def test_privileged_access(self):
"""
Tests that initially, a non-authenticating server is accessible,
but an authenticating one is not.
"""
auth_client = env.setup_auth_client(self._test_workspace,
session_token='_PROHIBIT')
handshake = auth_client.getAuthParameters()
self.assertTrue(
handshake.requiresAuthentication, "Privileged server " +
"did not report that it requires authentication.")
self.assertFalse(handshake.sessionStillActive,
"Empty session was " + "reported to be still active.")
with self.assertRaises(RequestFailed):
auth_client.performLogin("Username:Password", "invalid:invalid")
print("Invalid credentials gave us a token!")
with self.assertRaises(RequestFailed):
auth_client.performLogin("Username:Password", None)
# A non-authenticated session should return an empty user.
user = auth_client.getLoggedInUser()
self.assertEqual(user, "")
self.sessionToken = auth_client.performLogin("Username:Password",
"cc:test")
self.assertIsNotNone(self.sessionToken,
"Valid credentials didn't give us a token!")
handshake = auth_client.getAuthParameters()
self.assertTrue(
handshake.requiresAuthentication, "Privileged server " +
"did not report that it requires authentication.")
self.assertFalse(handshake.sessionStillActive,
"Valid session was " + "reported not to be active.")
client = env.setup_viewer_client(self._test_workspace,
session_token=self.sessionToken)
self.assertIsNotNone(client.getPackageVersion(),
"Privileged server didn't respond properly.")
authd_auth_client = \
env.setup_auth_client(self._test_workspace,
session_token=self.sessionToken)
user = authd_auth_client.getLoggedInUser()
self.assertEqual(user, "cc")
# No personal token in the database.
personal_tokens = authd_auth_client.getTokens()
self.assertEqual(len(personal_tokens), 0)
# Create a new personal token.
description = "description"
personal_token = authd_auth_client.newToken(description)
token = personal_token.token
self.assertEqual(personal_token.description, description)
# Check whether the new token has been added.
personal_tokens = authd_auth_client.getTokens()
self.assertEqual(len(personal_tokens), 1)
self.assertEqual(personal_tokens[0].token, token)
self.assertEqual(personal_tokens[0].description, description)
auth_client = env.setup_auth_client(self._test_workspace,
session_token=self.sessionToken)
result = auth_client.destroySession()
self.assertTrue(result, "Server did not allow us to destroy session.")
self.sessionToken = auth_client.performLogin("Username:Password",
"colon:my:password")
self.assertIsNotNone(self.sessionToken,
"Valid credentials didn't give us a token!")
result = auth_client.destroySession()
self.assertTrue(result, "Server did not allow us to destroy session.")
# Kill the session token that was created by login() too.
codechecker.logout(self._test_cfg['codechecker_cfg'],
self._test_workspace)
auth_token_client = \
env.setup_auth_client(self._test_workspace,
session_token=token)
# Log-in by using an already generated personal token.
self.sessionToken = auth_token_client.performLogin(
"Username:Password", "cc:" + token)
self.assertIsNotNone(self.sessionToken,
"Valid credentials didn't give us a token!")
user = auth_token_client.getLoggedInUser()
self.assertEqual(user, "cc")
result = auth_token_client.destroySession()
self.assertTrue(result, "Server did not allow us to destroy session.")
# Kill the session token that was created by login() too.
codechecker.logout(self._test_cfg['codechecker_cfg'],
self._test_workspace)
self.sessionToken = auth_client.performLogin("Username:Password",
"cc:test")
self.assertIsNotNone(self.sessionToken,
"Valid credentials didn't give us a token!")
auth_client = env.setup_auth_client(self._test_workspace,
session_token=self.sessionToken)
# Remove the generated personal token.
ret = auth_client.removeToken(token)
self.assertTrue(ret)
# Check whether no more personal token in the database.
personal_tokens = auth_client.getTokens()
self.assertEqual(len(personal_tokens), 0)
result = auth_client.destroySession()
self.assertTrue(result, "Server did not allow us to destroy session.")
# The server reports a HTTP 401 error which is not a valid
# Thrift response. But if it does so, it passes the test!
version = client.getPackageVersion()
self.assertIsNone(version,
"Privileged client allowed access after logout.")
handshake = auth_client.getAuthParameters()
self.assertFalse(
handshake.sessionStillActive,
"Destroyed session was " + "reported to be still active.")
def test_privileged_access(self):
"""
Tests that initially, a non-authenticating server is accessible,
but an authenticating one is not.
"""
# Switch off certificate validation on the clients.
os.environ["OSPYTHONHTTPSVERIFY"] = '0'
# FIXME: change this to https
access_protocol = 'http'
auth_client = env.setup_auth_client(self._test_workspace,
session_token='_PROHIBIT',
proto=access_protocol)
handshake = auth_client.getAuthParameters()
self.assertTrue(handshake.requiresAuthentication,
"Privileged server " +
"did not report that it requires authentication.")
self.assertFalse(handshake.sessionStillActive, "Empty session was " +
"reported to be still active.")
with self.assertRaises(RequestFailed):
auth_client.performLogin("Username:Password", "invalid:invalid")
print("Invalid credentials gave us a token!")
# A non-authenticated session should return an empty user.
user = auth_client.getLoggedInUser()
self.assertEqual(user, "")
# We still need to create a product on the new server, because
# in PostgreSQL mode, the same database is used for configuration
# by the newly started instance of this test suite too.
codechecker.add_test_package_product(
self._test_cfg['codechecker_cfg'],
self._test_workspace,
# Use the test's home directory to find the session token file.
self._test_cfg['codechecker_cfg']['check_env'],
access_protocol)
self.sessionToken = auth_client.performLogin("Username:Password",
"cc:test")
self.assertIsNotNone(self.sessionToken,
"Valid credentials didn't give us a token!")
handshake = auth_client.getAuthParameters()
self.assertTrue(handshake.requiresAuthentication,
"Privileged server " +
"did not report that it requires authentication.")
self.assertFalse(handshake.sessionStillActive,
"Valid session was " + "reported not to be active.")
client = env.setup_viewer_client(self._test_workspace,
session_token=self.sessionToken,
proto=access_protocol)
self.assertIsNotNone(client.getPackageVersion(),
"Privileged server didn't respond properly.")
authd_auth_client = \
env.setup_auth_client(self._test_workspace,
session_token=self.sessionToken,
proto=access_protocol)
user = authd_auth_client.getLoggedInUser()
self.assertEqual(user, "cc")
auth_client = env.setup_auth_client(self._test_workspace,
session_token=self.sessionToken,
proto=access_protocol)
result = auth_client.destroySession()
self.assertTrue(result, "Server did not allow us to destroy session.")
# Kill the session token that was created by login() too.
codechecker.logout(self._test_cfg['codechecker_cfg'],
self._test_workspace,
access_protocol)
with self.assertRaises(TProtocolException):
# The server reports a HTTP 401 error which is not a valid
# Thrift response. But if it does so, it passes the test!
client.getPackageVersion()
print("Privileged client allowed access after logout.")
handshake = auth_client.getAuthParameters()
self.assertFalse(handshake.sessionStillActive,
"Destroyed session was " +
"reported to be still active.")
codechecker.remove_test_package_product(
self._test_workspace,
# Use the test's home directory to find the session token file.
self._test_cfg['codechecker_cfg']['check_env'],
access_protocol)
def test_privileged_access(self):
"""
Tests that initially, a non-authenticating server is accessible,
but an authenticating one is not.
"""
auth_client = env.setup_auth_client(self._test_workspace,
session_token='_PROHIBIT')
handshake = auth_client.getAuthParameters()
self.assertTrue(handshake.requiresAuthentication,
"Privileged server " +
"did not report that it requires authentication.")
self.assertFalse(handshake.sessionStillActive, "Empty session was " +
"reported to be still active.")
with self.assertRaises(RequestFailed):
auth_client.performLogin("Username:Password", "invalid:invalid")
print("Invalid credentials gave us a token!")
# A non-authenticated session should return an empty user.
user = auth_client.getLoggedInUser()
self.assertEqual(user, "")
# We still need to create a product on the new server, because
# in PostgreSQL mode, the same database is used for configuration
# by the newly started instance of this test suite too.
codechecker.add_test_package_product(
self._test_cfg['codechecker_cfg'],
self._test_workspace,
# Use the test's home directory to find the session token file.
self._test_cfg['codechecker_cfg']['check_env'])
self.sessionToken = auth_client.performLogin("Username:Password",
"cc:test")
self.assertIsNotNone(self.sessionToken,
"Valid credentials didn't give us a token!")
handshake = auth_client.getAuthParameters()
self.assertTrue(handshake.requiresAuthentication,
"Privileged server " +
"did not report that it requires authentication.")
self.assertFalse(handshake.sessionStillActive,
"Valid session was " + "reported not to be active.")
client = env.setup_viewer_client(self._test_workspace,
session_token=self.sessionToken)
self.assertIsNotNone(client.getPackageVersion(),
"Privileged server didn't respond properly.")
authd_auth_client = \
env.setup_auth_client(self._test_workspace,
session_token=self.sessionToken)
user = authd_auth_client.getLoggedInUser()
self.assertEqual(user, "cc")
# No personal token in the database.
personal_tokens = authd_auth_client.getTokens()
self.assertEqual(len(personal_tokens), 0)
# Create a new personal token.
description = "description"
personal_token = authd_auth_client.newToken(description)
token = personal_token.token
self.assertEqual(personal_token.description, description)
# Check whether the new token has been added.
personal_tokens = authd_auth_client.getTokens()
self.assertEqual(len(personal_tokens), 1)
self.assertEqual(personal_tokens[0].token, token)
self.assertEqual(personal_tokens[0].description, description)
auth_client = env.setup_auth_client(self._test_workspace,
session_token=self.sessionToken)
result = auth_client.destroySession()
self.assertTrue(result, "Server did not allow us to destroy session.")
self.sessionToken = auth_client.performLogin("Username:Password",
"colon:my:password")
self.assertIsNotNone(self.sessionToken,
"Valid credentials didn't give us a token!")
result = auth_client.destroySession()
self.assertTrue(result, "Server did not allow us to destroy session.")
# Kill the session token that was created by login() too.
codechecker.logout(self._test_cfg['codechecker_cfg'],
self._test_workspace)
auth_token_client = \
env.setup_auth_client(self._test_workspace,
session_token=token)
# Log-in by using an already generated personal token.
self.sessionToken = auth_token_client.performLogin("Username:Password",
"cc:" + token)
self.assertIsNotNone(self.sessionToken,
"Valid credentials didn't give us a token!")
user = auth_token_client.getLoggedInUser()
self.assertEqual(user, "cc")
result = auth_token_client.destroySession()
self.assertTrue(result, "Server did not allow us to destroy session.")
# Kill the session token that was created by login() too.
codechecker.logout(self._test_cfg['codechecker_cfg'],
self._test_workspace)
self.sessionToken = auth_client.performLogin("Username:Password",
"cc:test")
self.assertIsNotNone(self.sessionToken,
"Valid credentials didn't give us a token!")
auth_client = env.setup_auth_client(self._test_workspace,
session_token=self.sessionToken)
# Remove the generated personal token.
ret = auth_client.removeToken(token)
self.assertTrue(ret)
# Check whether no more personal token in the database.
personal_tokens = auth_client.getTokens()
self.assertEqual(len(personal_tokens), 0)
result = auth_client.destroySession()
self.assertTrue(result, "Server did not allow us to destroy session.")
with self.assertRaises(TProtocolException):
# The server reports a HTTP 401 error which is not a valid
# Thrift response. But if it does so, it passes the test!
client.getPackageVersion()
print("Privileged client allowed access after logout.")
handshake = auth_client.getAuthParameters()
self.assertFalse(handshake.sessionStillActive,
"Destroyed session was " +
"reported to be still active.")
def test_privileged_access(self):
"""
Tests that initially, a non-authenticating server is accessible,
but an authenticating one is not.
"""
auth_client = env.setup_auth_client(self._test_workspace,
session_token='_PROHIBIT')
handshake = auth_client.getAuthParameters()
self.assertTrue(
handshake.requiresAuthentication, "Privileged server " +
"did not report that it requires authentication.")
self.assertFalse(handshake.sessionStillActive,
"Empty session was " + "reported to be still active.")
with self.assertRaises(RequestFailed):
auth_client.performLogin("Username:Password", "invalid:invalid")
print("Invalid credentials gave us a token!")
# A non-authenticated session should return an empty user.
user = auth_client.getLoggedInUser()
self.assertEqual(user, "")
# We still need to create a product on the new server, because
# in PostgreSQL mode, the same database is used for configuration
# by the newly started instance of this test suite too.
codechecker.add_test_package_product(
self._test_cfg['codechecker_cfg'],
self._test_workspace,
# Use the test's home directory to find the session token file.
self._test_cfg['codechecker_cfg']['check_env'])
self.sessionToken = auth_client.performLogin("Username:Password",
"cc:test")
self.assertIsNotNone(self.sessionToken,
"Valid credentials didn't give us a token!")
handshake = auth_client.getAuthParameters()
self.assertTrue(
handshake.requiresAuthentication, "Privileged server " +
"did not report that it requires authentication.")
self.assertFalse(handshake.sessionStillActive,
"Valid session was " + "reported not to be active.")
client = env.setup_viewer_client(self._test_workspace,
session_token=self.sessionToken)
self.assertIsNotNone(client.getPackageVersion(),
"Privileged server didn't respond properly.")
authd_auth_client = \
env.setup_auth_client(self._test_workspace,
session_token=self.sessionToken)
user = authd_auth_client.getLoggedInUser()
self.assertEqual(user, "cc")
auth_client = env.setup_auth_client(self._test_workspace,
session_token=self.sessionToken)
result = auth_client.destroySession()
self.assertTrue(result, "Server did not allow us to destroy session.")
# Kill the session token that was created by login() too.
codechecker.logout(self._test_cfg['codechecker_cfg'],
self._test_workspace)
with self.assertRaises(TProtocolException):
# The server reports a HTTP 401 error which is not a valid
# Thrift response. But if it does so, it passes the test!
client.getPackageVersion()
print("Privileged client allowed access after logout.")
handshake = auth_client.getAuthParameters()
self.assertFalse(
handshake.sessionStillActive,
"Destroyed session was " + "reported to be still active.")
def test_privileged_access(self):
"""
Tests that initially, a non-authenticating server is accessible,
but an authenticating one is not.
"""
# Switch off certificate validation on the clients.
os.environ["OSPYTHONHTTPSVERIFY"] = '0'
# FIXME: change this to https
access_protocol = 'http'
auth_client = env.setup_auth_client(self._test_workspace,
session_token='_PROHIBIT',
proto=access_protocol)
handshake = auth_client.getAuthParameters()
self.assertTrue(
handshake.requiresAuthentication, "Privileged server " +
"did not report that it requires authentication.")
self.assertFalse(handshake.sessionStillActive,
"Empty session was " + "reported to be still active.")
with self.assertRaises(RequestFailed):
auth_client.performLogin("Username:Password", "invalid:invalid")
print("Invalid credentials gave us a token!")
# A non-authenticated session should return an empty user.
user = auth_client.getLoggedInUser()
self.assertEqual(user, "")
# We still need to create a product on the new server, because
# in PostgreSQL mode, the same database is used for configuration
# by the newly started instance of this test suite too.
codechecker.add_test_package_product(
self._test_cfg['codechecker_cfg'],
self._test_workspace,
# Use the test's home directory to find the session token file.
self._test_cfg['codechecker_cfg']['check_env'],
access_protocol)
self.sessionToken = auth_client.performLogin("Username:Password",
"cc:test")
self.assertIsNotNone(self.sessionToken,
"Valid credentials didn't give us a token!")
handshake = auth_client.getAuthParameters()
self.assertTrue(
handshake.requiresAuthentication, "Privileged server " +
"did not report that it requires authentication.")
self.assertFalse(handshake.sessionStillActive,
"Valid session was " + "reported not to be active.")
client = env.setup_viewer_client(self._test_workspace,
session_token=self.sessionToken,
proto=access_protocol)
self.assertIsNotNone(client.getPackageVersion(),
"Privileged server didn't respond properly.")
authd_auth_client = \
env.setup_auth_client(self._test_workspace,
session_token=self.sessionToken,
proto=access_protocol)
user = authd_auth_client.getLoggedInUser()
self.assertEqual(user, "cc")
auth_client = env.setup_auth_client(self._test_workspace,
session_token=self.sessionToken,
proto=access_protocol)
result = auth_client.destroySession()
self.assertTrue(result, "Server did not allow us to destroy session.")
# Kill the session token that was created by login() too.
codechecker.logout(self._test_cfg['codechecker_cfg'],
self._test_workspace, access_protocol)
# The server reports a HTTP 401 error which is not a valid
# Thrift response. But if it does so, it passes the test!
# FIXME: Because of the local session cache this check will fail.
# To enable this again we need to eliminate the local cache.
# version = client.getPackageVersion()
# self.assertIsNone(version,
# "Privileged client allowed access after logout.")
# handshake = auth_client.getAuthParameters()
# self.assertFalse(handshake.sessionStillActive,
# "Destroyed session was " +
# "reported to be still active.")
codechecker.remove_test_package_product(
self._test_workspace,
# Use the test's home directory to find the session token file.
self._test_cfg['codechecker_cfg']['check_env'],
access_protocol)