def test_cookie_signature(self): "Test that secure cookie algorithm is outputting correct signatures." auth.install_secure_cookies(["supersecret"]) value = base64.b64encode("testvalue") timestamp = "1360023531" expected_signature = ["e90904d67de2fd6e4d4f3c9a736e3b8c457526f9"] self.assertEqual(expected_signature, auth._cookie_signature(value, timestamp))
def test_get_secure_cookie_expired(self): "Test retrieving an invalid secure cookie." auth.install_secure_cookies(["supersecret"]) raw_value = "testvalue" timestamp = "1357260056" signature = "d304db1dbf1bc2fcb4eb6bc71bfd22cae4e74b74" secure_cookie_val = "%s|%s|%s" % (base64.b64encode(raw_value), timestamp, signature) request = DummyRequest() request.received_cookies["testkey"] = secure_cookie_val value = auth.get_secure_cookie(request, "testkey") self.assertTrue(isinstance(value, webapi.ExpiredSecureCookieError))
def test_get_secure_cookie_invalid(self): "Test retrieving an invalid secure cookie." auth.install_secure_cookies(["supersecret"]) raw_value = "testvalue" timestamp = "1360023531" signature = "badsig" secure_cookie_val = "%s|%s|%s" % (base64.b64encode(raw_value), timestamp, signature) request = DummyRequest() request.received_cookies["testkey"] = secure_cookie_val value = auth.get_secure_cookie(request, "testkey") self.assertTrue(isinstance(value, webapi.InvalidSecureCookieError))
def test_get_secure_cookie_ok(self): "Validate retrieving a secure cookie." auth.install_secure_cookies(["supersecret"]) raw_value = "testvalue" timestamp = "1360023531" signature = "e90904d67de2fd6e4d4f3c9a736e3b8c457526f9" secure_cookie_val = "%s|%s|%s" % (base64.b64encode(raw_value), timestamp, signature) request = DummyRequest() request.received_cookies["testkey"] = secure_cookie_val value = auth.get_secure_cookie(request, "testkey", expiry_days=36500) self.assertEqual(value, raw_value)
def test_get_secure_cookie_expired_multiple_secrets(self): "Test retrieving an invalid secure cookie with multiple secrets installed." auth.install_secure_cookies(["supersecret1", "supersecret"]) raw_value = "testvalue" timestamp = "1357260056" signature = "d304db1dbf1bc2fcb4eb6bc71bfd22cae4e74b74" secure_cookie_val = "%s|%s|%s" % (base64.b64encode(raw_value), timestamp, signature) request = DummyRequest() request.received_cookies["testkey"] = secure_cookie_val value = auth.get_secure_cookie(request, "testkey") self.assertTrue(isinstance(value, webapi.ExpiredSecureCookieError))
def test_set_secure_cookie(self): "Validate setting a secure cookie." request = DummyRequest() auth.install_secure_cookies(["supersecret"]) auth.set_secure_cookie(request, "testkey", "testvalue") self.assertEqual(1, len(request.cookies)) key, value = request.cookies[0].split("=", 1) value, expires, path = value.split(";") path = path.split("=")[1] expires = (datetime.datetime(*email.utils.parsedate(expires.split("=")[1])[:6])-datetime.datetime.utcnow()).days value, timestamp, signature = value.split("|") self.assertEqual("/", path) self.assertEqual(29, expires) self.assertEqual("testkey", key) self.assertEqual(base64.b64encode("testvalue"), value) self.assertTrue(timestamp > 0) expected_signature = auth._cookie_signature(value, timestamp)[0] self.assertEqual(expected_signature, signature)
def test_set_secure_cookie(self): "Validate setting a secure cookie." request = DummyRequest() auth.install_secure_cookies(["supersecret"]) auth.set_secure_cookie(request, "testkey", "testvalue") self.assertEqual(1, len(request.cookies)) key, value = request.cookies[0].split("=", 1) value, expires, path = value.split(";") path = path.split("=")[1] expires = (datetime.datetime( *email.utils.parsedate(expires.split("=")[1])[:6]) - datetime.datetime.utcnow()).days value, timestamp, signature = value.split("|") self.assertEqual("/", path) self.assertEqual(29, expires) self.assertEqual("testkey", key) self.assertEqual(base64.b64encode("testvalue"), value) self.assertTrue(timestamp > 0) expected_signature = auth._cookie_signature(value, timestamp)[0] self.assertEqual(expected_signature, signature)
auth_module = __import__(auth_mod_name, globals(), locals(), [], -1) auth_class = getattr(auth_module, auth_class_name) auth.install_auth(auth_class(**auth_args)) try: secure_cookies_secrets = json.loads(cfg_central.get( "auth", "secure_cookies_secrets"), encoding='ascii') secure_cookies_secrets = [ x.encode("ascii") for x in secure_cookies_secrets ] except NoOptionError: print "Required option 'secure_cookies_secrets' is missing from 'auth' section." sys.exit(-1) auth.install_secure_cookies(secure_cookies_secrets) # Start up statsd connection if configured if statsd_host: print "API Stats Enabled. (statsd Server:%s:%d Prefix:%s)" % ( statsd_host, statsd_port, statsd_scheme) reactor.listenUDP( 0, stats.install_stats(statsd_host, statsd_port, statsd_scheme)) # Bind listening server factory to Twisted application reactor.listenTCP(listen_port, foundation.ShijiSite(root, honor_xrealip=honor_xrealip), interface=listen_ip) # Set up PID and run try:
def test_secure_cookies_installed(self): "Validate installation of secure cookies secret." auth.install_secure_cookies(["supersecret"]) self.assertEqual(auth.cookie_secrets, ["supersecret"])
print "'auth_args' contents is not valid JSON." sys.exit(-1) auth_module = __import__(auth_mod_name, globals(), locals(), [], -1) auth_class = getattr(auth_module, auth_class_name) auth.install_auth(auth_class(**auth_args)) try: secure_cookies_secrets = json.loads(cfg_central.get("auth", "secure_cookies_secrets"), encoding='ascii') secure_cookies_secrets = [x.encode("ascii") for x in secure_cookies_secrets] except NoOptionError: print "Required option 'secure_cookies_secrets' is missing from 'auth' section." sys.exit(-1) auth.install_secure_cookies(secure_cookies_secrets) # Start up statsd connection if configured if statsd_host: print "API Stats Enabled. (statsd Server:%s:%d Prefix:%s)" % (statsd_host, statsd_port, statsd_scheme) reactor.listenUDP(0, stats.install_stats(statsd_host, statsd_port, statsd_scheme)) # Bind listening server factory to Twisted application reactor.listenTCP(listen_port, foundation.ShijiSite(root, honor_xrealip=honor_xrealip), interface=listen_ip) # Set up PID and run try: if os.path.exists(pid_file): print "Removing stale PID file."