def testReportsErrorOnNonHomepagesWhenAuthorizationHeaderIsMissing(self): environ = werkzeug_test.EnvironBuilder(path="/foo").get_environ() request = wsgiapp.HttpRequest(environ) response = self.manager.SecurityCheck(self.HandlerStub, request) self.assertEqual(response.get_data(as_text=True), "JWT token validation failed: JWT token is missing.")
def testProcessesRequestWithUsernameFromTrustedIp(self): environ = werkzeug_test.EnvironBuilder(environ_base={ "REMOTE_ADDR": "127.0.0.1", "HTTP_X_REMOTE_USER": "******" }).get_environ() request = wsgiapp.HttpRequest(environ) response = self.manager.SecurityCheck(self.HandlerStub, request) self.assertEqual(response, self.success_response)
def testRejectsRequestWithoutRemoteUserHeader(self): environ = werkzeug_test.EnvironBuilder(environ_base={ "REMOTE_ADDR": "127.0.0.1" }).get_environ() request = wsgiapp.HttpRequest(environ) response = self.manager.SecurityCheck(self.HandlerStub, request) self.assertEqual(response.get_data(as_text=True), "No username header found.")
def testVerifiesTokenWithProjectIdFromDomain(self, mock_method): environ = werkzeug_test.EnvironBuilder(headers={ "Authorization": "Bearer blah" }).get_environ() request = wsgiapp.HttpRequest(environ) self.manager.SecurityCheck(self.HandlerStub, request) self.assertEqual(mock_method.call_count, 1) self.assertEqual(mock_method.call_args_list[0][0], ("blah", "foo-bar"))
def testRejectsRequestWithEmptyUsername(self): environ = werkzeug_test.EnvironBuilder(environ_base={ "REMOTE_ADDR": "127.0.0.1", "HTTP_X_REMOTE_USER": "" }).get_environ() request = wsgiapp.HttpRequest(environ) response = self.manager.SecurityCheck(self.HandlerStub, request) self.assertEqual(response.get_data(as_text=True), "Empty username is not allowed.")
def testRejectsRequestFromUntrustedIp(self): environ = werkzeug_test.EnvironBuilder(environ_base={ "REMOTE_ADDR": "127.0.0.2" }).get_environ() request = wsgiapp.HttpRequest(environ) response = self.manager.SecurityCheck(self.HandlerStub, request) self.assertEqual( response.get_data(as_text=True), "Request sent from an IP not in AdminUI.remote_user_trusted_ips.")
def testPassesThroughHomepageOnVerificationFailure(self, mock_method): _ = mock_method environ = werkzeug_test.EnvironBuilder(headers={ "Authorization": "Bearer blah" }).get_environ() request = wsgiapp.HttpRequest(environ) response = self.manager.SecurityCheck(self.HandlerStub, request) self.assertEqual(response, self.success_response)
def testReportsErrorWhenBearerPrefixIsMissing(self): environ = werkzeug_test.EnvironBuilder(path="/foo", headers={ "Authorization": "blah" }).get_environ() request = wsgiapp.HttpRequest(environ) response = self.manager.SecurityCheck(self.HandlerStub, request) self.assertEqual(response.get_data(as_text=True), "JWT token validation failed: JWT token is missing.")
def testFillsRequestUserFromTokenEmailOnSuccess(self, mock_method): _ = mock_method environ = werkzeug_test.EnvironBuilder(headers={ "Authorization": "Bearer blah" }).get_environ() request = wsgiapp.HttpRequest(environ) self.manager.SecurityCheck(self.HandlerStub, request) self.assertTrue(self.checked_request) self.assertEqual(self.checked_request.user, "*****@*****.**")
def testReportsErrorIfIssuerIsWrong(self, mock_method): _ = mock_method environ = werkzeug_test.EnvironBuilder(path="/foo", headers={ "Authorization": "Bearer blah" }).get_environ() request = wsgiapp.HttpRequest(environ) response = self.manager.SecurityCheck(self.HandlerStub, request) self.assertEqual(response.get_data(as_text=True), "JWT token validation failed: Wrong issuer.")
def testLogHttpAdminUIAccess(self): stats.STATS.RegisterCounterMetric("grr_gin_request_count") request = wsgiapp.HttpRequest({ "wsgi.url_scheme": "http", "SERVER_NAME": "foo.bar", "SERVER_PORT": "1234" }) request.user = "******" response = werkzeug_wrappers.Response( status=202, headers={"X-GRR-Reason": "foo/test1234", "X-API-Method": "TestMethod"}) self.l.LogHttpAdminUIAccess(request, response) self.assertIn("foo/test1234", self.log)
def testPassesThroughHomepageWhenAuthorizationHeaderIsMissing(self): environ = werkzeug_test.EnvironBuilder().get_environ() request = wsgiapp.HttpRequest(environ) response = self.manager.SecurityCheck(self.HandlerStub, request) self.assertEqual(response, self.success_response)