def get(self): """Handle GET.""" try: # already munki authenticated? return, nothing to do. gaeserver.DoMunkiAuth() #logging.info('Uauth: session is already authenticated') return except gaeserver.NotAuthenticated: pass user = users.get_current_user() if not user: #logging.error('Uauth: user is not logged in') raise NotAuthenticated email = user.email() if auth.IsAdminUser(email): a = gaeserver.AuthSimianServer() output = a.SessionCreateUserAuthToken(email, level=gaeserver.LEVEL_ADMIN) elif auth.IsSupportUser(email): a = gaeserver.AuthSimianServer() output = a.SessionCreateUserAuthToken(email, level=gaeserver.LEVEL_BASE) else: logging.error('Uauth: user %s is not an admin', email) raise NotAuthenticated if output: #logging.info('Uauth: success, token = %s', output) self.response.headers['Set-Cookie'] = '%s=%s; secure; httponly;' % ( auth_init.AUTH_TOKEN_COOKIE, output) self.response.out.write(auth_init.AUTH_TOKEN_COOKIE) else: #logging.info('Uauth: unknown token') raise NotAuthenticated
def post(self): """Returns auth token for get method.""" session = gaeserver.DoMunkiAuth() asd = gaeserver.AuthSessionSimianServer() token = None for s in asd.GetByUuid(session.uuid): if s.level != gaeserver.LEVEL_APPLESUS: continue if asd.IsExpired(s): continue assert s.key().name().startswith('t_') token = s.key().name()[2:] if not token: auth1 = gaeserver.AuthSimianServer() # create new token suitable only for applesus. # original token will be destroyed on postflight. token = auth1.SessionCreateUserAuthToken( session.uuid, level=gaeserver.LEVEL_APPLESUS) munki_header = self.request.headers.get(MUNKI_CLIENT_ID_HEADER_KEY, '') # Also store munki header, which contain OS X version and track. d = { 'cookies': auth.CreateAuthTokenCookieStr(token), 'header': self._SanitazeMunkiHeader(munki_header), } self.response.out.write(_EncodeMsg(d))
def testAuthLevel(self): auth1 = gaeserver.AuthSimianServer() token = auth1.SessionCreateUserAuthToken( 'long_uuid', level=gaeserver.LEVEL_APPLESUS) os.environ['HTTP_COOKIE'] = '%s=%s' % (auth.AUTH_TOKEN_COOKIE, token) self.assertRaises(gaeserver.NotAuthenticated, gaeserver.DoMunkiAuth)
def GetAuth1Instance(self, ca_id=None): """Generate an instance of auth1 class and return it. Args: ca_id: str, default None, the ca_id to pass to LoadCaParameters. This value changes the set of server/ca public/priv etc config parameters that is used for the Auth1 communication. """ try: auth1 = gaeserver.AuthSimianServer() auth1.LoadCaParameters(settings, ca_id) except gaeserver.CaParametersError, e: logging.critical('(ca_id = %s) %s' % (ca_id, str(e))) raise base.NotAuthenticated('CaParametersError')
def setUp(self): super(test.AppengineTest, self).setUp() mox.MoxTestBase.setUp(self) self.stubs = stubout.StubOutForTesting() self.aps = gaeserver.AuthSimianServer()
def testDoMunkiAuth(self): """Test DoMunkiAuth().""" level = 123 cookie_str = 'foo=bar' token = 'cookie value for auth.AUTH_TOKEN_COOKIE' uuid = 'session uuid' mock_valobj = self.mox.CreateMockAnything() mock_valobj.value = token mock_session = self.mox.CreateMockAnything() mock_session.uuid = 'session uuid' mock_environ = self.mox.CreateMockAnything() mock_cookie = self.mox.CreateMockAnything() mock_auth1 = self.mox.CreateMockAnything() self.stubs.Set(gaeserver.os, 'environ', mock_environ) self.mox.StubOutWithMock(gaeserver.Cookie, 'SimpleCookie', True) self.mox.StubOutWithMock(gaeserver, 'AuthSimianServer', True) # 0: fake_noauth=True, nothing to mock # test 1: missing cookie mock_environ.get('HTTP_COOKIE', None).AndReturn(None) # test 2: cookie is malformed mock_environ.get('HTTP_COOKIE', None).AndReturn(cookie_str) gaeserver.Cookie.SimpleCookie().AndReturn(mock_cookie) mock_cookie.load(cookie_str).AndRaise(TypeError) # test 3: cookie exists, but isn't ours mock_environ.get('HTTP_COOKIE', None).AndReturn(cookie_str) gaeserver.Cookie.SimpleCookie().AndReturn(mock_cookie) mock_cookie.load(cookie_str).AndRaise(gaeserver.Cookie.CookieError) # test 4: cookie exists, is ours, but token isn't authenticated mock_environ.get('HTTP_COOKIE', None).AndReturn(cookie_str) gaeserver.Cookie.SimpleCookie().AndReturn(mock_cookie) mock_cookie.load(cookie_str).AndReturn(None) mock_cookie.__contains__( gaeserver.auth.AUTH_TOKEN_COOKIE).AndReturn(False) # test 5: GetSessionIfAuthOK() returns false, bad token mock_environ.get('HTTP_COOKIE', None).AndReturn(cookie_str) gaeserver.Cookie.SimpleCookie().AndReturn(mock_cookie) mock_cookie.load(cookie_str).AndReturn(None) mock_cookie.__contains__( gaeserver.auth.AUTH_TOKEN_COOKIE).AndReturn(True) mock_cookie.__getitem__( gaeserver.auth.AUTH_TOKEN_COOKIE).AndReturn(mock_valobj) gaeserver.AuthSimianServer().AndReturn(mock_auth1) mock_cookie.__getitem__( gaeserver.auth.AUTH_TOKEN_COOKIE).AndReturn(mock_valobj) mock_auth1.GetSessionIfAuthOK(token, gaeserver.LEVEL_BASE).AndRaise( gaeserver.base.AuthSessionError) # 6: test all success! mock_environ.get('HTTP_COOKIE', None).AndReturn(cookie_str) gaeserver.Cookie.SimpleCookie().AndReturn(mock_cookie) mock_cookie.load(cookie_str).AndReturn(None) mock_cookie.__contains__( gaeserver.auth.AUTH_TOKEN_COOKIE).AndReturn(True) mock_cookie.__getitem__( gaeserver.auth.AUTH_TOKEN_COOKIE).AndReturn(mock_valobj) gaeserver.AuthSimianServer().AndReturn(mock_auth1) mock_cookie.__getitem__( gaeserver.auth.AUTH_TOKEN_COOKIE).AndReturn(mock_valobj) mock_auth1.GetSessionIfAuthOK(token, level).AndReturn(mock_session) self.mox.ReplayAll() self.assertRaises( gaeserver.NotAuthenticated, gaeserver.DoMunkiAuth, fake_noauth=True) # 0 self.assertRaises(gaeserver.NotAuthenticated, gaeserver.DoMunkiAuth) # 1 self.assertRaises(gaeserver.NotAuthenticated, gaeserver.DoMunkiAuth) # 2 self.assertRaises(gaeserver.NotAuthenticated, gaeserver.DoMunkiAuth) # 3 self.assertRaises(gaeserver.NotAuthenticated, gaeserver.DoMunkiAuth) # 4 self.assertRaises(gaeserver.NotAuthenticated, gaeserver.DoMunkiAuth) # 5 session = gaeserver.DoMunkiAuth(require_level=level) # 6 self.assertEqual(uuid, session.uuid) # 6 self.mox.VerifyAll()
def setUp(self): mox.MoxTestBase.setUp(self) self.stubs = stubout.StubOutForTesting() self.aps = gaeserver.AuthSimianServer()