def test_url_formatting(self):
"""
Test that a URL without a trailing slash is handled properly when used
to set the URL of a SLUGSConnector.
"""
connector = auth.SLUGSConnector(url="http://127.0.0.1:8080/slugs")
self.assertEqual('http://127.0.0.1:8080/slugs/', connector.url)
self.assertEqual('http://127.0.0.1:8080/slugs/users/{}',
connector.users_url)
self.assertEqual('http://127.0.0.1:8080/slugs/users/{}/groups',
connector.groups_url)
connector = auth.SLUGSConnector()
self.assertEqual(None, connector.url)
self.assertEqual(None, connector.users_url)
self.assertEqual(None, connector.groups_url)
connector.url = "http://127.0.0.1:8080/slugs"
self.assertEqual('http://127.0.0.1:8080/slugs/', connector.url)
self.assertEqual('http://127.0.0.1:8080/slugs/users/{}',
connector.users_url)
self.assertEqual('http://127.0.0.1:8080/slugs/users/{}/groups',
connector.groups_url)
def test_authenticate(self, mock_get_client_identity, mock_request_get):
"""
Test that a call to authenticate with the SLUGSConnector triggers the
right utility and SLUGS API calls.
"""
mock_get_client_identity.return_value = "John Doe"
users_response = mock.MagicMock(requests.Response)
users_response.status_code = 200
groups_response = mock.MagicMock(requests.Response)
groups_response.status_code = 200
groups_response.json.return_value = {'groups': ['Group A', 'Group B']}
mock_request_get.side_effect = [users_response, groups_response]
connector = auth.SLUGSConnector(
url="http://127.0.0.1:8080/test/slugs/")
result = connector.authenticate("test")
mock_get_client_identity.assert_called_once_with("test")
mock_request_get.assert_any_call(
"http://127.0.0.1:8080/test/slugs/users/John Doe")
mock_request_get.assert_any_call(
"http://127.0.0.1:8080/test/slugs/users/John Doe/groups")
self.assertEqual(('John Doe', ['Group A', 'Group B']), result)
def test_init_with_args(self):
"""
Test that a SLUGSConnector can be constructed with arguments.
"""
connector = auth.SLUGSConnector(url='http://127.0.0.1:8080/slugs/')
self.assertEqual('http://127.0.0.1:8080/slugs/', connector.url)
self.assertEqual('http://127.0.0.1:8080/slugs/users/{}',
connector.users_url)
self.assertEqual('http://127.0.0.1:8080/slugs/users/{}/groups',
connector.groups_url)
def test_authenticate_with_url_unset(self, mock_get_client_identity,
mock_request_get):
"""
Test that a ConfigurationError is raised when attempting to
authenticate with an unset URL.
"""
connector = auth.SLUGSConnector()
args = ("test", )
self.assertRaisesRegexp(exceptions.ConfigurationError,
"The SLUGS URL must be specified.",
connector.authenticate, *args)
def test_invalid_url(self):
"""
Test that a TypeError is raised when an invalid value is used to set
the URL of a SLUGSConnector.
"""
kwargs = {'url': 0}
self.assertRaisesRegexp(TypeError, "URL must be a string.",
auth.SLUGSConnector, **kwargs)
connector = auth.SLUGSConnector()
args = (connector, "url", 0)
self.assertRaisesRegexp(TypeError, "URL must be a string.", setattr,
*args)
def authenticate(self, certificate, request):
credentials = []
if request.request_header.authentication is not None:
credentials = request.request_header.authentication.credentials
plugin_enabled = False
for auth_settings in self._auth_settings:
plugin_name, plugin_config = auth_settings
if plugin_name.startswith("auth:slugs"):
if plugin_config.get("enabled") == "True":
plugin_enabled = True
plugin = auth.SLUGSConnector(plugin_config.get("url"))
self._logger.debug(
"Authenticating with plugin: {}".format(plugin_name))
try:
client_identity = plugin.authenticate(
certificate, (self._address, self._session_time),
credentials)
except Exception as e:
self._logger.warning("Authentication failed.")
self._logger.error(e)
self._logger.exception(e)
else:
self._logger.debug(
"Authentication succeeded for client identity: "
"{}".format(client_identity[0]))
return client_identity
else:
self._logger.warning("Authentication plugin '{}' is not "
"supported.".format(plugin_name))
if not plugin_enabled:
self._logger.debug(
"No authentication plugins are enabled. The client identity "
"will be extracted from the client certificate.")
try:
client_identity = auth.get_client_identity_from_certificate(
certificate)
except Exception as e:
self._logger.warning("Client identity extraction failed.")
self._logger.exception(e)
else:
self._logger.debug(
"Extraction succeeded for client identity: {}".format(
client_identity))
return tuple([client_identity, None])
raise exceptions.PermissionDenied("Authentication failed.")
def test_authenticate_with_connection_failure(self,
mock_get_client_identity,
mock_request_get):
"""
Test that a ConfigurationError is raised when attempting to
authenticate with an invalid URL.
"""
mock_get_client_identity.return_value = "John Doe"
mock_request_get.side_effect = [requests.exceptions.ConnectionError()]
connector = auth.SLUGSConnector(
url="http://127.0.0.1:8080/test/slugs/")
args = ("test", )
self.assertRaisesRegexp(
exceptions.ConfigurationError,
"A connection could not be established using the SLUGS URL.",
connector.authenticate, *args)
def test_authenticate_with_users_failure(self, mock_get_client_identity,
mock_request_get):
"""
Test that a PermissionDenied error is raised when an invalid user ID
is used to query SLUGS.
"""
mock_get_client_identity.return_value = "John Doe"
users_response = mock.MagicMock(requests.Response)
users_response.status_code = 404
mock_request_get.return_value = users_response
connector = auth.SLUGSConnector(
url="http://127.0.0.1:8080/test/slugs/")
args = ("test", )
self.assertRaisesRegexp(exceptions.PermissionDenied,
"Unrecognized user ID: John Doe",
connector.authenticate, *args)
def test_authenticate_with_groups_failure(self, mock_get_client_identity,
mock_request_get):
"""
Test that a PermissionDenied error is raised when a groups request to
SLUGS fails.
"""
mock_get_client_identity.return_value = "John Doe"
users_response = mock.MagicMock(requests.Response)
users_response.status_code = 200
groups_response = mock.MagicMock(requests.Response)
groups_response.status_code = 404
mock_request_get.side_effect = [users_response, groups_response]
connector = auth.SLUGSConnector(
url="http://127.0.0.1:8080/test/slugs/")
args = ("test", )
self.assertRaisesRegexp(
exceptions.PermissionDenied,
"Group information could not be retrieved for user ID: John Doe",
connector.authenticate, *args)
def test_init(self):
"""
Test that a SLUGSConnector can be constructed without arguments.
"""
auth.SLUGSConnector()