Python filter_factory Examples

Example #1

File: test_tempauth.py Project: sudowork/swift

 def test_allowed_sync_hosts(self):
     a = auth.filter_factory({'super_admin_key': 'supertest'})(FakeApp())
     self.assertEquals(a.allowed_sync_hosts, ['127.0.0.1'])
     a = auth.filter_factory({'super_admin_key': 'supertest',
         'allowed_sync_hosts':
             '1.1.1.1,2.1.1.1, 3.1.1.1 , 4.1.1.1,, , 5.1.1.1'})(FakeApp())
     self.assertEquals(a.allowed_sync_hosts,
         ['1.1.1.1', '2.1.1.1', '3.1.1.1', '4.1.1.1', '5.1.1.1'])

Example #2

File: test_tempauth.py Project: AnyBucket/OpenStack-Install-and-Understand-Guide

 def test_allowed_sync_hosts(self):
     a = auth.filter_factory({'super_admin_key': 'supertest'})(FakeApp())
     self.assertEquals(a.allowed_sync_hosts, ['127.0.0.1'])
     a = auth.filter_factory({'super_admin_key': 'supertest',
         'allowed_sync_hosts':
             '1.1.1.1,2.1.1.1, 3.1.1.1 , 4.1.1.1,, , 5.1.1.1'})(FakeApp())
     self.assertEquals(a.allowed_sync_hosts,
         ['1.1.1.1', '2.1.1.1', '3.1.1.1', '4.1.1.1', '5.1.1.1'])

Example #3

File: test_tempauth.py Project: ChristopherMacGown/swift

 def test_reseller_prefix_init(self):
     app = FakeApp()
     ath = auth.filter_factory({})(app)
     self.assertEquals(ath.reseller_prefix, "AUTH_")
     ath = auth.filter_factory({"reseller_prefix": "TEST"})(app)
     self.assertEquals(ath.reseller_prefix, "TEST_")
     ath = auth.filter_factory({"reseller_prefix": "TEST_"})(app)
     self.assertEquals(ath.reseller_prefix, "TEST_")

Example #4

File: test_tempauth.py Project: AnyBucket/OpenStack-Install-and-Understand-Guide

 def test_reseller_prefix_init(self):
     app = FakeApp()
     ath = auth.filter_factory({})(app)
     self.assertEquals(ath.reseller_prefix, 'AUTH_')
     ath = auth.filter_factory({'reseller_prefix': 'TEST'})(app)
     self.assertEquals(ath.reseller_prefix, 'TEST_')
     ath = auth.filter_factory({'reseller_prefix': 'TEST_'})(app)
     self.assertEquals(ath.reseller_prefix, 'TEST_')

Example #5

File: test_tempauth.py Project: zhanghua/swift

 def test_reseller_prefix_init(self):
     app = FakeApp()
     ath = auth.filter_factory({})(app)
     self.assertEquals(ath.reseller_prefix, 'AUTH_')
     ath = auth.filter_factory({'reseller_prefix': 'TEST'})(app)
     self.assertEquals(ath.reseller_prefix, 'TEST_')
     ath = auth.filter_factory({'reseller_prefix': 'TEST_'})(app)
     self.assertEquals(ath.reseller_prefix, 'TEST_')

Example #6

File: test_tempauth.py Project: ChristopherMacGown/swift

 def test_auth_no_reseller_prefix_no_token(self):
     # Check that normally we set up a call back to our authorize.
     local_auth = auth.filter_factory({"reseller_prefix": ""})(FakeApp(iter([])))
     req = self._make_request("/v1/account")
     resp = req.get_response(local_auth)
     self.assertEquals(resp.status_int, 401)
     self.assertEquals(req.environ["swift.authorize"], local_auth.authorize)
     # Now make sure we don't override an existing swift.authorize when we
     # have no reseller prefix.
     local_auth = auth.filter_factory({"reseller_prefix": ""})(FakeApp())
     local_authorize = lambda req: Response("test")
     req = self._make_request("/v1/account", environ={"swift.authorize": local_authorize})
     resp = req.get_response(local_auth)
     self.assertEquals(resp.status_int, 200)
     self.assertEquals(req.environ["swift.authorize"], local_authorize)

Example #7

File: test_tempauth.py Project: 10389030/swift

    def test_account_delete_permissions(self):
        self.test_auth = auth.filter_factory({})(
            FakeApp(iter(NO_CONTENT_RESP * 4)))
        req = self._make_request('/v1/AUTH_new',
                                 environ={'REQUEST_METHOD': 'DELETE'})
        req.remote_user = '******'
        resp = self.test_auth.authorize(req)
        self.assertEquals(resp.status_int, 403)

        req = self._make_request('/v1/AUTH_new',
                                 environ={'REQUEST_METHOD': 'DELETE'})
        req.remote_user = '******'
        resp = self.test_auth.authorize(req)
        self.assertEquals(resp.status_int, 403)

        # Even DELETEs to your own account as account admin should fail
        req = self._make_request('/v1/AUTH_old',
                                 environ={'REQUEST_METHOD': 'DELETE'})
        req.remote_user = '******'
        resp = self.test_auth.authorize(req)
        self.assertEquals(resp.status_int, 403)

        req = self._make_request('/v1/AUTH_new',
                                 environ={'REQUEST_METHOD': 'DELETE'})
        req.remote_user = '******'
        resp = self.test_auth.authorize(req)
        self.assertEquals(resp, None)

        # .super_admin is not something the middleware should ever see or care
        # about
        req = self._make_request('/v1/AUTH_new',
                                 environ={'REQUEST_METHOD': 'DELETE'})
        req.remote_user = '******'
        resp = self.test_auth.authorize(req)
        self.assertEquals(resp.status_int, 403)

Example #8

File: test_tempauth.py Project: 10389030/swift

 def test_authorize_acl_group_access(self):
     self.test_auth = auth.filter_factory({})(
         FakeApp(iter(NO_CONTENT_RESP * 3)))
     req = self._make_request('/v1/AUTH_cfa')
     req.remote_user = '******'
     resp = self.test_auth.authorize(req)
     self.assertEquals(resp.status_int, 403)
     req = self._make_request('/v1/AUTH_cfa')
     req.remote_user = '******'
     req.acl = 'act'
     self.assertEquals(self.test_auth.authorize(req), None)
     req = self._make_request('/v1/AUTH_cfa')
     req.remote_user = '******'
     req.acl = 'act:usr'
     self.assertEquals(self.test_auth.authorize(req), None)
     req = self._make_request('/v1/AUTH_cfa')
     req.remote_user = '******'
     req.acl = 'act2'
     resp = self.test_auth.authorize(req)
     self.assertEquals(resp.status_int, 403)
     req = self._make_request('/v1/AUTH_cfa')
     req.remote_user = '******'
     req.acl = 'act:usr2'
     resp = self.test_auth.authorize(req)
     self.assertEquals(resp.status_int, 403)

Example #9

File: test_tempauth.py Project: zhanghua/swift

 def test_parse_user_creation(self):
     auth_filter = auth.filter_factory({
         'reseller_prefix':
         'ABC',
         'user_test_tester3':
         'testing',
         'user_has_url':
         'urlly .admin http://a.b/v1/DEF_has',
         'user_admin_admin':
         'admin .admin .reseller_admin',
     })(FakeApp())
     self.assertEquals(
         auth_filter.users, {
             'admin:admin': {
                 'url': '$HOST/v1/ABC_admin',
                 'groups': ['.admin', '.reseller_admin'],
                 'key': 'admin'
             },
             'test:tester3': {
                 'url': '$HOST/v1/ABC_test',
                 'groups': [],
                 'key': 'testing'
             },
             'has:url': {
                 'url': 'http://a.b/v1/DEF_has',
                 'groups': ['.admin'],
                 'key': 'urlly'
             },
         })

Example #10

File: test_tempauth.py Project: zhanghua/swift

 def test_base64_encoding(self):
     auth_filter = auth.filter_factory(
         {
             'reseller_prefix':
             'ABC',
             'user64_%s_%s' % (b64encode('test').rstrip('='),
                               b64encode('tester3').rstrip('=')):
             'testing .reseller_admin',
             'user64_%s_%s' % (b64encode('user_foo').rstrip('='),
                               b64encode('ab').rstrip('=')):
             'urlly .admin http://a.b/v1/DEF_has',
         })(FakeApp())
     self.assertEquals(
         auth_filter.users, {
             'test:tester3': {
                 'url': '$HOST/v1/ABC_test',
                 'groups': ['.reseller_admin'],
                 'key': 'testing'
             },
             'user_foo:ab': {
                 'url': 'http://a.b/v1/DEF_has',
                 'groups': ['.admin'],
                 'key': 'urlly'
             },
         })

Example #11

File: test_tempauth.py Project: 10389030/swift

    def test_readwrite_privileges(self):
        test_auth = auth.filter_factory({'user_rw_user': '******'})(
            FakeApp(iter(NO_CONTENT_RESP * 15)))

        for target in ('/v1/AUTH_otheracct',):
            for method in ('GET', 'HEAD', 'OPTIONS'):
                # Read-Write user can read account data
                req = self._make_request(target, user_groups="AUTH_rw",
                                         environ={'REQUEST_METHOD': method})
                resp = req.get_response(test_auth)
                self.assertEquals(resp.status_int, 204)

                # swift_owner should NOT be set to True
                self.assertFalse(req.environ.get('swift_owner'))

            # RW user should NOT be able to PUT, POST, or DELETE to the account
            for method in ('PUT', 'POST', 'DELETE'):
                req = self._make_request(target, user_groups="AUTH_rw",
                                         environ={'REQUEST_METHOD': method})
                resp = req.get_response(test_auth)
                self.assertEquals(resp.status_int, 403)

        # RW user should be able to GET, PUT, POST, or DELETE to containers
        # and objects
        for target in ('/v1/AUTH_otheracct/c', '/v1/AUTH_otheracct/c/o'):
            for method in ('GET', 'HEAD', 'OPTIONS', 'PUT', 'POST', 'DELETE'):
                req = self._make_request(target, user_groups="AUTH_rw",
                                         environ={'REQUEST_METHOD': method})
                resp = req.get_response(test_auth)
                self.assertEquals(resp.status_int, 204)

Example #12

File: test_tempauth.py Project: UoM-ResPlat-DevOps/swift

 def test_override_asked_for_but_not_allowed(self):
     self.test_auth = auth.filter_factory({"allow_overrides": "false"})(FakeApp())
     req = self._make_request("/v1/AUTH_account", environ={"swift.authorize_override": True})
     resp = req.get_response(self.test_auth)
     self.assertEquals(resp.status_int, 401)
     self.assertEquals(resp.headers.get("Www-Authenticate"), 'Swift realm="AUTH_account"')
     self.assertEquals(req.environ["swift.authorize"], self.test_auth.authorize)

Example #13

File: test_tempauth.py Project: sudowork/swift

 def test_auth_no_reseller_prefix_no_token(self):
     # Check that normally we set up a call back to our authorize.
     local_auth = \
         auth.filter_factory({'reseller_prefix': ''})(FakeApp(iter([])))
     resp = self._make_request('/v1/account').get_response(local_auth)
     self.assertEquals(resp.status_int, 401)
     self.assertEquals(resp.environ['swift.authorize'],
                       local_auth.authorize)
     # Now make sure we don't override an existing swift.authorize when we
     # have no reseller prefix.
     local_auth = \
         auth.filter_factory({'reseller_prefix': ''})(FakeApp())
     local_authorize = lambda req: Response('test')
     resp = self._make_request('/v1/account', environ={'swift.authorize':
         local_authorize}).get_response(local_auth)
     self.assertEquals(resp.status_int, 200)
     self.assertEquals(resp.environ['swift.authorize'], local_authorize)

Example #14

File: test_tempauth.py Project: AnyBucket/OpenStack-Install-and-Understand-Guide

 def test_auth_no_reseller_prefix_no_token(self):
     # Check that normally we set up a call back to our authorize.
     local_auth = \
         auth.filter_factory({'reseller_prefix': ''})(FakeApp(iter([])))
     resp = self._make_request('/v1/account').get_response(local_auth)
     self.assertEquals(resp.status_int, 401)
     self.assertEquals(resp.environ['swift.authorize'],
                       local_auth.authorize)
     # Now make sure we don't override an existing swift.authorize when we
     # have no reseller prefix.
     local_auth = \
         auth.filter_factory({'reseller_prefix': ''})(FakeApp())
     local_authorize = lambda req: Response('test')
     resp = self._make_request('/v1/account', environ={'swift.authorize':
         local_authorize}).get_response(local_auth)
     self.assertEquals(resp.status_int, 200)
     self.assertEquals(resp.environ['swift.authorize'], local_authorize)

Example #15

File: test_tempauth.py Project: AnyBucket/OpenStack-Install-and-Understand-Guide

 def test_override_asked_for_and_allowed(self):
     self.test_auth = \
         auth.filter_factory({'allow_overrides': 'true'})(FakeApp())
     req = self._make_request('/v1/AUTH_account',
                              environ={'swift.authorize_override': True})
     resp = req.get_response(self.test_auth)
     self.assertEquals(resp.status_int, 404)
     self.assertTrue('swift.authorize' not in resp.environ)

Example #16

File: test_tempauth.py Project: zhanghua/swift

 def test_override_asked_for_and_allowed(self):
     self.test_auth = \
         auth.filter_factory({'allow_overrides': 'true'})(FakeApp())
     req = self._make_request('/v1/AUTH_account',
                              environ={'swift.authorize_override': True})
     resp = req.get_response(self.test_auth)
     self.assertEquals(resp.status_int, 404)
     self.assertTrue('swift.authorize' not in req.environ)

Example #17

File: test_tempauth.py Project: ChristopherMacGown/swift

 def test_storage_url_default(self):
     self.test_auth = auth.filter_factory({"user_test_tester": "testing"})(FakeApp())
     req = self._make_request("/auth/v1.0", headers={"X-Auth-User": "******", "X-Auth-Key": "testing"})
     del req.environ["HTTP_HOST"]
     req.environ["SERVER_NAME"] = "bob"
     req.environ["SERVER_PORT"] = "1234"
     resp = req.get_response(self.test_auth)
     self.assertEquals(resp.status_int, 200)
     self.assertEquals(resp.headers["x-storage-url"], "http://bob:1234/v1/AUTH_test")

Example #18

File: test_tempauth.py Project: ChristopherMacGown/swift

 def test_storage_url_overriden_scheme(self):
     self.test_auth = auth.filter_factory({"user_test_tester": "testing", "storage_url_scheme": "fake"})(FakeApp())
     req = self._make_request("/auth/v1.0", headers={"X-Auth-User": "******", "X-Auth-Key": "testing"})
     req.environ["HTTP_HOST"] = "somehost:5678"
     req.environ["SERVER_NAME"] = "bob"
     req.environ["SERVER_PORT"] = "1234"
     resp = req.get_response(self.test_auth)
     self.assertEquals(resp.status_int, 200)
     self.assertEquals(resp.headers["x-storage-url"], "fake://somehost:5678/v1/AUTH_test")

Example #19

File: test_tempauth.py Project: 10389030/swift

    def test_account_acl_success(self):
        test_auth = auth.filter_factory({'user_admin_user': '******'})(
            FakeApp(iter(NO_CONTENT_RESP * 1)))

        # admin (not a swift admin) wants to read from otheracct
        req = self._make_request('/v1/AUTH_otheract', user_groups="AUTH_admin")

        # The request returned by _make_request should be allowed
        resp = req.get_response(test_auth)
        self.assertEquals(resp.status_int, 204)

Example #20

File: test_tempauth.py Project: 10389030/swift

 def test_object_name_containing_slash(self):
     test_auth = auth.filter_factory({'user_acct_user': '******'})(
         FakeApp(iter(NO_CONTENT_RESP * 1)))
     req = self._make_request('/v1/AUTH_acct/cont/obj/name/with/slash',
                              headers={'X-Auth-Token': 'AUTH_t'})
     cache_key = 'AUTH_/token/AUTH_t'
     cache_entry = (time() + 3600, 'AUTH_acct')
     req.environ['swift.cache'].set(cache_key, cache_entry)
     resp = req.get_response(test_auth)
     self.assertEquals(resp.status_int, 204)

Example #21

File: test_tempauth.py Project: UoM-ResPlat-DevOps/swift

 def test_use_old_token_from_memcached(self):
     self.test_auth = auth.filter_factory({"user_test_tester": "testing", "storage_url_scheme": "fake"})(FakeApp())
     req = self._make_request("/auth/v1.0", headers={"X-Auth-User": "******", "X-Auth-Key": "testing"})
     req.environ["HTTP_HOST"] = "somehost:5678"
     req.environ["SERVER_NAME"] = "bob"
     req.environ["SERVER_PORT"] = "1234"
     req.environ["swift.cache"].set("AUTH_/user/test:tester", "uuid_token")
     req.environ["swift.cache"].set("AUTH_/token/uuid_token", (time() + 180, "test,test:tester"))
     resp = req.get_response(self.test_auth)
     self.assertEquals(resp.status_int, 200)
     self.assertEquals(resp.headers["x-auth-token"], "uuid_token")

Example #22

File: test_tempauth.py Project: chenbaihu/icehouse

    def test_get_user_group(self):
        app = FakeApp()
        ath = auth.filter_factory({})(app)

        ath.users = {'test:tester': {'groups': ['.admin']}}
        groups = ath._get_user_groups('test', 'test:tester', 'AUTH_test')
        self.assertEquals(groups, 'test,test:tester,AUTH_test')

        ath.users = {'test:tester': {'groups': []}}
        groups = ath._get_user_groups('test', 'test:tester', 'AUTH_test')
        self.assertEquals(groups, 'test,test:tester')

Example #23

File: test_tempauth.py Project: chenbaihu/icehouse

 def test_override_asked_for_but_not_allowed(self):
     self.test_auth = \
         auth.filter_factory({'allow_overrides': 'false'})(FakeApp())
     req = self._make_request('/v1/AUTH_account',
                              environ={'swift.authorize_override': True})
     resp = req.get_response(self.test_auth)
     self.assertEquals(resp.status_int, 401)
     self.assertEquals(resp.headers.get('Www-Authenticate'),
                       'Swift realm="AUTH_account"')
     self.assertEquals(req.environ['swift.authorize'],
                       self.test_auth.authorize)

Example #24

File: test_tempauth.py Project: 10389030/swift

 def test_use_token_success(self):
     # Example of how to simulate an authorized request
     test_auth = auth.filter_factory({'user_acct_user': '******'})(
         FakeApp(iter(NO_CONTENT_RESP * 1)))
     req = self._make_request('/v1/AUTH_acct',
                              headers={'X-Auth-Token': 'AUTH_t'})
     cache_key = 'AUTH_/token/AUTH_t'
     cache_entry = (time() + 3600, 'AUTH_acct')
     req.environ['swift.cache'].set(cache_key, cache_entry)
     resp = req.get_response(test_auth)
     self.assertEquals(resp.status_int, 204)

Example #25

File: test_tempauth.py Project: zhanghua/swift

 def test_key_with_no_value(self):
     self.assertRaises(
         ValueError,
         auth.filter_factory({
             'user_test_tester3':
             'testing',
             'user_bob_bobby':
             '',
             'user_admin_admin':
             'admin .admin .reseller_admin',
         }), FakeApp())

Example #26

File: test_tempauth.py Project: 10389030/swift

 def test_get_token_success(self):
     # Example of how to simulate the auth transaction
     test_auth = auth.filter_factory({'user_ac_user': '******'})(FakeApp())
     req = self._make_request(
         '/auth/v1.0',
         headers={'X-Auth-User': '******', 'X-Auth-Key': 'testing'})
     resp = req.get_response(test_auth)
     self.assertEquals(resp.status_int, 200)
     self.assertTrue(resp.headers['x-storage-url'].endswith('/v1/AUTH_ac'))
     self.assertTrue(resp.headers['x-auth-token'].startswith('AUTH_'))
     self.assertTrue(len(resp.headers['x-auth-token']) > 10)

Example #27

File: test_tempauth.py Project: UoM-ResPlat-DevOps/swift

    def test_get_user_group(self):
        app = FakeApp()
        ath = auth.filter_factory({})(app)

        ath.users = {"test:tester": {"groups": [".admin"]}}
        groups = ath._get_user_groups("test", "test:tester", "AUTH_test")
        self.assertEquals(groups, "test,test:tester,AUTH_test")

        ath.users = {"test:tester": {"groups": []}}
        groups = ath._get_user_groups("test", "test:tester", "AUTH_test")
        self.assertEquals(groups, "test,test:tester")

Example #28

File: test_tempauth.py Project: ChristopherMacGown/swift

 def test_auth_no_reseller_prefix_deny(self):
     # Ensures that when we have no reseller prefix, we don't deny a request
     # outright but set up a denial swift.authorize and pass the request on
     # down the chain.
     local_app = FakeApp()
     local_auth = auth.filter_factory({"reseller_prefix": ""})(local_app)
     req = self._make_request("/v1/account", headers={"X-Auth-Token": "t"})
     resp = req.get_response(local_auth)
     self.assertEquals(resp.status_int, 401)
     self.assertEquals(local_app.calls, 1)
     self.assertEquals(req.environ["swift.authorize"], local_auth.denied_response)

Example #29

File: test_tempauth.py Project: 10389030/swift

 def test_override_asked_for_but_not_allowed(self):
     self.test_auth = \
         auth.filter_factory({'allow_overrides': 'false'})(FakeApp())
     req = self._make_request('/v1/AUTH_account',
                              environ={'swift.authorize_override': True})
     resp = req.get_response(self.test_auth)
     self.assertEquals(resp.status_int, 401)
     self.assertEquals(resp.headers.get('Www-Authenticate'),
                       'Swift realm="AUTH_account"')
     self.assertEquals(req.environ['swift.authorize'],
                       self.test_auth.authorize)

Example #30

File: test_tempauth.py Project: 10389030/swift

    def test_get_user_group(self):
        app = FakeApp()
        ath = auth.filter_factory({})(app)

        ath.users = {'test:tester': {'groups': ['.admin']}}
        groups = ath._get_user_groups('test', 'test:tester', 'AUTH_test')
        self.assertEquals(groups, 'test,test:tester,AUTH_test')

        ath.users = {'test:tester': {'groups': []}}
        groups = ath._get_user_groups('test', 'test:tester', 'AUTH_test')
        self.assertEquals(groups, 'test,test:tester')

Example #31

File: test_tempauth.py Project: zhanghua/swift

 def test_auth_no_reseller_prefix_deny(self):
     # Ensures that when we have no reseller prefix, we don't deny a request
     # outright but set up a denial swift.authorize and pass the request on
     # down the chain.
     local_app = FakeApp()
     local_auth = auth.filter_factory({'reseller_prefix': ''})(local_app)
     req = self._make_request('/v1/account', headers={'X-Auth-Token': 't'})
     resp = req.get_response(local_auth)
     self.assertEquals(resp.status_int, 401)
     self.assertEquals(local_app.calls, 1)
     self.assertEquals(req.environ['swift.authorize'],
                       local_auth.denied_response)

Example #32

File: test_tempauth.py Project: ChristopherMacGown/swift

 def test_key_with_no_value(self):
     self.assertRaises(
         ValueError,
         auth.filter_factory(
             {
                 "user_test_tester3": "testing",
                 "user_bob_bobby": "",
                 "user_admin_admin": "admin .admin .reseller_admin",
             }
         ),
         FakeApp(),
     )

Example #33

 def test_bind_ip_all_zeroes(self):
     auth_filter = auth.filter_factory({
         'reseller_prefix': 'ABC',
         'bind_ip': '0.0.0.0',
         'user_admin_admin': 'admin .admin .reseller_admin',
     })(FakeApp())
     self.assertEquals(auth_filter.users, {
         'admin:admin': {
             'url': 'http://127.0.0.1:8080/v1/ABC_admin',
             'groups': ['.admin', '.reseller_admin'],
             'key': 'admin',
         },
     })

Example #34

 def test_storage_url_based_on_host(self):
     self.test_auth = \
         auth.filter_factory({'user_test_tester': 'testing'})(FakeApp())
     req = self._make_request(
         '/auth/v1.0',
         headers={'X-Auth-User': '******', 'X-Auth-Key': 'testing'})
     req.environ['HTTP_HOST'] = 'somehost:5678'
     req.environ['SERVER_NAME'] = 'bob'
     req.environ['SERVER_PORT'] = '1234'
     resp = req.get_response(self.test_auth)
     self.assertEquals(resp.status_int, 200)
     self.assertEquals(resp.headers['x-storage-url'],
                       'http://somehost:5678/v1/AUTH_test')

Example #35

File: test_tempauth.py Project: 10389030/swift

    def test_account_acl_failures(self):
        test_auth = auth.filter_factory({'user_admin_user': '******'})(
            FakeApp())

        # If I'm not authed as anyone on the ACLs, I shouldn't get in
        req = self._make_request('/v1/AUTH_otheract', user_groups="AUTH_bob")
        resp = req.get_response(test_auth)
        self.assertEquals(resp.status_int, 403)

        # If the target account has no ACLs, a non-owner shouldn't get in
        req = self._make_request('/v1/AUTH_otheract', user_groups="AUTH_admin",
                                 acls={})
        resp = req.get_response(test_auth)
        self.assertEquals(resp.status_int, 403)

Example #36

File: test_tempauth.py Project: 10389030/swift

 def test_authorize_acl_referrer_access(self):
     self.test_auth = auth.filter_factory({})(
         FakeApp(iter(NO_CONTENT_RESP * 6)))
     req = self._make_request('/v1/AUTH_cfa/c')
     req.remote_user = '******'
     resp = self.test_auth.authorize(req)
     self.assertEquals(resp.status_int, 403)
     req = self._make_request('/v1/AUTH_cfa/c')
     req.remote_user = '******'
     req.acl = '.r:*,.rlistings'
     self.assertEquals(self.test_auth.authorize(req), None)
     req = self._make_request('/v1/AUTH_cfa/c')
     req.remote_user = '******'
     req.acl = '.r:*'  # No listings allowed
     resp = self.test_auth.authorize(req)
     self.assertEquals(resp.status_int, 403)
     req = self._make_request('/v1/AUTH_cfa/c')
     req.remote_user = '******'
     req.acl = '.r:.example.com,.rlistings'
     resp = self.test_auth.authorize(req)
     self.assertEquals(resp.status_int, 403)
     req = self._make_request('/v1/AUTH_cfa/c')
     req.remote_user = '******'
     req.referer = 'http://www.example.com/index.html'
     req.acl = '.r:.example.com,.rlistings'
     self.assertEquals(self.test_auth.authorize(req), None)
     req = self._make_request('/v1/AUTH_cfa/c')
     resp = self.test_auth.authorize(req)
     self.assertEquals(resp.status_int, 401)
     self.assertEquals(resp.headers.get('Www-Authenticate'),
                       'Swift realm="AUTH_cfa"')
     req = self._make_request('/v1/AUTH_cfa/c')
     req.acl = '.r:*,.rlistings'
     self.assertEquals(self.test_auth.authorize(req), None)
     req = self._make_request('/v1/AUTH_cfa/c')
     req.acl = '.r:*'  # No listings allowed
     resp = self.test_auth.authorize(req)
     self.assertEquals(resp.status_int, 401)
     self.assertEquals(resp.headers.get('Www-Authenticate'),
                       'Swift realm="AUTH_cfa"')
     req = self._make_request('/v1/AUTH_cfa/c')
     req.acl = '.r:.example.com,.rlistings'
     resp = self.test_auth.authorize(req)
     self.assertEquals(resp.status_int, 401)
     self.assertEquals(resp.headers.get('Www-Authenticate'),
                       'Swift realm="AUTH_cfa"')
     req = self._make_request('/v1/AUTH_cfa/c')
     req.referer = 'http://www.example.com/index.html'
     req.acl = '.r:.example.com,.rlistings'
     self.assertEquals(self.test_auth.authorize(req), None)

Example #37

File: test_tempauth.py Project: 10389030/swift

 def test_auth_no_reseller_prefix_deny(self):
     # Ensures that when we have no reseller prefix, we don't deny a request
     # outright but set up a denial swift.authorize and pass the request on
     # down the chain.
     local_app = FakeApp()
     local_auth = auth.filter_factory({'reseller_prefix': ''})(local_app)
     req = self._make_request('/v1/account',
                              headers={'X-Auth-Token': 't'})
     resp = req.get_response(local_auth)
     self.assertEquals(resp.status_int, 401)
     self.assertEquals(resp.headers.get('Www-Authenticate'),
                       'Swift realm="account"')
     self.assertEquals(local_app.calls, 1)
     self.assertEquals(req.environ['swift.authorize'],
                       local_auth.denied_response)

Example #38

File: test_tempauth.py Project: 10389030/swift

 def test_auth_reseller_prefix_with_s3_deny(self):
     # Ensures that when we have a reseller prefix and using a middleware
     # relying on Http-Authorization (for example swift3), we don't deny a
     # request outright but set up a denial swift.authorize and pass the
     # request on down the chain.
     local_app = FakeApp()
     local_auth = auth.filter_factory({'reseller_prefix': 'PRE'})(local_app)
     req = self._make_request('/v1/account',
                              headers={'X-Auth-Token': 't',
                                       'Authorization': 'AWS user:pw'})
     resp = req.get_response(local_auth)
     self.assertEquals(resp.status_int, 401)
     self.assertEquals(local_app.calls, 1)
     self.assertEquals(req.environ['swift.authorize'],
                       local_auth.denied_response)

Example #39

File: test_tempauth.py Project: AnyBucket/OpenStack-Install-and-Understand-Guide

 def test_parse_user_creation(self):
     auth_filter = auth.filter_factory({
         'user_test_tester3': 'testing',
         'user_admin_admin': 'admin .admin .reseller_admin',
     })(FakeApp())
     self.assertEquals(auth_filter.users, {
         'admin:admin': {
             'url': 'http://127.0.0.1:8080/v1/AUTH_admin', 
             'groups': ['.admin', '.reseller_admin'], 
             'key': 'admin'
         }, 'test:tester3': {
             'url': 'http://127.0.0.1:8080/v1/AUTH_test', 
             'groups': [], 
             'key': 'testing'
         },
     })

Example #40

File: test_tempauth.py Project: 10389030/swift

    def test_admin_privileges(self):
        test_auth = auth.filter_factory({'user_admin_user': '******'})(
            FakeApp(iter(NO_CONTENT_RESP * 18)))

        for target in ('/v1/AUTH_otheracct', '/v1/AUTH_otheracct/container',
                       '/v1/AUTH_otheracct/container/obj'):
            for method in ('GET', 'HEAD', 'OPTIONS', 'PUT', 'POST', 'DELETE'):
                # Admin ACL user can do anything
                req = self._make_request(target, user_groups="AUTH_admin",
                                         environ={'REQUEST_METHOD': method})
                resp = req.get_response(test_auth)
                self.assertEquals(resp.status_int, 204)

                # swift_owner should be set to True
                if method != 'OPTIONS':
                    self.assertTrue(req.environ.get('swift_owner'))

Example #41

File: test_tempauth.py Project: sudowork/swift

 def test_parse_user_creation(self):
     auth_filter = auth.filter_factory({
         'user_test_tester3': 'testing',
         'user_admin_admin': 'admin .admin .reseller_admin',
     })(FakeApp())
     self.assertEquals(auth_filter.users, {
         'admin:admin': {
             'url': 'http://127.0.0.1:8080/v1/AUTH_admin', 
             'groups': ['.admin', '.reseller_admin'], 
             'key': 'admin'
         }, 'test:tester3': {
             'url': 'http://127.0.0.1:8080/v1/AUTH_test', 
             'groups': [], 
             'key': 'testing'
         },
     })

Example #42

File: test_tempauth.py Project: chenbaihu/icehouse

 def test_auth_reseller_prefix_with_s3_deny(self):
     # Ensures that when we have a reseller prefix and using a middleware
     # relying on Http-Authorization (for example swift3), we don't deny a
     # request outright but set up a denial swift.authorize and pass the
     # request on down the chain.
     local_app = FakeApp()
     local_auth = auth.filter_factory({'reseller_prefix': 'PRE'})(local_app)
     req = self._make_request('/v1/account',
                              headers={
                                  'X-Auth-Token': 't',
                                  'Authorization': 'AWS user:pw'
                              })
     resp = req.get_response(local_auth)
     self.assertEquals(resp.status_int, 401)
     self.assertEquals(local_app.calls, 1)
     self.assertEquals(req.environ['swift.authorize'],
                       local_auth.denied_response)

Example #43

File: test_tempauth.py Project: zhanghua/swift

 def test_auth_prefix_init(self):
     app = FakeApp()
     ath = auth.filter_factory({})(app)
     self.assertEquals(ath.auth_prefix, '/auth/')
     ath = auth.filter_factory({'auth_prefix': ''})(app)
     self.assertEquals(ath.auth_prefix, '/auth/')
     ath = auth.filter_factory({'auth_prefix': '/'})(app)
     self.assertEquals(ath.auth_prefix, '/auth/')
     ath = auth.filter_factory({'auth_prefix': '/test/'})(app)
     self.assertEquals(ath.auth_prefix, '/test/')
     ath = auth.filter_factory({'auth_prefix': '/test'})(app)
     self.assertEquals(ath.auth_prefix, '/test/')
     ath = auth.filter_factory({'auth_prefix': 'test/'})(app)
     self.assertEquals(ath.auth_prefix, '/test/')
     ath = auth.filter_factory({'auth_prefix': 'test'})(app)
     self.assertEquals(ath.auth_prefix, '/test/')

Example #44

File: test_tempauth.py Project: chenbaihu/icehouse

 def test_use_old_token_from_memcached(self):
     self.test_auth = \
         auth.filter_factory({'user_test_tester': 'testing',
                              'storage_url_scheme': 'fake'})(FakeApp())
     req = self._make_request('/auth/v1.0',
                              headers={
                                  'X-Auth-User': '******',
                                  'X-Auth-Key': 'testing'
                              })
     req.environ['HTTP_HOST'] = 'somehost:5678'
     req.environ['SERVER_NAME'] = 'bob'
     req.environ['SERVER_PORT'] = '1234'
     req.environ['swift.cache'].set('AUTH_/user/test:tester', 'uuid_token')
     req.environ['swift.cache'].set('AUTH_/token/uuid_token',
                                    (time() + 180, 'test,test:tester'))
     resp = req.get_response(self.test_auth)
     self.assertEquals(resp.status_int, 200)
     self.assertEquals(resp.headers['x-auth-token'], 'uuid_token')

Example #45

 def setUp(self):
     self.app = FakeApp()
     self.auth = tempauth.filter_factory({'reseller_prefix': ''})(self.app)
     self.tempurl = tempurl.filter_factory({})(self.auth)

Example #46

File: test_tempurl.py Project: sudowork/swift

 def setUp(self):
     self.app = FakeApp()
     self.auth = tempauth.filter_factory({})(self.app)
     self.tempurl = tempurl.filter_factory({})(self.auth)

Example #47

File: test_tempauth.py Project: zhanghua/swift

 def setUp(self):
     self.test_auth = auth.filter_factory({})(FakeApp())