Exemple #1
0
    def test_url_formatting(self):
        """
        Test that a URL without a trailing slash is handled properly when used
        to set the URL of a SLUGSConnector.
        """
        connector = auth.SLUGSConnector(url="http://127.0.0.1:8080/slugs")

        self.assertEqual('http://127.0.0.1:8080/slugs/', connector.url)
        self.assertEqual('http://127.0.0.1:8080/slugs/users/{}',
                         connector.users_url)
        self.assertEqual('http://127.0.0.1:8080/slugs/users/{}/groups',
                         connector.groups_url)

        connector = auth.SLUGSConnector()

        self.assertEqual(None, connector.url)
        self.assertEqual(None, connector.users_url)
        self.assertEqual(None, connector.groups_url)

        connector.url = "http://127.0.0.1:8080/slugs"

        self.assertEqual('http://127.0.0.1:8080/slugs/', connector.url)
        self.assertEqual('http://127.0.0.1:8080/slugs/users/{}',
                         connector.users_url)
        self.assertEqual('http://127.0.0.1:8080/slugs/users/{}/groups',
                         connector.groups_url)
Exemple #2
0
    def test_authenticate(self, mock_get_client_identity, mock_request_get):
        """
        Test that a call to authenticate with the SLUGSConnector triggers the
        right utility and SLUGS API calls.
        """
        mock_get_client_identity.return_value = "John Doe"

        users_response = mock.MagicMock(requests.Response)
        users_response.status_code = 200
        groups_response = mock.MagicMock(requests.Response)
        groups_response.status_code = 200
        groups_response.json.return_value = {'groups': ['Group A', 'Group B']}

        mock_request_get.side_effect = [users_response, groups_response]

        connector = auth.SLUGSConnector(
            url="http://127.0.0.1:8080/test/slugs/")
        result = connector.authenticate("test")

        mock_get_client_identity.assert_called_once_with("test")
        mock_request_get.assert_any_call(
            "http://127.0.0.1:8080/test/slugs/users/John Doe")
        mock_request_get.assert_any_call(
            "http://127.0.0.1:8080/test/slugs/users/John Doe/groups")
        self.assertEqual(('John Doe', ['Group A', 'Group B']), result)
Exemple #3
0
    def test_init_with_args(self):
        """
        Test that a SLUGSConnector can be constructed with arguments.
        """
        connector = auth.SLUGSConnector(url='http://127.0.0.1:8080/slugs/')

        self.assertEqual('http://127.0.0.1:8080/slugs/', connector.url)
        self.assertEqual('http://127.0.0.1:8080/slugs/users/{}',
                         connector.users_url)
        self.assertEqual('http://127.0.0.1:8080/slugs/users/{}/groups',
                         connector.groups_url)
Exemple #4
0
    def test_authenticate_with_url_unset(self, mock_get_client_identity,
                                         mock_request_get):
        """
        Test that a ConfigurationError is raised when attempting to
        authenticate with an unset URL.
        """
        connector = auth.SLUGSConnector()

        args = ("test", )
        self.assertRaisesRegexp(exceptions.ConfigurationError,
                                "The SLUGS URL must be specified.",
                                connector.authenticate, *args)
Exemple #5
0
    def test_invalid_url(self):
        """
        Test that a TypeError is raised when an invalid value is used to set
        the URL of a SLUGSConnector.
        """
        kwargs = {'url': 0}
        self.assertRaisesRegexp(TypeError, "URL must be a string.",
                                auth.SLUGSConnector, **kwargs)

        connector = auth.SLUGSConnector()
        args = (connector, "url", 0)
        self.assertRaisesRegexp(TypeError, "URL must be a string.", setattr,
                                *args)
Exemple #6
0
    def authenticate(self, certificate, request):
        credentials = []
        if request.request_header.authentication is not None:
            credentials = request.request_header.authentication.credentials

        plugin_enabled = False

        for auth_settings in self._auth_settings:
            plugin_name, plugin_config = auth_settings

            if plugin_name.startswith("auth:slugs"):
                if plugin_config.get("enabled") == "True":
                    plugin_enabled = True
                    plugin = auth.SLUGSConnector(plugin_config.get("url"))
                    self._logger.debug(
                        "Authenticating with plugin: {}".format(plugin_name))
                    try:
                        client_identity = plugin.authenticate(
                            certificate, (self._address, self._session_time),
                            credentials)
                    except Exception as e:
                        self._logger.warning("Authentication failed.")
                        self._logger.error(e)
                        self._logger.exception(e)
                    else:
                        self._logger.debug(
                            "Authentication succeeded for client identity: "
                            "{}".format(client_identity[0]))
                        return client_identity
            else:
                self._logger.warning("Authentication plugin '{}' is not "
                                     "supported.".format(plugin_name))

        if not plugin_enabled:
            self._logger.debug(
                "No authentication plugins are enabled. The client identity "
                "will be extracted from the client certificate.")
            try:
                client_identity = auth.get_client_identity_from_certificate(
                    certificate)
            except Exception as e:
                self._logger.warning("Client identity extraction failed.")
                self._logger.exception(e)
            else:
                self._logger.debug(
                    "Extraction succeeded for client identity: {}".format(
                        client_identity))
                return tuple([client_identity, None])

        raise exceptions.PermissionDenied("Authentication failed.")
Exemple #7
0
    def test_authenticate_with_connection_failure(self,
                                                  mock_get_client_identity,
                                                  mock_request_get):
        """
        Test that a ConfigurationError is raised when attempting to
        authenticate with an invalid URL.
        """
        mock_get_client_identity.return_value = "John Doe"
        mock_request_get.side_effect = [requests.exceptions.ConnectionError()]

        connector = auth.SLUGSConnector(
            url="http://127.0.0.1:8080/test/slugs/")
        args = ("test", )
        self.assertRaisesRegexp(
            exceptions.ConfigurationError,
            "A connection could not be established using the SLUGS URL.",
            connector.authenticate, *args)
Exemple #8
0
    def test_authenticate_with_users_failure(self, mock_get_client_identity,
                                             mock_request_get):
        """
        Test that a PermissionDenied error is raised when an invalid user ID
        is used to query SLUGS.
        """
        mock_get_client_identity.return_value = "John Doe"

        users_response = mock.MagicMock(requests.Response)
        users_response.status_code = 404

        mock_request_get.return_value = users_response

        connector = auth.SLUGSConnector(
            url="http://127.0.0.1:8080/test/slugs/")
        args = ("test", )
        self.assertRaisesRegexp(exceptions.PermissionDenied,
                                "Unrecognized user ID: John Doe",
                                connector.authenticate, *args)
Exemple #9
0
    def test_authenticate_with_groups_failure(self, mock_get_client_identity,
                                              mock_request_get):
        """
        Test that a PermissionDenied error is raised when a groups request to
        SLUGS fails.
        """
        mock_get_client_identity.return_value = "John Doe"

        users_response = mock.MagicMock(requests.Response)
        users_response.status_code = 200
        groups_response = mock.MagicMock(requests.Response)
        groups_response.status_code = 404

        mock_request_get.side_effect = [users_response, groups_response]

        connector = auth.SLUGSConnector(
            url="http://127.0.0.1:8080/test/slugs/")
        args = ("test", )
        self.assertRaisesRegexp(
            exceptions.PermissionDenied,
            "Group information could not be retrieved for user ID: John Doe",
            connector.authenticate, *args)
Exemple #10
0
 def test_init(self):
     """
     Test that a SLUGSConnector can be constructed without arguments.
     """
     auth.SLUGSConnector()