def test_specify_scopes(self): """ Validates whether requested scopes are assigned """ from oauth2.tokenview import OAuth2TokenView from view import MetadataView data = {'grant_type': 'password', 'username': '******', 'password': '******'} request = Authentication.factory.post('/', data=data, HTTP_X_REAL_IP='127.0.0.1') response = OAuth2TokenView.as_view()(request) access_token = json.loads(response.content)['access_token'] header = 'Bearer {0}'.format(access_token) request = Authentication.factory.get('/', HTTP_X_REAL_IP='127.0.0.1', HTTP_AUTHORIZATION=header) response = MetadataView.as_view()(request) response_content = json.loads(response.content) self.assertListEqual(response_content['roles'], ['read', 'write', 'manage']) data['scope'] = 'read write' request = Authentication.factory.post('/', data=data, HTTP_X_REAL_IP='127.0.0.1') response = OAuth2TokenView.as_view()(request) access_token = json.loads(response.content)['access_token'] header = 'Bearer {0}'.format(access_token) request = Authentication.factory.get('/', HTTP_X_REAL_IP='127.0.0.1', HTTP_AUTHORIZATION=header) response = MetadataView.as_view()(request) response_content = json.loads(response.content) self.assertListEqual(sorted(response_content['roles']), ['read', 'write']) data = {'grant_type': 'password', 'username': '******', 'password': '******', 'scope': 'read write manage'} request = Authentication.factory.post('/', data=data, HTTP_X_REAL_IP='127.0.0.1') response = OAuth2TokenView.as_view()(request) self.assertEqual(response.status_code, 400) self.assertEqual(response.content, json.dumps({'error': 'invalid_scope'}))
def test_specify_scopes(self): """ Validates whether requested scopes are assigned """ from oauth2.tokenview import OAuth2TokenView from view import MetadataView data = { 'grant_type': 'password', 'username': '******', 'password': '******' } request = Authentication.factory.post('/', data=data, HTTP_X_REAL_IP='127.0.0.1') response = OAuth2TokenView.as_view()(request) access_token = json.loads(response.content)['access_token'] header = 'Bearer {0}'.format(access_token) request = Authentication.factory.get('/', HTTP_X_REAL_IP='127.0.0.1', HTTP_AUTHORIZATION=header) response = MetadataView.as_view()(request) response_content = json.loads(response.content) self.assertListEqual(response_content['roles'], ['read', 'write', 'manage']) data['scope'] = 'read write' request = Authentication.factory.post('/', data=data, HTTP_X_REAL_IP='127.0.0.1') response = OAuth2TokenView.as_view()(request) access_token = json.loads(response.content)['access_token'] header = 'Bearer {0}'.format(access_token) request = Authentication.factory.get('/', HTTP_X_REAL_IP='127.0.0.1', HTTP_AUTHORIZATION=header) response = MetadataView.as_view()(request) response_content = json.loads(response.content) self.assertListEqual(sorted(response_content['roles']), ['read', 'write']) data = { 'grant_type': 'password', 'username': '******', 'password': '******', 'scope': 'read write manage' } request = Authentication.factory.post('/', data=data, HTTP_X_REAL_IP='127.0.0.1') response = OAuth2TokenView.as_view()(request) self.assertEqual(response.status_code, 400) self.assertEqual(response.content, json.dumps({'error': 'invalid_scope'}))
def build_router_urls(): """ Creates a router instance to generate API urls for Customer and Internal API """ routes = [] path = os.path.join(os.path.dirname(__file__), 'backend', 'views') for filename in os.listdir(path): if os.path.isfile(os.path.join(path, filename)) and filename.endswith('.py'): name = filename.replace('.py', '') module = imp.load_source(name, os.path.join(path, filename)) for member in inspect.getmembers(module): if inspect.isclass(member[1]) \ and member[1].__module__ == name \ and 'ViewSet' in [base.__name__ for base in member[1].__bases__]: routes.append({'prefix': member[1].prefix, 'viewset': member[1], 'base_name': member[1].base_name}) router = SimpleRouter() for route in routes: router.register(**route) return router.urls urlpatterns = patterns('', url(r'^oauth2/token/', OAuth2TokenView.as_view()), url(r'^oauth2/redirect/', OAuth2RedirectView.as_view()), url(r'^relay/', relay), url(r'^$', MetadataView.as_view()), url(r'', include(build_router_urls())) )
def build_router_urls(): """ Creates a router instance to generate API urls for Customer and Internal API """ routes = [] path = os.path.join(os.path.dirname(__file__), 'backend', 'views') for filename in os.listdir(path): if os.path.isfile(os.path.join(path, filename)) and filename.endswith('.py'): name = filename.replace('.py', '') module = imp.load_source(name, os.path.join(path, filename)) for member in inspect.getmembers(module): if inspect.isclass(member[1]) \ and member[1].__module__ == name \ and 'ViewSet' in [base.__name__ for base in member[1].__bases__]: routes.append({ 'prefix': member[1].prefix, 'viewset': member[1], 'base_name': member[1].base_name }) router = SimpleRouter() for route in routes: router.register(**route) return router.urls urlpatterns = patterns('', url(r'^oauth2/token/', OAuth2TokenView.as_view()), url(r'^$', MetadataView.as_view()), url(r'', include(build_router_urls())))
def test_metadata(self): """ Validates the authentication related information at the API root's metadata. - The 'roles' key is already checked in the Scope-related tests """ from ovs.dal.lists.bearertokenlist import BearerTokenList from oauth2.tokenview import OAuth2TokenView from view import MetadataView def raise_exception(argument): _ = argument raise RuntimeError('foobar') result_data = {'authenticated': False, 'authentication_state': None, 'username': None, 'userguid': None} data = {'grant_type': 'password', 'username': '******', 'password': '******'} request = Authentication.factory.post('/', data=data, HTTP_X_REAL_IP='127.0.0.1') response = OAuth2TokenView.as_view()(request) response_content = json.loads(response.content) expiry = int(response_content['expires_in']) access_token = response_content['access_token'] request = Authentication.factory.get('/', HTTP_X_REAL_IP='127.0.0.1') response = MetadataView.as_view()(request) response_content = json.loads(response.content) self.assertDictContainsSubset(dict(result_data.items() + {'authentication_state': 'unauthenticated'}.items()), response_content) header = 'Basic foobar' request = Authentication.factory.get('/', HTTP_X_REAL_IP='127.0.0.1', HTTP_AUTHORIZATION=header) response = MetadataView.as_view()(request) response_content = json.loads(response.content) self.assertDictContainsSubset(dict(result_data.items() + {'authentication_state': 'invalid_authorization_type'}.items()), response_content) header = 'Bearer foobar' request = Authentication.factory.get('/', HTTP_X_REAL_IP='127.0.0.1', HTTP_AUTHORIZATION=header) response = MetadataView.as_view()(request) response_content = json.loads(response.content) self.assertDictContainsSubset(dict(result_data.items() + {'authentication_state': 'invalid_token'}.items()), response_content) user = UserList.get_user_by_username('admin') header = 'Bearer {0}'.format(access_token) request = Authentication.factory.get('/', HTTP_X_REAL_IP='127.0.0.1', HTTP_AUTHORIZATION=header) response = MetadataView.as_view()(request) response_content = json.loads(response.content) self.assertDictContainsSubset(dict(result_data.items() + {'authenticated': True, 'username': user.username, 'userguid': user.guid}.items()), response_content) time.sleep(180) # Make sure to not hit the rate limit user.is_active = False user.save() request = Authentication.factory.get('/', HTTP_X_REAL_IP='127.0.0.1', HTTP_AUTHORIZATION=header) response = MetadataView.as_view()(request) response_content = json.loads(response.content) self.assertDictContainsSubset(dict(result_data.items() + {'authentication_state': 'inactive_user'}.items()), response_content) original_method = BearerTokenList.get_by_access_token BearerTokenList.get_by_access_token = staticmethod(raise_exception) request = Authentication.factory.get('/', HTTP_X_REAL_IP='127.0.0.1', HTTP_AUTHORIZATION=header) response = MetadataView.as_view()(request) response_content = json.loads(response.content) self.assertDictContainsSubset(dict(result_data.items() + {'authentication_state': 'unexpected_exception'}.items()), response_content) BearerTokenList.get_by_access_token = staticmethod(original_method) time.sleep(expiry) request = Authentication.factory.get('/', HTTP_X_REAL_IP='127.0.0.1', HTTP_AUTHORIZATION=header) response = MetadataView.as_view()(request) response_content = json.loads(response.content) self.assertDictContainsSubset(dict(result_data.items() + {'authentication_state': 'token_expired'}.items()), response_content)
def test_metadata(self): """ Validates the authentication related information at the API root's metadata. - The 'roles' key is already checked in the Scope-related tests """ from ovs.dal.lists.bearertokenlist import BearerTokenList from oauth2.tokenview import OAuth2TokenView from view import MetadataView def _raise_exception(argument): _ = argument raise RuntimeError('foobar') result_data = { 'authenticated': False, 'authentication_state': None, 'username': None, 'userguid': None } data = { 'grant_type': 'password', 'username': '******', 'password': '******' } request = self.factory.post('/', data=data, HTTP_X_REAL_IP='127.0.0.1') response = OAuth2TokenView.as_view()(request) response_content = json.loads(response.content) expiry = int(response_content['expires_in']) access_token = response_content['access_token'] request = self.factory.get('/', HTTP_X_REAL_IP='127.0.0.1') response = MetadataView.as_view()(request) response_content = json.loads(response.content) self.assertDictContainsSubset( dict(result_data.items() + {'authentication_state': 'unauthenticated'}.items()), response_content) header = 'Basic foobar' request = self.factory.get('/', HTTP_X_REAL_IP='127.0.0.1', HTTP_AUTHORIZATION=header) response = MetadataView.as_view()(request) response_content = json.loads(response.content) self.assertDictContainsSubset( dict(result_data.items() + {'authentication_state': 'invalid_authorization_type' }.items()), response_content) header = 'Bearer foobar' request = self.factory.get('/', HTTP_X_REAL_IP='127.0.0.1', HTTP_AUTHORIZATION=header) response = MetadataView.as_view()(request) response_content = json.loads(response.content) self.assertDictContainsSubset( dict(result_data.items() + {'authentication_state': 'invalid_token'}.items()), response_content) user = UserList.get_user_by_username('admin') header = 'Bearer {0}'.format(access_token) request = self.factory.get('/', HTTP_X_REAL_IP='127.0.0.1', HTTP_AUTHORIZATION=header) response = MetadataView.as_view()(request) response_content = json.loads(response.content) self.assertDictContainsSubset( dict( result_data.items() + { 'authenticated': True, 'authentication_state': 'authenticated', 'username': user.username, 'userguid': user.guid }.items()), response_content) time.sleep(180) # Make sure to not hit the rate limit user.is_active = False user.save() request = self.factory.get('/', HTTP_X_REAL_IP='127.0.0.1', HTTP_AUTHORIZATION=header) response = MetadataView.as_view()(request) response_content = json.loads(response.content) self.assertDictContainsSubset( dict(result_data.items() + {'authentication_state': 'inactive_user'}.items()), response_content) original_method = BearerTokenList.get_by_access_token BearerTokenList.get_by_access_token = staticmethod(_raise_exception) request = self.factory.get('/', HTTP_X_REAL_IP='127.0.0.1', HTTP_AUTHORIZATION=header) response = MetadataView.as_view()(request) response_content = json.loads(response.content) self.assertDictContainsSubset( dict(result_data.items() + {'authentication_state': 'unexpected_exception'}.items()), response_content) BearerTokenList.get_by_access_token = staticmethod(original_method) time.sleep(expiry) request = self.factory.get('/', HTTP_X_REAL_IP='127.0.0.1', HTTP_AUTHORIZATION=header) response = MetadataView.as_view()(request) response_content = json.loads(response.content) self.assertDictContainsSubset( dict(result_data.items() + {'authentication_state': 'token_expired'}.items()), response_content)