistleblower'] = True
success = yield handler.post()
self.assertTrue('session_id' in self.responses[0])
self.assertEqual(len(GLSessions.keys()), 1)
def test_successful_admin_logout(self):
self._handler = authentication.AuthenticationHandler
# Login
handler = self.request({
'username': '******',
'password': helpers.VALID_PASSWORD1
})
response = yield handler.post()
self.assertTrue(handler.current_user is None)
self.assertTrue('session_id' in response)
self.assertEqual(len(GLSessions.keys()), 1)
self._handler = authentication.SessionHandler
# Logout
session_id = response['session_id']
handler = self.request({}, headers={'x-session': session_id})
yield handler.delete()
self.assertTrue(handler.current_user is None)
self.assertEqual(len(GLSessions.keys()), 0)
def initialization(self):
self.responses = []
def mock_write(cls, response=None):
# !!!
# Here we are making the assumption that every time write() get's
# called it contains *all* of the response message.
#RequestHandler.finish(cls, response)
if response:
self.responses.append(response)
self._handler.write = mock_write
# we make the assumption that we will always use call finish on write.
self._handler.finish = mock_write
# we need to reset settings.session to keep each test independent
GLSessions.clear()
# we need to reset GLApiCache to keep each test independent
GLApiCache.invalidate()
def initialization(self):
self.responses = []
def mock_write(cls, response=None):
# !!!
# Here we are making the assumption that every time write() get's
# called it contains *all* of the response message.
#RequestHandler.finish(cls, response)
if response:
self.responses.append(response)
self._handler.write = mock_write
# we make the assumption that we will always use call finish on write.
self._handler.finish = mock_write
# we need to reset settings.session to keep each test independent
GLSessions.clear()
# we need to reset GLApiCache to keep each test independent
GLApiCache.invalidate()
def test_successful_whistleblower_logout(self):
yield self.perform_full_submission_actions()
self._handler = authentication.ReceiptAuthHandler
handler = self.request({'receipt': self.dummySubmission['receipt']})
handler.client_using_tor = True
response = yield handler.post()
self.assertTrue(handler.current_user is None)
self.assertTrue('session_id' in response)
self.assertEqual(len(GLSessions.keys()), 1)
self._handler = authentication.SessionHandler
# Logout
handler = self.request({},
headers={'x-session': response['session_id']})
yield handler.delete()
self.assertTrue(handler.current_user is None)
self.assertEqual(len(GLSessions.keys()), 0)
def test_successful_whistleblower_logout(self):
yield self.perform_full_submission_actions()
handler = self.request({
'receipt': self.dummySubmission['receipt']
})
yield handler.post()
self.assertTrue(handler.current_user is None)
self.assertTrue('session_id' in self.responses[0])
self.assertEqual(len(GLSessions.keys()), 1)
# Logout
session_id = self.responses[0]['session_id']
handler = self.request({}, headers={'X-Session': session_id})
yield handler.delete()
self.assertTrue(handler.current_user is None)
self.assertEqual(len(GLSessions.keys()), 0)
# A second logout must not be accepted (this validate also X-Session reuse)
handler = self.request({}, headers={'X-Session': session_id})
self.assertRaises(errors.NotAuthenticated, handler.delete)
self.assertTrue(handler.current_user is None)
self.assertEqual(len(GLSessions.keys()), 0)
def post(self):
"""
Receipt login handler used by whistleblowers
"""
request = self.validate_message(self.request.content.read(), requests.ReceiptAuthDesc)
receipt = request['receipt']
delay = random_login_delay()
if delay:
yield deferred_sleep(delay)
user_id = yield login_whistleblower(receipt, self.request.client_using_tor)
GLSessions.revoke_all_sessions(user_id)
session = new_session(user_id, 'whistleblower', 'Enabled')
returnValue({
'session_id': session.id,
'role': session.user_role,
'user_id': session.user_id,
'session_expiration': int(session.getTime())
})
def post(self):
"""
Login
"""
request = self.validate_message(self.request.content.read(), requests.AuthDesc)
username = request['username']
password = request['password']
user_id, status, role, pcn = yield login(username, password, self.request.client_using_tor)
# Revoke all other sessions for the newly authenticated user
GLSessions.revoke_all_sessions(user_id)
session = new_session(user_id, role, status)
returnValue({
'session_id': session.id,
'role': session.user_role,
'user_id': session.user_id,
'session_expiration': int(session.getTime()),
'status': session.user_status,
'password_change_needed': pcn
})
def test_successful_whistleblower_logout(self):
yield self.perform_full_submission_actions()
handler = self.request({
'receipt': self.dummySubmission['receipt']
})
yield handler.post()
self.assertTrue(handler.current_user is None)
self.assertTrue('session_id' in self.responses[0])
self.assertEqual(len(GLSessions.keys()), 1)
# Logout
session_id = self.responses[0]['session_id']
handler = self.request({}, headers={'X-Session': session_id})
yield handler.delete()
self.assertTrue(handler.current_user is None)
self.assertEqual(len(GLSessions.keys()), 0)
# A second logout must not be accepted (this validate also X-Session reuse)
handler = self.request({}, headers={'X-Session': session_id})
self.assertRaises(errors.NotAuthenticated, handler.delete)
self.assertTrue(handler.current_user is None)
self.assertEqual(len(GLSessions.keys()), 0)
def initialization(self):
# we need to reset settings.session to keep each test independent
GLSessions.clear()
# we need to reset GLApiCache to keep each test independent
GLApiCache.invalidate()
