Exemple #1
0
    def test_validate_client_b64decode_error(self):
        url = 'myurl'
        tenant_id = '172839405'
        token = 'AaBbCcDdEeFf'

        redis_client = fakeredis_connection()
        bttl = 5

        # The data that will get cached
        access_info = fake_catalog(tenant_id, token)

        # We have data
        with mock.patch('eom.auth._get_access_info') as MockGetAccessInfo:
            with mock.patch('eom.auth._is_token_blacklisted') as MockBlacklist:
                with mock.patch('base64.b64decode') as MockB64Decode:

                    MockB64Decode.side_effect = Exception(
                        'mock b64decode error')

                    env_result = {}
                    MockBlacklist.return_value = False
                    MockGetAccessInfo.return_value = access_info
                    result = auth._validate_client(redis_client, url,
                                                   tenant_id, token,
                                                   env_result, bttl,
                                                   self.default_max_cache_life)
                    self.assertFalse(result)
Exemple #2
0
    def test_validate_client_b64decode_error(self):
        url = 'myurl'
        tenant_id = '172839405'
        token = 'AaBbCcDdEeFf'

        redis_client = fakeredis_connection()
        bttl = 5

        # The data that will get cached
        access_info = fake_catalog(tenant_id, token)

        # We have data
        with mock.patch(
                'eom.auth._get_access_info') as MockGetAccessInfo:
            with mock.patch(
                    'eom.auth._is_token_blacklisted') as MockBlacklist:
                with mock.patch(
                        'base64.b64decode') as MockB64Decode:

                    MockB64Decode.side_effect = Exception(
                        'mock b64decode error')

                    env_result = {}
                    MockBlacklist.return_value = False
                    MockGetAccessInfo.return_value = access_info
                    result = auth._validate_client(redis_client,
                                                   url,
                                                   tenant_id,
                                                   token,
                                                   env_result,
                                                   bttl,
                                                   self.default_max_cache_life)
                    self.assertFalse(result)
Exemple #3
0
    def test_validate_client_token_blacklisted(self):
        url = 'myurl'
        tenant_id = '504938271'
        token = '1nd14r0m303ch0n0v3mb3r3ch0'

        redis_client = fakeredis_connection()
        bttl = 5

        # We have data
        with mock.patch('eom.auth._is_token_blacklisted') as MockBlacklist:

            env_result = {}
            MockBlacklist.return_value = True
            result = auth._validate_client(redis_client, url, tenant_id, token,
                                           env_result, bttl,
                                           self.default_max_cache_life)
            self.assertFalse(result)
Exemple #4
0
    def test_validate_client_invalid_data(self):
        url = 'myurl'
        tenant_id = '172839405'
        token = 'AaBbCcDdEeFf'

        redis_client = fakeredis_connection()
        bttl = 5

        # No data is returned
        with mock.patch('eom.auth._get_access_info') as MockGetAccessInfo:

            env_no_data = {}
            MockGetAccessInfo.return_value = None
            result = auth._validate_client(redis_client, url, tenant_id, token,
                                           env_no_data, bttl,
                                           self.default_max_cache_life)
            self.assertFalse(result)
Exemple #5
0
    def test_validate_client_exception(self):
        url = 'myurl'
        tenant_id = '172839405'
        token = 'AaBbCcDdEeFf'

        redis_client = fakeredis_connection()
        bttl = 5

        # Throw an exception - anything, just needs to throw
        with mock.patch('eom.auth._get_access_info') as MockGetAccessInfo:

            env_exception_thrown = {}
            MockGetAccessInfo.side_effect = Exception(
                'mock - just blowing it up')
            result = auth._validate_client(redis_client, url, tenant_id, token,
                                           env_exception_thrown, bttl,
                                           self.default_max_cache_life)
            self.assertFalse(result)
Exemple #6
0
    def test_validate_client_token_blacklisted(self):
        url = 'myurl'
        tenant_id = '504938271'
        token = '1nd14r0m303ch0n0v3mb3r3ch0'

        redis_client = fakeredis_connection()
        bttl = 5

        # We have data
        with mock.patch(
                'eom.auth._is_token_blacklisted') as MockBlacklist:

            env_result = {}
            MockBlacklist.return_value = True
            result = auth._validate_client(redis_client,
                                           url,
                                           tenant_id,
                                           token,
                                           env_result,
                                           bttl,
                                           self.default_max_cache_life)
            self.assertFalse(result)
Exemple #7
0
    def test_validate_client_invalid_data(self):
        url = 'myurl'
        tenant_id = '172839405'
        token = 'AaBbCcDdEeFf'

        redis_client = fakeredis_connection()
        bttl = 5

        # No data is returned
        with mock.patch(
                'eom.auth._get_access_info') as MockGetAccessInfo:

            env_no_data = {}
            MockGetAccessInfo.return_value = None
            result = auth._validate_client(redis_client,
                                           url,
                                           tenant_id,
                                           token,
                                           env_no_data,
                                           bttl,
                                           self.default_max_cache_life)
            self.assertFalse(result)
Exemple #8
0
    def test_validate_client_exception(self):
        url = 'myurl'
        tenant_id = '172839405'
        token = 'AaBbCcDdEeFf'

        redis_client = fakeredis_connection()
        bttl = 5

        # Throw an exception - anything, just needs to throw
        with mock.patch(
                'eom.auth._get_access_info') as MockGetAccessInfo:

            env_exception_thrown = {}
            MockGetAccessInfo.side_effect = Exception(
                'mock - just blowing it up')
            result = auth._validate_client(redis_client,
                                           url,
                                           tenant_id,
                                           token,
                                           env_exception_thrown,
                                           bttl,
                                           self.default_max_cache_life)
            self.assertFalse(result)
Exemple #9
0
    def test_validate_client_valid_data(self):
        url = 'myurl'
        tenant_id = '172839405'
        token = 'AaBbCcDdEeFf'

        redis_client = fakeredis_connection()
        bttl = 5

        # The data that will get cached
        access_info = fake_catalog(tenant_id, token)

        # Encode a version of the data for verification tests later
        data = access_info.service_catalog.catalog
        json_data = json.dumps(data)
        u_json_data = json_data
        if six.PY2:
            if isinstance(u_json_data, bytes):
                u_json_data = json_data.decode('utf-8')
        access_data_utf8 = u_json_data.encode(encoding='utf-8',
                                              errors='strict')
        access_data_b64 = base64.b64encode(access_data_utf8)

        # We have data
        with mock.patch(
                'eom.auth._get_access_info') as MockGetAccessInfo:
            with mock.patch(
                    'eom.auth._is_token_blacklisted') as MockBlacklist:

                env_result = {}
                MockBlacklist.return_value = False
                MockGetAccessInfo.return_value = access_info
                result = auth._validate_client(redis_client,
                                               url,
                                               tenant_id,
                                               token,
                                               env_result,
                                               bttl,
                                               self.default_max_cache_life)
                self.assertTrue(result)
                self.assertEqual(env_result['HTTP_X_IDENTITY_STATUS'],
                                 'Confirmed')
                self.assertEqual(env_result['HTTP_X_USER_ID'],
                                 MockGetAccessInfo.return_value.user_id)
                self.assertEqual(env_result['HTTP_X_USER_NAME'],
                                 MockGetAccessInfo.return_value.username)
                self.assertEqual(env_result['HTTP_X_USER_DOMAIN_ID'],
                                 MockGetAccessInfo.return_value.user_domain_id)
                self.assertEqual(env_result['HTTP_X_USER_DOMAIN_NAME'],
                                 MockGetAccessInfo.return_value.
                                 user_domain_name)
                role_names = MockGetAccessInfo.return_value.role_names
                self.assertEqual(env_result['HTTP_X_ROLES'],
                                 ','.join(role for role in role_names))
                self.assertEqual(env_result['HTTP_X_SERVICE_CATALOG'],
                                 access_data_b64)
                env_service_catalog_utf8 = base64.b64decode(
                    env_result['HTTP_X_SERVICE_CATALOG'])
                self.assertEqual(env_service_catalog_utf8, access_data_utf8)
                env_service_catalog = json.loads(env_service_catalog_utf8)
                self.assertEqual(env_service_catalog, data)

                self.assertTrue(MockGetAccessInfo.return_value.project_scoped)
                self.assertEqual(env_result['HTTP_X_PROJECT_ID'], tenant_id)
                self.assertEqual(env_result['HTTP_X_PROJECT_ID'],
                                 MockGetAccessInfo.return_value.project_id)
                self.assertEqual(env_result['HTTP_X_PROJECT_NAME'],
                                 MockGetAccessInfo.return_value.project_name)

                if MockGetAccessInfo.return_value.domain_scoped:
                    self.assertEqual(env_result['HTTP_X_DOMAIN_ID'],
                                     MockGetAccessInfo.return_value.domain_id)
                    self.assertEqual(env_result['HTTP_X_DOMAIN_NAME'],
                                     MockGetAccessInfo.return_value.
                                     domain_name)
                else:
                    self.assertTrue('HTTP_X_DOMAIN_ID' not in
                                    env_result.keys())
                    self.assertTrue('HTTP_X_DOMAIN_NAME' not in
                                    env_result.keys())

                if MockGetAccessInfo.return_value.project_scoped and (
                        MockGetAccessInfo.return_value.domain_scoped):

                    self.assertEqual(env_result['HTTP_X_PROJECT_DOMAIN_ID'],
                                     MockGetAccessInfo.return_value.
                                     project_domain_id)
                    self.assertEqual(env_result['HTTP_X_PROJECT_DOMAIN_NAME'],
                                     MockGetAccessInfo.return_value.
                                     project_domain_name)
                else:
                    self.assertTrue('HTTP_X_PROJECT_DOMAIN_ID' not in
                                    env_result.keys())
                    self.assertTrue('HTTP_X_PROJECT_DOMAIN_NAME' not in
                                    env_result.keys())
Exemple #10
0
    def test_validate_client_valid_data(self):
        url = 'myurl'
        tenant_id = '172839405'
        token = 'AaBbCcDdEeFf'

        redis_client = fakeredis_connection()
        bttl = 5

        # The data that will get cached
        access_info = fake_catalog(tenant_id, token)

        # Encode a version of the data for verification tests later
        data = access_info.service_catalog.catalog
        json_data = json.dumps(data)
        u_json_data = json_data
        if six.PY2:
            if isinstance(u_json_data, bytes):
                u_json_data = json_data.decode('utf-8')
        access_data_utf8 = u_json_data.encode(encoding='utf-8',
                                              errors='strict')
        access_data_b64 = base64.b64encode(access_data_utf8)

        # We have data
        with mock.patch('eom.auth._get_access_info') as MockGetAccessInfo:
            with mock.patch('eom.auth._is_token_blacklisted') as MockBlacklist:

                env_result = {}
                MockBlacklist.return_value = False
                MockGetAccessInfo.return_value = access_info
                result = auth._validate_client(redis_client, url, tenant_id,
                                               token, env_result, bttl,
                                               self.default_max_cache_life)
                self.assertTrue(result)
                self.assertEqual(env_result['HTTP_X_IDENTITY_STATUS'],
                                 'Confirmed')
                self.assertEqual(env_result['HTTP_X_USER_ID'],
                                 MockGetAccessInfo.return_value.user_id)
                self.assertEqual(env_result['HTTP_X_USER_NAME'],
                                 MockGetAccessInfo.return_value.username)
                self.assertEqual(env_result['HTTP_X_USER_DOMAIN_ID'],
                                 MockGetAccessInfo.return_value.user_domain_id)
                self.assertEqual(
                    env_result['HTTP_X_USER_DOMAIN_NAME'],
                    MockGetAccessInfo.return_value.user_domain_name)
                role_names = MockGetAccessInfo.return_value.role_names
                self.assertEqual(env_result['HTTP_X_ROLES'],
                                 ','.join(role for role in role_names))
                self.assertEqual(env_result['HTTP_X_SERVICE_CATALOG'],
                                 access_data_b64)
                env_service_catalog_utf8 = base64.b64decode(
                    env_result['HTTP_X_SERVICE_CATALOG'])
                self.assertEqual(env_service_catalog_utf8, access_data_utf8)
                env_service_catalog = json.loads(env_service_catalog_utf8)
                self.assertEqual(env_service_catalog, data)

                self.assertTrue(MockGetAccessInfo.return_value.project_scoped)
                self.assertEqual(env_result['HTTP_X_PROJECT_ID'], tenant_id)
                self.assertEqual(env_result['HTTP_X_PROJECT_ID'],
                                 MockGetAccessInfo.return_value.project_id)
                self.assertEqual(env_result['HTTP_X_PROJECT_NAME'],
                                 MockGetAccessInfo.return_value.project_name)

                if MockGetAccessInfo.return_value.domain_scoped:
                    self.assertEqual(env_result['HTTP_X_DOMAIN_ID'],
                                     MockGetAccessInfo.return_value.domain_id)
                    self.assertEqual(
                        env_result['HTTP_X_DOMAIN_NAME'],
                        MockGetAccessInfo.return_value.domain_name)
                else:
                    self.assertTrue(
                        'HTTP_X_DOMAIN_ID' not in env_result.keys())
                    self.assertTrue(
                        'HTTP_X_DOMAIN_NAME' not in env_result.keys())

                if MockGetAccessInfo.return_value.project_scoped and (
                        MockGetAccessInfo.return_value.domain_scoped):

                    self.assertEqual(
                        env_result['HTTP_X_PROJECT_DOMAIN_ID'],
                        MockGetAccessInfo.return_value.project_domain_id)
                    self.assertEqual(
                        env_result['HTTP_X_PROJECT_DOMAIN_NAME'],
                        MockGetAccessInfo.return_value.project_domain_name)
                else:
                    self.assertTrue(
                        'HTTP_X_PROJECT_DOMAIN_ID' not in env_result.keys())
                    self.assertTrue(
                        'HTTP_X_PROJECT_DOMAIN_NAME' not in env_result.keys())