def test_allowed_sync_hosts(self): a = auth.filter_factory({'super_admin_key': 'supertest'})(FakeApp()) self.assertEquals(a.allowed_sync_hosts, ['127.0.0.1']) a = auth.filter_factory({'super_admin_key': 'supertest', 'allowed_sync_hosts': '1.1.1.1,2.1.1.1, 3.1.1.1 , 4.1.1.1,, , 5.1.1.1'})(FakeApp()) self.assertEquals(a.allowed_sync_hosts, ['1.1.1.1', '2.1.1.1', '3.1.1.1', '4.1.1.1', '5.1.1.1'])
def test_reseller_prefix_init(self): app = FakeApp() ath = auth.filter_factory({})(app) self.assertEquals(ath.reseller_prefix, "AUTH_") ath = auth.filter_factory({"reseller_prefix": "TEST"})(app) self.assertEquals(ath.reseller_prefix, "TEST_") ath = auth.filter_factory({"reseller_prefix": "TEST_"})(app) self.assertEquals(ath.reseller_prefix, "TEST_")
def test_reseller_prefix_init(self): app = FakeApp() ath = auth.filter_factory({})(app) self.assertEquals(ath.reseller_prefix, 'AUTH_') ath = auth.filter_factory({'reseller_prefix': 'TEST'})(app) self.assertEquals(ath.reseller_prefix, 'TEST_') ath = auth.filter_factory({'reseller_prefix': 'TEST_'})(app) self.assertEquals(ath.reseller_prefix, 'TEST_')
def test_auth_no_reseller_prefix_no_token(self): # Check that normally we set up a call back to our authorize. local_auth = auth.filter_factory({"reseller_prefix": ""})(FakeApp(iter([]))) req = self._make_request("/v1/account") resp = req.get_response(local_auth) self.assertEquals(resp.status_int, 401) self.assertEquals(req.environ["swift.authorize"], local_auth.authorize) # Now make sure we don't override an existing swift.authorize when we # have no reseller prefix. local_auth = auth.filter_factory({"reseller_prefix": ""})(FakeApp()) local_authorize = lambda req: Response("test") req = self._make_request("/v1/account", environ={"swift.authorize": local_authorize}) resp = req.get_response(local_auth) self.assertEquals(resp.status_int, 200) self.assertEquals(req.environ["swift.authorize"], local_authorize)
def test_account_delete_permissions(self): self.test_auth = auth.filter_factory({})( FakeApp(iter(NO_CONTENT_RESP * 4))) req = self._make_request('/v1/AUTH_new', environ={'REQUEST_METHOD': 'DELETE'}) req.remote_user = '******' resp = self.test_auth.authorize(req) self.assertEquals(resp.status_int, 403) req = self._make_request('/v1/AUTH_new', environ={'REQUEST_METHOD': 'DELETE'}) req.remote_user = '******' resp = self.test_auth.authorize(req) self.assertEquals(resp.status_int, 403) # Even DELETEs to your own account as account admin should fail req = self._make_request('/v1/AUTH_old', environ={'REQUEST_METHOD': 'DELETE'}) req.remote_user = '******' resp = self.test_auth.authorize(req) self.assertEquals(resp.status_int, 403) req = self._make_request('/v1/AUTH_new', environ={'REQUEST_METHOD': 'DELETE'}) req.remote_user = '******' resp = self.test_auth.authorize(req) self.assertEquals(resp, None) # .super_admin is not something the middleware should ever see or care # about req = self._make_request('/v1/AUTH_new', environ={'REQUEST_METHOD': 'DELETE'}) req.remote_user = '******' resp = self.test_auth.authorize(req) self.assertEquals(resp.status_int, 403)
def test_authorize_acl_group_access(self): self.test_auth = auth.filter_factory({})( FakeApp(iter(NO_CONTENT_RESP * 3))) req = self._make_request('/v1/AUTH_cfa') req.remote_user = '******' resp = self.test_auth.authorize(req) self.assertEquals(resp.status_int, 403) req = self._make_request('/v1/AUTH_cfa') req.remote_user = '******' req.acl = 'act' self.assertEquals(self.test_auth.authorize(req), None) req = self._make_request('/v1/AUTH_cfa') req.remote_user = '******' req.acl = 'act:usr' self.assertEquals(self.test_auth.authorize(req), None) req = self._make_request('/v1/AUTH_cfa') req.remote_user = '******' req.acl = 'act2' resp = self.test_auth.authorize(req) self.assertEquals(resp.status_int, 403) req = self._make_request('/v1/AUTH_cfa') req.remote_user = '******' req.acl = 'act:usr2' resp = self.test_auth.authorize(req) self.assertEquals(resp.status_int, 403)
def test_parse_user_creation(self): auth_filter = auth.filter_factory({ 'reseller_prefix': 'ABC', 'user_test_tester3': 'testing', 'user_has_url': 'urlly .admin http://a.b/v1/DEF_has', 'user_admin_admin': 'admin .admin .reseller_admin', })(FakeApp()) self.assertEquals( auth_filter.users, { 'admin:admin': { 'url': '$HOST/v1/ABC_admin', 'groups': ['.admin', '.reseller_admin'], 'key': 'admin' }, 'test:tester3': { 'url': '$HOST/v1/ABC_test', 'groups': [], 'key': 'testing' }, 'has:url': { 'url': 'http://a.b/v1/DEF_has', 'groups': ['.admin'], 'key': 'urlly' }, })
def test_base64_encoding(self): auth_filter = auth.filter_factory( { 'reseller_prefix': 'ABC', 'user64_%s_%s' % (b64encode('test').rstrip('='), b64encode('tester3').rstrip('=')): 'testing .reseller_admin', 'user64_%s_%s' % (b64encode('user_foo').rstrip('='), b64encode('ab').rstrip('=')): 'urlly .admin http://a.b/v1/DEF_has', })(FakeApp()) self.assertEquals( auth_filter.users, { 'test:tester3': { 'url': '$HOST/v1/ABC_test', 'groups': ['.reseller_admin'], 'key': 'testing' }, 'user_foo:ab': { 'url': 'http://a.b/v1/DEF_has', 'groups': ['.admin'], 'key': 'urlly' }, })
def test_readwrite_privileges(self): test_auth = auth.filter_factory({'user_rw_user': '******'})( FakeApp(iter(NO_CONTENT_RESP * 15))) for target in ('/v1/AUTH_otheracct',): for method in ('GET', 'HEAD', 'OPTIONS'): # Read-Write user can read account data req = self._make_request(target, user_groups="AUTH_rw", environ={'REQUEST_METHOD': method}) resp = req.get_response(test_auth) self.assertEquals(resp.status_int, 204) # swift_owner should NOT be set to True self.assertFalse(req.environ.get('swift_owner')) # RW user should NOT be able to PUT, POST, or DELETE to the account for method in ('PUT', 'POST', 'DELETE'): req = self._make_request(target, user_groups="AUTH_rw", environ={'REQUEST_METHOD': method}) resp = req.get_response(test_auth) self.assertEquals(resp.status_int, 403) # RW user should be able to GET, PUT, POST, or DELETE to containers # and objects for target in ('/v1/AUTH_otheracct/c', '/v1/AUTH_otheracct/c/o'): for method in ('GET', 'HEAD', 'OPTIONS', 'PUT', 'POST', 'DELETE'): req = self._make_request(target, user_groups="AUTH_rw", environ={'REQUEST_METHOD': method}) resp = req.get_response(test_auth) self.assertEquals(resp.status_int, 204)
def test_override_asked_for_but_not_allowed(self): self.test_auth = auth.filter_factory({"allow_overrides": "false"})(FakeApp()) req = self._make_request("/v1/AUTH_account", environ={"swift.authorize_override": True}) resp = req.get_response(self.test_auth) self.assertEquals(resp.status_int, 401) self.assertEquals(resp.headers.get("Www-Authenticate"), 'Swift realm="AUTH_account"') self.assertEquals(req.environ["swift.authorize"], self.test_auth.authorize)
def test_auth_no_reseller_prefix_no_token(self): # Check that normally we set up a call back to our authorize. local_auth = \ auth.filter_factory({'reseller_prefix': ''})(FakeApp(iter([]))) resp = self._make_request('/v1/account').get_response(local_auth) self.assertEquals(resp.status_int, 401) self.assertEquals(resp.environ['swift.authorize'], local_auth.authorize) # Now make sure we don't override an existing swift.authorize when we # have no reseller prefix. local_auth = \ auth.filter_factory({'reseller_prefix': ''})(FakeApp()) local_authorize = lambda req: Response('test') resp = self._make_request('/v1/account', environ={'swift.authorize': local_authorize}).get_response(local_auth) self.assertEquals(resp.status_int, 200) self.assertEquals(resp.environ['swift.authorize'], local_authorize)
def test_override_asked_for_and_allowed(self): self.test_auth = \ auth.filter_factory({'allow_overrides': 'true'})(FakeApp()) req = self._make_request('/v1/AUTH_account', environ={'swift.authorize_override': True}) resp = req.get_response(self.test_auth) self.assertEquals(resp.status_int, 404) self.assertTrue('swift.authorize' not in resp.environ)
def test_override_asked_for_and_allowed(self): self.test_auth = \ auth.filter_factory({'allow_overrides': 'true'})(FakeApp()) req = self._make_request('/v1/AUTH_account', environ={'swift.authorize_override': True}) resp = req.get_response(self.test_auth) self.assertEquals(resp.status_int, 404) self.assertTrue('swift.authorize' not in req.environ)
def test_storage_url_default(self): self.test_auth = auth.filter_factory({"user_test_tester": "testing"})(FakeApp()) req = self._make_request("/auth/v1.0", headers={"X-Auth-User": "******", "X-Auth-Key": "testing"}) del req.environ["HTTP_HOST"] req.environ["SERVER_NAME"] = "bob" req.environ["SERVER_PORT"] = "1234" resp = req.get_response(self.test_auth) self.assertEquals(resp.status_int, 200) self.assertEquals(resp.headers["x-storage-url"], "http://bob:1234/v1/AUTH_test")
def test_storage_url_overriden_scheme(self): self.test_auth = auth.filter_factory({"user_test_tester": "testing", "storage_url_scheme": "fake"})(FakeApp()) req = self._make_request("/auth/v1.0", headers={"X-Auth-User": "******", "X-Auth-Key": "testing"}) req.environ["HTTP_HOST"] = "somehost:5678" req.environ["SERVER_NAME"] = "bob" req.environ["SERVER_PORT"] = "1234" resp = req.get_response(self.test_auth) self.assertEquals(resp.status_int, 200) self.assertEquals(resp.headers["x-storage-url"], "fake://somehost:5678/v1/AUTH_test")
def test_account_acl_success(self): test_auth = auth.filter_factory({'user_admin_user': '******'})( FakeApp(iter(NO_CONTENT_RESP * 1))) # admin (not a swift admin) wants to read from otheracct req = self._make_request('/v1/AUTH_otheract', user_groups="AUTH_admin") # The request returned by _make_request should be allowed resp = req.get_response(test_auth) self.assertEquals(resp.status_int, 204)
def test_object_name_containing_slash(self): test_auth = auth.filter_factory({'user_acct_user': '******'})( FakeApp(iter(NO_CONTENT_RESP * 1))) req = self._make_request('/v1/AUTH_acct/cont/obj/name/with/slash', headers={'X-Auth-Token': 'AUTH_t'}) cache_key = 'AUTH_/token/AUTH_t' cache_entry = (time() + 3600, 'AUTH_acct') req.environ['swift.cache'].set(cache_key, cache_entry) resp = req.get_response(test_auth) self.assertEquals(resp.status_int, 204)
def test_use_old_token_from_memcached(self): self.test_auth = auth.filter_factory({"user_test_tester": "testing", "storage_url_scheme": "fake"})(FakeApp()) req = self._make_request("/auth/v1.0", headers={"X-Auth-User": "******", "X-Auth-Key": "testing"}) req.environ["HTTP_HOST"] = "somehost:5678" req.environ["SERVER_NAME"] = "bob" req.environ["SERVER_PORT"] = "1234" req.environ["swift.cache"].set("AUTH_/user/test:tester", "uuid_token") req.environ["swift.cache"].set("AUTH_/token/uuid_token", (time() + 180, "test,test:tester")) resp = req.get_response(self.test_auth) self.assertEquals(resp.status_int, 200) self.assertEquals(resp.headers["x-auth-token"], "uuid_token")
def test_get_user_group(self): app = FakeApp() ath = auth.filter_factory({})(app) ath.users = {'test:tester': {'groups': ['.admin']}} groups = ath._get_user_groups('test', 'test:tester', 'AUTH_test') self.assertEquals(groups, 'test,test:tester,AUTH_test') ath.users = {'test:tester': {'groups': []}} groups = ath._get_user_groups('test', 'test:tester', 'AUTH_test') self.assertEquals(groups, 'test,test:tester')
def test_override_asked_for_but_not_allowed(self): self.test_auth = \ auth.filter_factory({'allow_overrides': 'false'})(FakeApp()) req = self._make_request('/v1/AUTH_account', environ={'swift.authorize_override': True}) resp = req.get_response(self.test_auth) self.assertEquals(resp.status_int, 401) self.assertEquals(resp.headers.get('Www-Authenticate'), 'Swift realm="AUTH_account"') self.assertEquals(req.environ['swift.authorize'], self.test_auth.authorize)
def test_use_token_success(self): # Example of how to simulate an authorized request test_auth = auth.filter_factory({'user_acct_user': '******'})( FakeApp(iter(NO_CONTENT_RESP * 1))) req = self._make_request('/v1/AUTH_acct', headers={'X-Auth-Token': 'AUTH_t'}) cache_key = 'AUTH_/token/AUTH_t' cache_entry = (time() + 3600, 'AUTH_acct') req.environ['swift.cache'].set(cache_key, cache_entry) resp = req.get_response(test_auth) self.assertEquals(resp.status_int, 204)
def test_key_with_no_value(self): self.assertRaises( ValueError, auth.filter_factory({ 'user_test_tester3': 'testing', 'user_bob_bobby': '', 'user_admin_admin': 'admin .admin .reseller_admin', }), FakeApp())
def test_get_token_success(self): # Example of how to simulate the auth transaction test_auth = auth.filter_factory({'user_ac_user': '******'})(FakeApp()) req = self._make_request( '/auth/v1.0', headers={'X-Auth-User': '******', 'X-Auth-Key': 'testing'}) resp = req.get_response(test_auth) self.assertEquals(resp.status_int, 200) self.assertTrue(resp.headers['x-storage-url'].endswith('/v1/AUTH_ac')) self.assertTrue(resp.headers['x-auth-token'].startswith('AUTH_')) self.assertTrue(len(resp.headers['x-auth-token']) > 10)
def test_get_user_group(self): app = FakeApp() ath = auth.filter_factory({})(app) ath.users = {"test:tester": {"groups": [".admin"]}} groups = ath._get_user_groups("test", "test:tester", "AUTH_test") self.assertEquals(groups, "test,test:tester,AUTH_test") ath.users = {"test:tester": {"groups": []}} groups = ath._get_user_groups("test", "test:tester", "AUTH_test") self.assertEquals(groups, "test,test:tester")
def test_auth_no_reseller_prefix_deny(self): # Ensures that when we have no reseller prefix, we don't deny a request # outright but set up a denial swift.authorize and pass the request on # down the chain. local_app = FakeApp() local_auth = auth.filter_factory({"reseller_prefix": ""})(local_app) req = self._make_request("/v1/account", headers={"X-Auth-Token": "t"}) resp = req.get_response(local_auth) self.assertEquals(resp.status_int, 401) self.assertEquals(local_app.calls, 1) self.assertEquals(req.environ["swift.authorize"], local_auth.denied_response)
def test_auth_no_reseller_prefix_deny(self): # Ensures that when we have no reseller prefix, we don't deny a request # outright but set up a denial swift.authorize and pass the request on # down the chain. local_app = FakeApp() local_auth = auth.filter_factory({'reseller_prefix': ''})(local_app) req = self._make_request('/v1/account', headers={'X-Auth-Token': 't'}) resp = req.get_response(local_auth) self.assertEquals(resp.status_int, 401) self.assertEquals(local_app.calls, 1) self.assertEquals(req.environ['swift.authorize'], local_auth.denied_response)
def test_key_with_no_value(self): self.assertRaises( ValueError, auth.filter_factory( { "user_test_tester3": "testing", "user_bob_bobby": "", "user_admin_admin": "admin .admin .reseller_admin", } ), FakeApp(), )
def test_bind_ip_all_zeroes(self): auth_filter = auth.filter_factory({ 'reseller_prefix': 'ABC', 'bind_ip': '0.0.0.0', 'user_admin_admin': 'admin .admin .reseller_admin', })(FakeApp()) self.assertEquals(auth_filter.users, { 'admin:admin': { 'url': 'http://127.0.0.1:8080/v1/ABC_admin', 'groups': ['.admin', '.reseller_admin'], 'key': 'admin', }, })
def test_storage_url_based_on_host(self): self.test_auth = \ auth.filter_factory({'user_test_tester': 'testing'})(FakeApp()) req = self._make_request( '/auth/v1.0', headers={'X-Auth-User': '******', 'X-Auth-Key': 'testing'}) req.environ['HTTP_HOST'] = 'somehost:5678' req.environ['SERVER_NAME'] = 'bob' req.environ['SERVER_PORT'] = '1234' resp = req.get_response(self.test_auth) self.assertEquals(resp.status_int, 200) self.assertEquals(resp.headers['x-storage-url'], 'http://somehost:5678/v1/AUTH_test')
def test_account_acl_failures(self): test_auth = auth.filter_factory({'user_admin_user': '******'})( FakeApp()) # If I'm not authed as anyone on the ACLs, I shouldn't get in req = self._make_request('/v1/AUTH_otheract', user_groups="AUTH_bob") resp = req.get_response(test_auth) self.assertEquals(resp.status_int, 403) # If the target account has no ACLs, a non-owner shouldn't get in req = self._make_request('/v1/AUTH_otheract', user_groups="AUTH_admin", acls={}) resp = req.get_response(test_auth) self.assertEquals(resp.status_int, 403)
def test_authorize_acl_referrer_access(self): self.test_auth = auth.filter_factory({})( FakeApp(iter(NO_CONTENT_RESP * 6))) req = self._make_request('/v1/AUTH_cfa/c') req.remote_user = '******' resp = self.test_auth.authorize(req) self.assertEquals(resp.status_int, 403) req = self._make_request('/v1/AUTH_cfa/c') req.remote_user = '******' req.acl = '.r:*,.rlistings' self.assertEquals(self.test_auth.authorize(req), None) req = self._make_request('/v1/AUTH_cfa/c') req.remote_user = '******' req.acl = '.r:*' # No listings allowed resp = self.test_auth.authorize(req) self.assertEquals(resp.status_int, 403) req = self._make_request('/v1/AUTH_cfa/c') req.remote_user = '******' req.acl = '.r:.example.com,.rlistings' resp = self.test_auth.authorize(req) self.assertEquals(resp.status_int, 403) req = self._make_request('/v1/AUTH_cfa/c') req.remote_user = '******' req.referer = 'http://www.example.com/index.html' req.acl = '.r:.example.com,.rlistings' self.assertEquals(self.test_auth.authorize(req), None) req = self._make_request('/v1/AUTH_cfa/c') resp = self.test_auth.authorize(req) self.assertEquals(resp.status_int, 401) self.assertEquals(resp.headers.get('Www-Authenticate'), 'Swift realm="AUTH_cfa"') req = self._make_request('/v1/AUTH_cfa/c') req.acl = '.r:*,.rlistings' self.assertEquals(self.test_auth.authorize(req), None) req = self._make_request('/v1/AUTH_cfa/c') req.acl = '.r:*' # No listings allowed resp = self.test_auth.authorize(req) self.assertEquals(resp.status_int, 401) self.assertEquals(resp.headers.get('Www-Authenticate'), 'Swift realm="AUTH_cfa"') req = self._make_request('/v1/AUTH_cfa/c') req.acl = '.r:.example.com,.rlistings' resp = self.test_auth.authorize(req) self.assertEquals(resp.status_int, 401) self.assertEquals(resp.headers.get('Www-Authenticate'), 'Swift realm="AUTH_cfa"') req = self._make_request('/v1/AUTH_cfa/c') req.referer = 'http://www.example.com/index.html' req.acl = '.r:.example.com,.rlistings' self.assertEquals(self.test_auth.authorize(req), None)
def test_auth_no_reseller_prefix_deny(self): # Ensures that when we have no reseller prefix, we don't deny a request # outright but set up a denial swift.authorize and pass the request on # down the chain. local_app = FakeApp() local_auth = auth.filter_factory({'reseller_prefix': ''})(local_app) req = self._make_request('/v1/account', headers={'X-Auth-Token': 't'}) resp = req.get_response(local_auth) self.assertEquals(resp.status_int, 401) self.assertEquals(resp.headers.get('Www-Authenticate'), 'Swift realm="account"') self.assertEquals(local_app.calls, 1) self.assertEquals(req.environ['swift.authorize'], local_auth.denied_response)
def test_auth_reseller_prefix_with_s3_deny(self): # Ensures that when we have a reseller prefix and using a middleware # relying on Http-Authorization (for example swift3), we don't deny a # request outright but set up a denial swift.authorize and pass the # request on down the chain. local_app = FakeApp() local_auth = auth.filter_factory({'reseller_prefix': 'PRE'})(local_app) req = self._make_request('/v1/account', headers={'X-Auth-Token': 't', 'Authorization': 'AWS user:pw'}) resp = req.get_response(local_auth) self.assertEquals(resp.status_int, 401) self.assertEquals(local_app.calls, 1) self.assertEquals(req.environ['swift.authorize'], local_auth.denied_response)
def test_parse_user_creation(self): auth_filter = auth.filter_factory({ 'user_test_tester3': 'testing', 'user_admin_admin': 'admin .admin .reseller_admin', })(FakeApp()) self.assertEquals(auth_filter.users, { 'admin:admin': { 'url': 'http://127.0.0.1:8080/v1/AUTH_admin', 'groups': ['.admin', '.reseller_admin'], 'key': 'admin' }, 'test:tester3': { 'url': 'http://127.0.0.1:8080/v1/AUTH_test', 'groups': [], 'key': 'testing' }, })
def test_admin_privileges(self): test_auth = auth.filter_factory({'user_admin_user': '******'})( FakeApp(iter(NO_CONTENT_RESP * 18))) for target in ('/v1/AUTH_otheracct', '/v1/AUTH_otheracct/container', '/v1/AUTH_otheracct/container/obj'): for method in ('GET', 'HEAD', 'OPTIONS', 'PUT', 'POST', 'DELETE'): # Admin ACL user can do anything req = self._make_request(target, user_groups="AUTH_admin", environ={'REQUEST_METHOD': method}) resp = req.get_response(test_auth) self.assertEquals(resp.status_int, 204) # swift_owner should be set to True if method != 'OPTIONS': self.assertTrue(req.environ.get('swift_owner'))
def test_auth_reseller_prefix_with_s3_deny(self): # Ensures that when we have a reseller prefix and using a middleware # relying on Http-Authorization (for example swift3), we don't deny a # request outright but set up a denial swift.authorize and pass the # request on down the chain. local_app = FakeApp() local_auth = auth.filter_factory({'reseller_prefix': 'PRE'})(local_app) req = self._make_request('/v1/account', headers={ 'X-Auth-Token': 't', 'Authorization': 'AWS user:pw' }) resp = req.get_response(local_auth) self.assertEquals(resp.status_int, 401) self.assertEquals(local_app.calls, 1) self.assertEquals(req.environ['swift.authorize'], local_auth.denied_response)
def test_auth_prefix_init(self): app = FakeApp() ath = auth.filter_factory({})(app) self.assertEquals(ath.auth_prefix, '/auth/') ath = auth.filter_factory({'auth_prefix': ''})(app) self.assertEquals(ath.auth_prefix, '/auth/') ath = auth.filter_factory({'auth_prefix': '/'})(app) self.assertEquals(ath.auth_prefix, '/auth/') ath = auth.filter_factory({'auth_prefix': '/test/'})(app) self.assertEquals(ath.auth_prefix, '/test/') ath = auth.filter_factory({'auth_prefix': '/test'})(app) self.assertEquals(ath.auth_prefix, '/test/') ath = auth.filter_factory({'auth_prefix': 'test/'})(app) self.assertEquals(ath.auth_prefix, '/test/') ath = auth.filter_factory({'auth_prefix': 'test'})(app) self.assertEquals(ath.auth_prefix, '/test/')
def test_use_old_token_from_memcached(self): self.test_auth = \ auth.filter_factory({'user_test_tester': 'testing', 'storage_url_scheme': 'fake'})(FakeApp()) req = self._make_request('/auth/v1.0', headers={ 'X-Auth-User': '******', 'X-Auth-Key': 'testing' }) req.environ['HTTP_HOST'] = 'somehost:5678' req.environ['SERVER_NAME'] = 'bob' req.environ['SERVER_PORT'] = '1234' req.environ['swift.cache'].set('AUTH_/user/test:tester', 'uuid_token') req.environ['swift.cache'].set('AUTH_/token/uuid_token', (time() + 180, 'test,test:tester')) resp = req.get_response(self.test_auth) self.assertEquals(resp.status_int, 200) self.assertEquals(resp.headers['x-auth-token'], 'uuid_token')
def setUp(self): self.app = FakeApp() self.auth = tempauth.filter_factory({'reseller_prefix': ''})(self.app) self.tempurl = tempurl.filter_factory({})(self.auth)
def setUp(self): self.app = FakeApp() self.auth = tempauth.filter_factory({})(self.app) self.tempurl = tempurl.filter_factory({})(self.auth)
def setUp(self): self.test_auth = auth.filter_factory({})(FakeApp())