def get(cls, value): result = cls.query(token=value).first() if not result: raise TokenNotFoundError() return result
class TestTokenValidation(AuthMiddlewareTest): @mock.patch.object( Token, 'get', mock.Mock(return_value=TokenDB(id=OBJ_ID, user=USER, token=TOKEN, expiry=FUTURE))) def test_token_validation_token_in_headers(self): response = self.app.get('/v1/actions', headers={'X-Auth-Token': TOKEN}, expect_errors=False) self.assertEqual(response.status_int, 200) @mock.patch.object( Token, 'get', mock.Mock(return_value=TokenDB(id=OBJ_ID, user=USER, token=TOKEN, expiry=FUTURE))) def test_token_validation_token_in_query_params(self): response = self.app.get('/v1/actions?x-auth-token=%s' % (TOKEN), expect_errors=False) self.assertEqual(response.status_int, 200) @mock.patch.object( Token, 'get', mock.Mock(return_value=TokenDB(id=OBJ_ID, user=USER, token=TOKEN, expiry=PAST))) def test_token_expired(self): response = self.app.get('/v1/actions', headers={'X-Auth-Token': TOKEN}, expect_errors=True) self.assertEqual(response.status_int, 401) @mock.patch.object( Token, 'get', mock.MagicMock(side_effect=TokenNotFoundError())) def test_token_not_found(self): response = self.app.get('/v1/actions', headers={'X-Auth-Token': TOKEN}, expect_errors=True) self.assertEqual(response.status_int, 401) def test_token_not_provided(self): response = self.app.get('/v1/actions', expect_errors=True) self.assertEqual(response.status_int, 401)
class TestTokenBasedAuth(FunctionalTest): enable_auth = True @mock.patch.object(Token, 'get', mock.Mock(return_value=TokenDB( id=OBJ_ID, user=USER, token=TOKEN, expiry=FUTURE))) def test_token_validation_token_in_headers(self): response = self.app.get('/v1/actions', headers={'X-Auth-Token': TOKEN}, expect_errors=False) self.assertTrue('application/json' in response.headers['content-type']) self.assertEqual(response.status_int, 200) @mock.patch.object(Token, 'get', mock.Mock(return_value=TokenDB( id=OBJ_ID, user=USER, token=TOKEN, expiry=FUTURE))) def test_token_validation_token_in_query_params(self): response = self.app.get('/v1/actions?x-auth-token=%s' % (TOKEN), expect_errors=False) self.assertTrue('application/json' in response.headers['content-type']) self.assertEqual(response.status_int, 200) @mock.patch.object(Token, 'get', mock.Mock(return_value=TokenDB( id=OBJ_ID, user=USER, token=TOKEN, expiry=PAST))) def test_token_expired(self): response = self.app.get('/v1/actions', headers={'X-Auth-Token': TOKEN}, expect_errors=True) self.assertTrue('application/json' in response.headers['content-type']) self.assertEqual(response.status_int, 401) @mock.patch.object(Token, 'get', mock.MagicMock(side_effect=TokenNotFoundError())) def test_token_not_found(self): response = self.app.get('/v1/actions', headers={'X-Auth-Token': TOKEN}, expect_errors=True) self.assertTrue('application/json' in response.headers['content-type']) self.assertEqual(response.status_int, 401) def test_token_not_provided(self): response = self.app.get('/v1/actions', expect_errors=True) self.assertTrue('application/json' in response.headers['content-type']) self.assertEqual(response.status_int, 401)
class TestTokenBasedAuth(FunctionalTest): enable_auth = True @mock.patch.object( Token, "get", mock.Mock( return_value=TokenDB(id=OBJ_ID, user=USER, token=TOKEN, expiry=FUTURE) ), ) @mock.patch.object(User, "get_by_name", mock.Mock(return_value=USER_DB)) def test_token_validation_token_in_headers(self): response = self.app.get( "/v1/actions", headers={"X-Auth-Token": TOKEN}, expect_errors=False ) self.assertIn("application/json", response.headers["content-type"]) self.assertEqual(response.status_int, 200) @mock.patch.object( Token, "get", mock.Mock( return_value=TokenDB(id=OBJ_ID, user=USER, token=TOKEN, expiry=FUTURE) ), ) @mock.patch.object(User, "get_by_name", mock.Mock(return_value=USER_DB)) def test_token_validation_token_in_query_params(self): response = self.app.get( "/v1/actions?x-auth-token=%s" % (TOKEN), expect_errors=False ) self.assertIn("application/json", response.headers["content-type"]) self.assertEqual(response.status_int, 200) @mock.patch.object( Token, "get", mock.Mock( return_value=TokenDB(id=OBJ_ID, user=USER, token=TOKEN, expiry=FUTURE) ), ) @mock.patch.object(User, "get_by_name", mock.Mock(return_value=USER_DB)) def test_token_validation_token_in_cookies(self): response = self.app.get( "/v1/actions", headers={"X-Auth-Token": TOKEN}, expect_errors=False ) self.assertIn("application/json", response.headers["content-type"]) self.assertEqual(response.status_int, 200) with mock.patch.object(self.app.cookiejar, "clear", return_value=None): response = self.app.get("/v1/actions", expect_errors=False) self.assertIn("application/json", response.headers["content-type"]) self.assertEqual(response.status_int, 200) @mock.patch.object( Token, "get", mock.Mock(return_value=TokenDB(id=OBJ_ID, user=USER, token=TOKEN, expiry=PAST)), ) def test_token_expired(self): response = self.app.get( "/v1/actions", headers={"X-Auth-Token": TOKEN}, expect_errors=True ) self.assertIn("application/json", response.headers["content-type"]) self.assertEqual(response.status_int, 401) @mock.patch.object(Token, "get", mock.MagicMock(side_effect=TokenNotFoundError())) def test_token_not_found(self): response = self.app.get( "/v1/actions", headers={"X-Auth-Token": TOKEN}, expect_errors=True ) self.assertIn("application/json", response.headers["content-type"]) self.assertEqual(response.status_int, 401) def test_token_not_provided(self): response = self.app.get("/v1/actions", expect_errors=True) self.assertIn("application/json", response.headers["content-type"]) self.assertEqual(response.status_int, 401)
def get(cls, value): for model_object in TokenDB.objects(token=value): return model_object raise TokenNotFoundError()
class TestTokenBasedAuth(FunctionalTest): enable_auth = True @mock.patch.object( Token, "get", mock.Mock(return_value=TokenDB( id=OBJ_ID, user=USER, token=TOKEN, expiry=FUTURE)), ) @mock.patch.object(User, "get_by_name", mock.Mock(return_value=USER_DB)) def test_token_validation_token_in_headers(self): response = self.app.get("/v1/actions", headers={"X-Auth-Token": TOKEN}, expect_errors=False) self.assertIn("application/json", response.headers["content-type"]) self.assertEqual(response.status_int, 200) @mock.patch.object( Token, "get", mock.Mock(return_value=TokenDB( id=OBJ_ID, user=USER, token=TOKEN, expiry=FUTURE)), ) @mock.patch.object(User, "get_by_name", mock.Mock(return_value=USER_DB)) def test_token_validation_token_in_query_params(self): response = self.app.get("/v1/actions?x-auth-token=%s" % (TOKEN), expect_errors=False) self.assertIn("application/json", response.headers["content-type"]) self.assertEqual(response.status_int, 200) @mock.patch.object( Token, "get", mock.Mock(return_value=TokenDB( id=OBJ_ID, user=USER, token=TOKEN, expiry=FUTURE)), ) @mock.patch.object(User, "get_by_name", mock.Mock(return_value=USER_DB)) def test_token_validation_token_in_query_params_auth_cookie_is_set(self): response = self.app.get("/v1/actions?x-auth-token=%s" % (TOKEN), expect_errors=False) self.assertIn("application/json", response.headers["content-type"]) self.assertEqual(response.status_int, 200) self.assertTrue("Set-Cookie" in response.headers) self.assertTrue("HttpOnly" in response.headers["Set-Cookie"]) # Also test same cookie values + secure valid_values = ["strict", "lax", "none", "unset"] for value in valid_values: cfg.CONF.set_override(group="api", name="auth_cookie_same_site", override=value) cfg.CONF.set_override(group="api", name="auth_cookie_secure", override=True) response = self.app.get("/v1/actions?x-auth-token=%s" % (TOKEN), expect_errors=False) self.assertIn("application/json", response.headers["content-type"]) self.assertEqual(response.status_int, 200) self.assertTrue("Set-Cookie" in response.headers) self.assertTrue("HttpOnly" in response.headers["Set-Cookie"]) if value == "unset": self.assertFalse("SameSite" in response.headers["Set-Cookie"]) else: self.assertTrue("SameSite=%s" % (value) in response.headers["Set-Cookie"]) self.assertTrue("secure" in response.headers["Set-Cookie"]) # SameSite=Lax, Secure=False cfg.CONF.set_override(group="api", name="auth_cookie_same_site", override="lax") cfg.CONF.set_override(group="api", name="auth_cookie_secure", override=False) response = self.app.get("/v1/actions?x-auth-token=%s" % (TOKEN), expect_errors=False) self.assertIn("application/json", response.headers["content-type"]) self.assertEqual(response.status_int, 200) self.assertTrue("Set-Cookie" in response.headers) self.assertTrue("HttpOnly" in response.headers["Set-Cookie"]) self.assertTrue("SameSite=lax" in response.headers["Set-Cookie"]) self.assertTrue("secure" not in response.headers["Set-Cookie"]) @mock.patch.object( Token, "get", mock.Mock(return_value=TokenDB( id=OBJ_ID, user=USER, token=TOKEN, expiry=FUTURE)), ) @mock.patch.object(User, "get_by_name", mock.Mock(return_value=USER_DB)) def test_token_validation_token_in_cookies(self): response = self.app.get("/v1/actions", headers={"X-Auth-Token": TOKEN}, expect_errors=False) self.assertIn("application/json", response.headers["content-type"]) self.assertEqual(response.status_int, 200) with mock.patch.object(self.app.cookiejar, "clear", return_value=None): response = self.app.get("/v1/actions", expect_errors=False) self.assertIn("application/json", response.headers["content-type"]) self.assertEqual(response.status_int, 200) @mock.patch.object( Token, "get", mock.Mock(return_value=TokenDB( id=OBJ_ID, user=USER, token=TOKEN, expiry=PAST)), ) def test_token_expired(self): response = self.app.get("/v1/actions", headers={"X-Auth-Token": TOKEN}, expect_errors=True) self.assertIn("application/json", response.headers["content-type"]) self.assertEqual(response.status_int, 401) @mock.patch.object(Token, "get", mock.MagicMock(side_effect=TokenNotFoundError())) def test_token_not_found(self): response = self.app.get("/v1/actions", headers={"X-Auth-Token": TOKEN}, expect_errors=True) self.assertIn("application/json", response.headers["content-type"]) self.assertEqual(response.status_int, 401) def test_token_not_provided(self): response = self.app.get("/v1/actions", expect_errors=True) self.assertIn("application/json", response.headers["content-type"]) self.assertEqual(response.status_int, 401)