Exemple #1
0
 def test_from_settings(self):
     settings = {
         "foo": "bar",
         "ipauth.ipaddrs": "123.123.0.1 124.124.0.1/16",
         "ipauth.userid": "one",
         "ipauth.principals": "two three",
         "otherauth.ipaddrs": "127.0.0.*",
         "otherauth.userid": "other",
         "otherauth.proxies": "127.0.0.1 127.0.0.2",
     }
     # Try basic instantiation.
     auth = IPAuthenticationPolicy.from_settings(settings)
     self.assertTrue(IPAddress("123.123.0.1") in auth.ipaddrs)
     self.assertEqual(auth.userid, "one")
     self.assertEqual(auth.principals, ["two", "three"])
     self.assertEqual(auth.proxies, IPSet([]))
     # Try instantiation with custom prefix.
     auth = IPAuthenticationPolicy.from_settings(settings,
                                                 prefix="otherauth.")
     self.assertTrue(IPAddress("127.0.0.1") in auth.ipaddrs)
     self.assertEqual(auth.userid, "other")
     self.assertEqual(auth.principals, [])
     self.assertTrue(IPAddress("127.0.0.1") in auth.proxies)
     self.assertTrue(IPAddress("127.0.0.2") in auth.proxies)
     self.assertFalse(IPAddress("127.0.0.3") in auth.proxies)
     # Try instantiation with extra keywords
     auth = IPAuthenticationPolicy.from_settings(settings,
                                                 prefix="otherauth.",
                                                 userid="overwritten")
     self.assertTrue(IPAddress("127.0.0.1") in auth.ipaddrs)
     self.assertEqual(auth.userid, "overwritten")
     self.assertEqual(auth.principals, [])
     self.assertTrue(IPAddress("127.0.0.1") in auth.proxies)
     self.assertTrue(IPAddress("127.0.0.2") in auth.proxies)
     self.assertFalse(IPAddress("127.0.0.3") in auth.proxies)
Exemple #2
0
 def test_from_settings(self):
     settings = {
         "foo": "bar",
         "ipauth.ipaddrs": "123.123.0.1 124.124.0.1/16",
         "ipauth.userid": "one",
         "ipauth.principals": "two three",
         "otherauth.ipaddrs": "127.0.0.*",
         "otherauth.userid": "other",
         "otherauth.proxies": "127.0.0.1 127.0.0.2",
     }
     # Try basic instantiation.
     auth = IPAuthenticationPolicy.from_settings(settings)
     self.assertTrue(IPAddress("123.123.0.1") in auth.ipaddrs)
     self.assertEquals(auth.userid, "one")
     self.assertEquals(auth.principals, ["two", "three"])
     self.assertEquals(auth.proxies, IPSet([]))
     # Try instantiation with custom prefix.
     auth = IPAuthenticationPolicy.from_settings(settings,
                                                 prefix="otherauth.")
     self.assertTrue(IPAddress("127.0.0.1") in auth.ipaddrs)
     self.assertEquals(auth.userid, "other")
     self.assertEquals(auth.principals, [])
     self.assertTrue(IPAddress("127.0.0.1") in auth.proxies)
     self.assertTrue(IPAddress("127.0.0.2") in auth.proxies)
     self.assertFalse(IPAddress("127.0.0.3") in auth.proxies)
     # Try instantiation with extra keywords
     auth = IPAuthenticationPolicy.from_settings(settings,
                                                 prefix="otherauth.",
                                                 userid="overwritten")
     self.assertTrue(IPAddress("127.0.0.1") in auth.ipaddrs)
     self.assertEquals(auth.userid, "overwritten")
     self.assertEquals(auth.principals, [])
     self.assertTrue(IPAddress("127.0.0.1") in auth.proxies)
     self.assertTrue(IPAddress("127.0.0.2") in auth.proxies)
     self.assertFalse(IPAddress("127.0.0.3") in auth.proxies)
Exemple #3
0
 def test_callbacks(self):
     def get_userid(ipaddr):
         if str(ipaddr).startswith('192'):
             return 'LAN-user'
         if str(ipaddr).startswith('127'):
             return 'localhost-user'
         return None
     def get_principals(userid, ipaddr):
         principals = {
             'LAN-user': ['view'],
             'localhost-user': ['view', 'edit'],
             }
         return principals.get(userid, [])
         
     policy = IPAuthenticationPolicy("all", get_userid=get_userid,
                                            get_principals=get_principals)
     # Addresses outside the range don't authenticate
     request = DummyRequest(environ={"REMOTE_ADDR": "192.168.0.1"})
     self.assertEqual(policy.unauthenticated_userid(request), "LAN-user")
     self.assertEqual(policy.authenticated_userid(request), "LAN-user")
     self.assertEqual(policy.effective_principals(request),
                      ["LAN-user", Everyone, Authenticated, 'view'])
     request = DummyRequest(environ={"REMOTE_ADDR": "127.0.0.1"})
     self.assertEqual(policy.unauthenticated_userid(request),
                      "localhost-user")
     self.assertEqual(policy.authenticated_userid(request),
                      "localhost-user")
     self.assertEqual(policy.effective_principals(request),
                      ["localhost-user", Everyone, Authenticated,
                       'view', 'edit'])
     request = DummyRequest(environ={"REMOTE_ADDR": "86.8.8.8"})
     self.assertEqual(policy.unauthenticated_userid(request), None)
     self.assertEqual(policy.authenticated_userid(request), None)
     self.assertEqual(policy.effective_principals(request), [Everyone])
Exemple #4
0
 def test_remote_addr(self):
     policy = IPAuthenticationPolicy(["123.123.0.0/16"], "user")
     # Addresses outside the range don't authenticate
     request = DummyRequest(environ={"REMOTE_ADDR": "192.168.0.1"})
     self.assertEqual(policy.authenticated_userid(request), None)
     # Addresses inside the range do authenticate
     request = DummyRequest(environ={"REMOTE_ADDR": "123.123.0.1"})
     self.assertEqual(policy.authenticated_userid(request), "user")
     request = DummyRequest(environ={"REMOTE_ADDR": "123.123.1.2"})
     self.assertEqual(policy.authenticated_userid(request), "user")
Exemple #5
0
 def test_remote_addr(self):
     policy = IPAuthenticationPolicy(["123.123.0.0/16"], "user")
     # Addresses outside the range don't authenticate
     request = DummyRequest(environ={"REMOTE_ADDR": "192.168.0.1"})
     self.assertEquals(policy.authenticated_userid(request), None)
     # Addresses inside the range do authenticate
     request = DummyRequest(environ={"REMOTE_ADDR": "123.123.0.1"})
     self.assertEquals(policy.authenticated_userid(request), "user")
     request = DummyRequest(environ={"REMOTE_ADDR": "123.123.1.2"})
     self.assertEquals(policy.authenticated_userid(request), "user")
Exemple #6
0
 def test_principals(self):
     policy = IPAuthenticationPolicy(["123.123.0.0/16"],
                                     principals=["test"])
     # Addresses outside the range don't get metadata set
     request = DummyRequest(environ={"REMOTE_ADDR": "192.168.0.1"})
     self.assertEquals(policy.effective_principals(request), [Everyone])
     # Addresses inside the range do get metadata set
     request = DummyRequest(environ={"REMOTE_ADDR": "123.123.0.1"})
     self.assertEquals(policy.effective_principals(request),
                       [Everyone, Authenticated, "test"])
     policy.userid = "user"
     self.assertEquals(policy.effective_principals(request),
                       ["user", Everyone, Authenticated, "test"])
Exemple #7
0
 def test_noncontiguous_ranges(self):
     policy = IPAuthenticationPolicy(["123.123.0.0/16", "124.124.1.0/24"],
                                     "user")
     # Addresses outside the range don't authenticate
     request = DummyRequest(environ={"REMOTE_ADDR": "192.168.0.1"})
     self.assertEqual(policy.authenticated_userid(request), None)
     request = DummyRequest(environ={"REMOTE_ADDR": "124.124.0.1"})
     self.assertEqual(policy.authenticated_userid(request), None)
     # Addresses inside the range do authenticate
     request = DummyRequest(environ={"REMOTE_ADDR": "123.123.0.1"})
     self.assertEqual(policy.authenticated_userid(request), "user")
     request = DummyRequest(environ={"REMOTE_ADDR": "124.124.1.2"})
     self.assertEqual(policy.authenticated_userid(request), "user")
Exemple #8
0
 def test_x_forwarded_for(self):
     policy = IPAuthenticationPolicy(["123.123.0.0/16"],
                                     "user",
                                     proxies=["124.124.0.0/24"])
     # Requests without X-Forwarded-For work as normal
     request = DummyRequest(environ={"REMOTE_ADDR": "192.168.0.1"})
     self.assertEqual(policy.authenticated_userid(request), None)
     request = DummyRequest(environ={"REMOTE_ADDR": "123.123.0.1"})
     self.assertEqual(policy.authenticated_userid(request), "user")
     # Requests with untrusted X-Forwarded-For don't authenticate
     request = DummyRequest(environ={
         "REMOTE_ADDR": "192.168.0.1",
         "HTTP_X_FORWARDED_FOR": "123.123.0.1"
     })
     self.assertEqual(policy.authenticated_userid(request), None)
     # Requests from single trusted proxy do authenticate
     request = DummyRequest(environ={
         "REMOTE_ADDR": "124.124.0.1",
         "HTTP_X_FORWARDED_FOR": "123.123.0.1"
     })
     self.assertEqual(policy.authenticated_userid(request), "user")
     # Requests from chain of trusted proxies do authenticate
     request = DummyRequest(
         environ={
             "REMOTE_ADDR": "124.124.0.2",
             "HTTP_X_FORWARDED_FOR": "123.123.0.1, 124.124.0.1"
         })
     self.assertEqual(policy.authenticated_userid(request), "user")
     # Requests with untrusted proxy in chain don't authenticate
     request = DummyRequest(
         environ={
             "REMOTE_ADDR": "124.124.0.1",
             "HTTP_X_FORWARDED_FOR": "123.123.0.1, 192.168.0.1"
         })
     self.assertEqual(policy.authenticated_userid(request), None)
Exemple #9
0
 def test_x_forwarded_for(self):
     policy = IPAuthenticationPolicy(["123.123.0.0/16"], "user",
                                     proxies=["124.124.0.0/24"])
     # Requests without X-Forwarded-For work as normal
     request = DummyRequest(environ={"REMOTE_ADDR": "192.168.0.1"})
     self.assertEqual(policy.authenticated_userid(request), None)
     request = DummyRequest(environ={"REMOTE_ADDR": "123.123.0.1"})
     self.assertEqual(policy.authenticated_userid(request), "user")
     # Requests with untrusted X-Forwarded-For don't authenticate
     request = DummyRequest(environ={"REMOTE_ADDR": "192.168.0.1",
                                     "HTTP_X_FORWARDED_FOR": "123.123.0.1"})
     self.assertEqual(policy.authenticated_userid(request), None)
     # Requests from single trusted proxy do authenticate
     request = DummyRequest(environ={"REMOTE_ADDR": "124.124.0.1",
                                     "HTTP_X_FORWARDED_FOR": "123.123.0.1"})
     self.assertEqual(policy.authenticated_userid(request), "user")
     # Requests from chain of trusted proxies do authenticate
     request = DummyRequest(
         environ={
             "REMOTE_ADDR": "124.124.0.2",
             "HTTP_X_FORWARDED_FOR": "123.123.0.1, 124.124.0.1"})
     self.assertEqual(policy.authenticated_userid(request), "user")
     # Requests with untrusted proxy in chain don't authenticate
     request = DummyRequest(
         environ={
             "REMOTE_ADDR": "124.124.0.1",
             "HTTP_X_FORWARDED_FOR": "123.123.0.1, 192.168.0.1"})
     self.assertEqual(policy.authenticated_userid(request), None)
Exemple #10
0
 def test_principals(self):
     policy = IPAuthenticationPolicy(["123.123.0.0/16"], principals="test")
     # Addresses outside the range don't get metadata set
     request = DummyRequest(environ={"REMOTE_ADDR": "192.168.0.1"})
     self.assertEqual(policy.effective_principals(request), [Everyone])
     # Addresses inside the range do get metadata set
     request = DummyRequest(environ={"REMOTE_ADDR": "123.123.0.1"})
     self.assertEqual(policy.effective_principals(request),
                      [Everyone, "test"])
     policy.userid = "user"
     self.assertEqual(policy.effective_principals(request),
                      ["user", Everyone, Authenticated, "test"])
Exemple #11
0
 def test_remember_forget(self):
     policy = IPAuthenticationPolicy(["123.123.0.0/16"], "user")
     request = DummyRequest(environ={"REMOTE_ADDR": "192.168.0.1"})
     self.assertEqual(policy.remember(request, "user"), [])
     self.assertEqual(policy.forget(request), [])
Exemple #12
0
    def test_callbacks(self):
        def get_userid(ipaddr):
            if str(ipaddr).startswith('192'):
                return 'LAN-user'
            if str(ipaddr).startswith('127'):
                return 'localhost-user'
            return None

        def get_principals(userid, ipaddr):
            principals = {
                'LAN-user': ['view'],
                'localhost-user': ['view', 'edit'],
            }
            return principals.get(userid, [])

        policy = IPAuthenticationPolicy("all",
                                        get_userid=get_userid,
                                        get_principals=get_principals)
        # Addresses outside the range don't authenticate
        request = DummyRequest(environ={"REMOTE_ADDR": "192.168.0.1"})
        self.assertEqual(policy.unauthenticated_userid(request), "LAN-user")
        self.assertEqual(policy.authenticated_userid(request), "LAN-user")
        self.assertEqual(policy.effective_principals(request),
                         ["LAN-user", Everyone, Authenticated, 'view'])
        request = DummyRequest(environ={"REMOTE_ADDR": "127.0.0.1"})
        self.assertEqual(policy.unauthenticated_userid(request),
                         "localhost-user")
        self.assertEqual(policy.authenticated_userid(request),
                         "localhost-user")
        self.assertEqual(
            policy.effective_principals(request),
            ["localhost-user", Everyone, Authenticated, 'view', 'edit'])
        request = DummyRequest(environ={"REMOTE_ADDR": "86.8.8.8"})
        self.assertEqual(policy.unauthenticated_userid(request), None)
        self.assertEqual(policy.authenticated_userid(request), None)
        self.assertEqual(policy.effective_principals(request), [Everyone])
Exemple #13
0
 def test_remember_forget(self):
     policy = IPAuthenticationPolicy(["123.123.0.0/16"], "user")
     request = DummyRequest(environ={"REMOTE_ADDR": "192.168.0.1"})
     self.assertEquals(policy.remember(request, "user"), [])
     self.assertEquals(policy.forget(request), [])