def test_is_authenticated_get_params(self):
auth = ApiKeyAuthentication()
request = HttpRequest()
# Simulate sending the signal.
john_doe = User.objects.get(username='******')
create_api_key(User, instance=john_doe, created=True)
# No username/api_key details should fail.
self.assertEqual(
isinstance(auth.is_authenticated(request), HttpUnauthorized), True)
# Wrong username details.
request.GET['username'] = '******'
self.assertEqual(
isinstance(auth.is_authenticated(request), HttpUnauthorized), True)
# No api_key.
request.GET['username'] = '******'
self.assertEqual(
isinstance(auth.is_authenticated(request), HttpUnauthorized), True)
# Wrong user/api_key.
request.GET['username'] = '******'
request.GET['api_key'] = 'foo'
self.assertEqual(
isinstance(auth.is_authenticated(request), HttpUnauthorized), True)
# Correct user/api_key.
john_doe = User.objects.get(username='******')
request.GET['username'] = '******'
request.GET['api_key'] = john_doe.api_key.key
self.assertEqual(auth.is_authenticated(request), True)
self.assertEqual(auth.get_identifier(request), 'johndoe')
def test_is_authenticated_get_params(self):
auth = ApiKeyAuthentication()
request = HttpRequest()
# Simulate sending the signal.
john_doe = CustomUser.objects.get(pk=1)
create_api_key(CustomUser, instance=john_doe, created=True)
# No username/api_key details should fail.
self.assertEqual(
isinstance(auth.is_authenticated(request), HttpUnauthorized), True)
# Wrong username (email) details.
request.GET['username'] = '******'
self.assertEqual(
isinstance(auth.is_authenticated(request), HttpUnauthorized), True)
# No api_key.
request.GET['username'] = john_doe.email
self.assertEqual(
isinstance(auth.is_authenticated(request), HttpUnauthorized), True)
# Wrong user/api_key.
request.GET['username'] = john_doe.email
request.GET['api_key'] = 'foo'
self.assertEqual(
isinstance(auth.is_authenticated(request), HttpUnauthorized), True)
# Correct user/api_key.
ApiKey.objects.all().delete()
create_api_key(CustomUser, instance=john_doe, created=True)
request.GET['username'] = john_doe.email
request.GET['api_key'] = john_doe.api_key.key
self.assertEqual(auth.is_authenticated(request), True)
self.assertEqual(auth.get_identifier(request), john_doe.email)
def test_is_authenticated_header(self):
auth = ApiKeyAuthentication()
request = HttpRequest()
# Simulate sending the signal.
john_doe = User.objects.get(username='******')
create_api_key(User, instance=john_doe, created=True)
# No username/api_key details should fail.
self.assertEqual(isinstance(auth.is_authenticated(request), HttpUnauthorized), True)
# Wrong username details.
request.META['HTTP_AUTHORIZATION'] = 'foo'
self.assertEqual(isinstance(auth.is_authenticated(request), HttpUnauthorized), True)
# No api_key.
request.META['HTTP_AUTHORIZATION'] = 'ApiKey daniel'
self.assertEqual(isinstance(auth.is_authenticated(request), HttpUnauthorized), True)
# Wrong user/api_key.
request.META['HTTP_AUTHORIZATION'] = 'ApiKey daniel:pass'
self.assertEqual(isinstance(auth.is_authenticated(request), HttpUnauthorized), True)
# Correct user/api_key.
john_doe = User.objects.get(username='******')
request.META['HTTP_AUTHORIZATION'] = 'ApiKey johndoe:%s' % john_doe.api_key.key
self.assertEqual(auth.is_authenticated(request), True)
# Capitalization shouldn't matter.
john_doe = User.objects.get(username='******')
request.META['HTTP_AUTHORIZATION'] = 'aPiKeY johndoe:%s' % john_doe.api_key.key
self.assertEqual(auth.is_authenticated(request), True)
def test_is_authenticated(self):
auth = ApiKeyAuthentication()
request = HttpRequest()
# Simulate sending the signal.
john_doe = User.objects.get(username="******")
create_api_key(User, instance=john_doe, created=True)
# No username/api_key details should fail.
self.assertEqual(isinstance(auth.is_authenticated(request), HttpUnauthorized), True)
# Wrong username details.
request.GET["username"] = "******"
self.assertEqual(isinstance(auth.is_authenticated(request), HttpUnauthorized), True)
# No api_key.
request.GET["username"] = "******"
self.assertEqual(isinstance(auth.is_authenticated(request), HttpUnauthorized), True)
# Wrong user/api_key.
request.GET["username"] = "******"
request.GET["api_key"] = "foo"
self.assertEqual(isinstance(auth.is_authenticated(request), HttpUnauthorized), True)
# Correct user/api_key.
john_doe = User.objects.get(username="******")
request.GET["username"] = "******"
request.GET["api_key"] = john_doe.api_key.key
self.assertEqual(auth.is_authenticated(request), True)
def test_is_authenticated_header(self):
auth = ApiKeyAuthentication()
request = HttpRequest()
# Simulate sending the signal.
john_doe = User.objects.get(username='******')
create_api_key(User, instance=john_doe, created=True)
# No username/api_key details should fail.
self.assertEqual(isinstance(auth.is_authenticated(request), HttpUnauthorized), True)
# Wrong username details.
request.META['HTTP_AUTHORIZATION'] = 'foo'
self.assertEqual(isinstance(auth.is_authenticated(request), HttpUnauthorized), True)
# No api_key.
request.META['HTTP_AUTHORIZATION'] = 'ApiKey daniel'
self.assertEqual(isinstance(auth.is_authenticated(request), HttpUnauthorized), True)
# Wrong user/api_key.
request.META['HTTP_AUTHORIZATION'] = 'ApiKey daniel:pass'
self.assertEqual(isinstance(auth.is_authenticated(request), HttpUnauthorized), True)
# Correct user/api_key.
john_doe = User.objects.get(username='******')
request.META['HTTP_AUTHORIZATION'] = 'ApiKey johndoe:%s' % john_doe.api_key.key
self.assertEqual(auth.is_authenticated(request), True)
# Capitalization shouldn't matter.
john_doe = User.objects.get(username='******')
request.META['HTTP_AUTHORIZATION'] = 'aPiKeY johndoe:%s' % john_doe.api_key.key
self.assertEqual(auth.is_authenticated(request), True)
def setUp(self):
super(UserResourceTestCase, self).setUp()
create_api_key(User, instance=self.user, created=True)
self.client = TestClient(
path="/api/v1/user/",
data={"email": "*****@*****.**", "username": self.user.email, "api_key": self.user.api_key.key},
)
def test_whitelisting(self):
auth = DigestAuthentication(whitelisted_methods=['a_method'])
request = HttpRequest()
# Simulate sending the signal.
john_doe = User.objects.get(username='******')
create_api_key(User, instance=john_doe, created=True)
# Calling with a whitelisted method_name without credentials should work
self.assertEqual(auth.is_authenticated(request, method_name='a_method'), True)
# Calling any other method should require the Api Key
self.assertEqual(isinstance(auth.is_authenticated(request, method_name='another_method'), HttpUnauthorized), True)
# Correct digest
john_doe = User.objects.get(username='******')
request.META['HTTP_AUTHORIZATION'] = python_digest.build_authorization_request(
john_doe.username,
request.method,
'/', # uri
1, # nonce_count
digest_challenge=auth.is_authenticated(request)['WWW-Authenticate'],
password=john_doe.api_key.key
)
self.assertEqual(auth.is_authenticated(request, method_name="another_method"), True)
self.assertEqual(auth.is_authenticated(request, method_name="a_method"), True)
def create_api_key_wrapper(sender, **kwargs):
'''
will wrap the original create_api_key func in order
to prevent post save signal while using fixtures in testing since
causes integration error.
'''
create_api_key(sender, **kwargs)
def test_is_authenticated_get_params(self):
auth = ApiKeyAuthentication()
request = HttpRequest()
# Simulate sending the signal.
john_doe = User.objects.get(username='******')
create_api_key(User, instance=john_doe, created=True)
# No username/api_key details should fail.
self.assertEqual(isinstance(auth.is_authenticated(request), HttpUnauthorized), True)
# Wrong username details.
request.GET['username'] = '******'
self.assertEqual(isinstance(auth.is_authenticated(request), HttpUnauthorized), True)
# No api_key.
request.GET['username'] = '******'
self.assertEqual(isinstance(auth.is_authenticated(request), HttpUnauthorized), True)
# Wrong user/api_key.
request.GET['username'] = '******'
request.GET['api_key'] = 'foo'
self.assertEqual(isinstance(auth.is_authenticated(request), HttpUnauthorized), True)
# Correct user/api_key.
john_doe = User.objects.get(username='******')
request.GET['username'] = '******'
request.GET['api_key'] = john_doe.api_key.key
self.assertEqual(auth.is_authenticated(request), True)
self.assertEqual(auth.get_identifier(request), 'johndoe')
def test_is_authenticated_get_params(self):
auth = ApiKeyAuthentication()
request = HttpRequest()
# Simulate sending the signal.
john_doe = CustomUser.objects.get(pk=1)
create_api_key(CustomUser, instance=john_doe, created=True)
# No username/api_key details should fail.
self.assertEqual(isinstance(auth.is_authenticated(request), HttpUnauthorized), True)
# Wrong username (email) details.
request.GET['username'] = '******'
self.assertEqual(isinstance(auth.is_authenticated(request), HttpUnauthorized), True)
# No api_key.
request.GET['username'] = john_doe.email
self.assertEqual(isinstance(auth.is_authenticated(request), HttpUnauthorized), True)
# Wrong user/api_key.
request.GET['username'] = john_doe.email
request.GET['api_key'] = 'foo'
self.assertEqual(isinstance(auth.is_authenticated(request), HttpUnauthorized), True)
# Correct user/api_key.
ApiKey.objects.all().delete()
create_api_key(CustomUser, instance=john_doe, created=True)
request.GET['username'] = john_doe.email
request.GET['api_key'] = john_doe.api_key.key
self.assertEqual(auth.is_authenticated(request), True)
self.assertEqual(auth.get_identifier(request), john_doe.email)
def obj_create(self, bundle, **kwargs):
provider = bundle.data['provider']
access_token = bundle.data['access_token']
Backend = BACKENDS[provider]
backend = Backend(request=bundle.request, redirect='/')
user = backend.do_auth(access_token)
print user
if user and user.is_active:
bundle.obj = user
try:
key = ApiKey.objects.get(user=user)
except ApiKey.DoesNotExist:
create_api_key(User, instance=user, created=True)
key = ApiKey.objects.get(user=user)
bundle.data['key'] = key.key
bundle.data['is_new'] = user.is_new
return bundle
else:
raise BadRequest("Error authenticating user with this provider")
def create_user_profile_and_apikey(sender, instance, created, **kwargs):
if instance.is_superuser:
return
if created:
UserProfile.objects.create(user=instance,
mobile=gen_temp_token(11),
nickname=instance.username)
create_api_key(User, instance=instance, created=True)
def setUp(self):
self.user = UserFactory()
self.client = TestClient()
create_api_key(User, instance=self.user, created=True)
self.data = {'email': '*****@*****.**',
'username': self.user.email,
'api_key': self.user.api_key.key
}
def setUp(self):
super(UserResourceTests, self).setUp()
create_api_key(User, instance=self.user, created=True)
self.client = TestClient(
path='/api/v1/user/',
data={'email': '*****@*****.**',
'username': self.user.email,
'api_key': self.user.api_key.key})
def test_check_active_true(self):
auth = ApiKeyAuthentication()
request = HttpRequest()
bob_doe = User.objects.get(username="******")
create_api_key(User, instance=bob_doe, created=True)
request.META["HTTP_AUTHORIZATION"] = "ApiKey bobdoe:%s" % bob_doe.api_key.key
self.assertEqual(auth.is_authenticated(request), False)
def test_check_active_false(self):
auth = BasicAuthentication(require_active=False)
request = HttpRequest()
bob_doe = User.objects.get(username='******')
create_api_key(User, instance=bob_doe, created=True)
request.META['HTTP_AUTHORIZATION'] = 'ApiKey bobdoe:%s' % bob_doe.api_key.key
self.assertTrue(auth.is_authenticated(request))
def test_check_active_true(self):
auth = ApiKeyAuthentication()
request = HttpRequest()
bob_doe = User.objects.get(username='******')
create_api_key(User, instance=bob_doe, created=True)
request.META['HTTP_AUTHORIZATION'] = 'ApiKey bobdoe:%s' % bob_doe.api_key.key
self.assertFalse(auth.is_authenticated(request))
def setUp(self):
self.user = UserFactory()
self.client = TestClient()
create_api_key(User, instance=self.user, created=True)
self.data = {'email': '*****@*****.**',
'username': self.user.email,
'api_key': self.user.api_key.key
}
def setUp(self):
super(SavedSearchResourceTestCase, self).setUp()
self.client = TestClient(
path="/api/v1/savedsearch/", data={"email": "*****@*****.**", "url": "www.my.jobs/jobs"}
)
create_api_key(User, instance=self.user, created=True)
self.client.data["username"] = self.user.email
self.client.data["api_key"] = self.user.api_key.key
def setUp(self):
super(ApiKeyAuthenticationTestCase, self).setUp()
ApiKey.objects.all().delete()
self.auth = ApiKeyAuthentication()
self.request = HttpRequest()
# Simulate sending the signal.
user = User.objects.get(username='******')
create_api_key(User, instance=user, created=True)
def setUp(self):
"""
Creates an api key for test user(from fixture) and sets permission to add logmessages
"""
super(RestTest, self).setUp()
ApiKey.objects.all().delete()
create_api_key(User, instance=User.objects.get(username=self.username), created=True)
add_logmessage = Permission.objects.get(codename='add_logmessage')
User.objects.get(username=self.username).user_permissions.add(add_logmessage)
def setUp(self):
user = User.objects.create_user(username='******', email='*****@*****.**', password=None)
client = Clients.objects.get(pk=1)
Clients2Users.objects.create(user=Users.objects.get(email='*****@*****.**'), client=client)
try:
create_api_key(sender=User, instance=user, created=True)
except:
pass
self.data = {'username':user.email, 'api_key':user.api_key.key}
def setUp(self):
super(SavedSearchResourceTests, self).setUp()
self.client = TestClient(
path='/api/v1/savedsearch/',
data={'email': '*****@*****.**',
'url': 'www.my.jobs/jobs'})
create_api_key(User, instance=self.user, created=True)
self.client.data['username'] = self.user.email
self.client.data['api_key'] = self.user.api_key.key
def setUp(self):
super(UserResourceTestCase, self).setUp()
create_api_key(User, instance=self.user, created=True)
self.client = TestClient(path='/api/v1/user/',
data={
'email': '*****@*****.**',
'username': self.user.email,
'api_key': self.user.api_key.key
})
def setUp(self):
super(ApiKeyAuthenticationTestCase, self).setUp()
ApiKey.objects.all().delete()
self.auth = ApiKeyAuthentication()
self.request = HttpRequest()
# Simulate sending the signal.
user = User.objects.get(username='******')
create_api_key(User, instance=user, created=True)
def test_check_active_false(self):
user_class = get_user_model()
auth = BasicAuthentication(require_active=False)
request = HttpRequest()
bob_doe = user_class.objects.get(**{user_class.USERNAME_FIELD: 'bobdoe'})
create_api_key(User, instance=bob_doe, created=True)
request.META['HTTP_AUTHORIZATION'] = 'ApiKey bobdoe:%s' % bob_doe.api_key.key
self.assertTrue(auth.is_authenticated(request))
def _create_api_key(sender, *args, **kwargs):
"""Create API key for every user, for TastyPie.
We don't want to run this in our tests because our fixtures provision a
custom key. Tell me there is a better way to do this that does not require
more scattering of signal business.
"""
if "pytest" in sys.modules:
return
create_api_key(sender, **kwargs)
def setUp(self):
super(SavedSearchResourceTestCase, self).setUp()
self.client = TestClient(path='/api/v1/savedsearch/',
data={
'email': '*****@*****.**',
'url': 'www.my.jobs/jobs'
})
create_api_key(User, instance=self.user, created=True)
self.client.data['username'] = self.user.email
self.client.data['api_key'] = self.user.api_key.key
def setUp(self):
super(SavedSearchResourceTests, self).setUp()
self.user = UserFactory()
self.client = TestClient()
self.data = {'email':'*****@*****.**', 'url':'www.my.jobs/jobs'}
create_api_key(User, instance=self.user, created=True)
self.credentials = (self.user.email, self.user.api_key.key)
self.r = Replacer()
self.r.replace('urllib2.urlopen', return_file)
def test_check_active_false(self):
if django.VERSION >= (1, 10):
# Authenticating inactive users via ModelUserBackend not supported for Django >= 1.10"
return
auth = BasicAuthentication(require_active=False)
request = HttpRequest()
bob_doe = User.objects.get(username='******')
create_api_key(User, instance=bob_doe, created=True)
request.META['HTTP_AUTHORIZATION'] = 'ApiKey bobdoe:%s' % bob_doe.api_key.key
self.assertTrue(auth.is_authenticated(request))
def setUp(self):
super(SavedSearchResourceTests, self).setUp()
self.user = UserFactory()
self.client = TestClient()
self.data = {'email':'*****@*****.**', 'url':'www.my.jobs/jobs'}
create_api_key(User, instance=self.user, created=True)
self.credentials = (self.user.email, self.user.api_key.key)
self.r = Replacer()
self.r.replace('urllib2.urlopen', return_file)
def test_check_active_false(self):
user_class = get_user_model()
auth = BasicAuthentication(require_active=False)
request = HttpRequest()
bob_doe = user_class.objects.get(
**{user_class.USERNAME_FIELD: 'bobdoe'})
create_api_key(User, instance=bob_doe, created=True)
request.META[
'HTTP_AUTHORIZATION'] = 'ApiKey bobdoe:%s' % bob_doe.api_key.key
self.assertTrue(auth.is_authenticated(request))
def test_is_authenticated(self):
auth = DigestAuthentication()
request = HttpRequest()
# Simulate sending the signal.
john_doe = User.objects.get(username='******')
create_api_key(User, instance=john_doe, created=True)
# No HTTP Basic auth details should fail.
auth_request = auth.is_authenticated(request)
self.assertEqual(isinstance(auth_request, HttpUnauthorized), True)
# HttpUnauthorized with auth type and realm
self.assertEqual(auth_request['WWW-Authenticate'].find('Digest'), 0)
self.assertEqual(
auth_request['WWW-Authenticate'].find(' realm="django-tastypie"') >
0, True)
self.assertEqual(auth_request['WWW-Authenticate'].find(' opaque=') > 0,
True)
self.assertEqual(auth_request['WWW-Authenticate'].find('nonce=') > 0,
True)
# Wrong basic auth details.
request.META['HTTP_AUTHORIZATION'] = 'abcdefg'
auth_request = auth.is_authenticated(request)
self.assertEqual(isinstance(auth_request, HttpUnauthorized), True)
# No password.
request.META['HTTP_AUTHORIZATION'] = base64.b64encode(
'daniel'.encode('utf-8')).decode('utf-8')
auth_request = auth.is_authenticated(request)
self.assertEqual(isinstance(auth_request, HttpUnauthorized), True)
# Wrong user/password.
request.META['HTTP_AUTHORIZATION'] = base64.b64encode(
'daniel:pass'.encode('utf-8')).decode('utf-8')
auth_request = auth.is_authenticated(request)
self.assertEqual(isinstance(auth_request, HttpUnauthorized), True)
# Correct user/password.
john_doe = User.objects.get(username='******')
request.META[
'HTTP_AUTHORIZATION'] = python_digest.build_authorization_request(
username=john_doe.username,
method=request.method,
uri='/',
nonce_count=1,
digest_challenge=python_digest.parse_digest_challenge(
auth_request['WWW-Authenticate']),
password=john_doe.api_key.key)
auth_request = auth.is_authenticated(request)
self.assertEqual(auth_request, True)
def setUp(self):
super(SavedSearchResourceTests, self).setUp()
self.user = UserFactory()
self.client = TestClient(
path='/api/v1/savedsearch/',
data={'email': '*****@*****.**',
'url': 'www.my.jobs/jobs'})
create_api_key(User, instance=self.user, created=True)
self.credentials = (self.user.email, self.user.api_key.key)
self.patcher = patch('urllib2.urlopen', return_file())
self.patcher.start()
def banyanuser_post_save(sender, **kwargs):
from tastypie.models import create_api_key
from accounts.tasks import new_user, update_user_groups
user = kwargs.get('instance')
create_api_key(sender, **kwargs)
update_user_groups.delay(user)
if kwargs.get('created') is False:
return
user = kwargs.get('instance')
new_user.delay(user)
def banyanuser_post_save(sender, **kwargs):
from tastypie.models import create_api_key
from accounts.tasks import new_user, update_user_groups
user = kwargs.get('instance')
create_api_key(sender, **kwargs)
update_user_groups.delay(user)
if kwargs.get('created') is False:
return
user = kwargs.get('instance')
new_user.delay(user)
def create_api_key_ignore_dberrors(*args, **kwargs):
try:
return create_api_key(*args, **kwargs)
except DatabaseError:
# no such table yet, first syncdb
from django.db import transaction
transaction.rollback_unless_managed()
def create_api_key_ignore_dberrors(*args, **kwargs):
try:
return create_api_key(*args, **kwargs)
except DatabaseError:
# no such table yet, first syncdb
from django.db import transaction
transaction.rollback_unless_managed()
def save(self, commit=True, force_insert=False, force_update=False, *args, **kwargs):
reg = re.compile('^[\w.@+-]+$')
reg.match(self.username)
if not self.username or not reg.match(self.username):
if not self.username:
self.username = rewrite_username(self.email)
password = self.password
is_new = self.pk is None
is_same_password = self.password == self.var_cache['password']
# WTF Django security
if self.password and not is_same_password and not self.password.startswith('pbkdf2_sha256$'):
self.set_password(self.password)
elif self.id and not self.password:
from account.models import User as AccountUser
user = AccountUser.objects.get(id=self.id)
if user.password:
self.password = user.password
elif is_new and not is_same_password:
self.set_password(str(uuid1())[0: 10].replace('-', ''))
if is_new and settings.REGISTER_CONFIRM:
self.status = STATUS_PENDING
super(User, self).save(*args, **kwargs)
if is_new and self.id:
# For api login
create_api_key(self.__class__, instance=self, created=True)
if not password:
self.send_email_confirm(
email_template_name='account/email/register_email.html',
subject_template_name='account/email/register_email_subject.txt'
)
cache.delete('user--%s' % self.id)
def test_check_active_true(self):
auth = DigestAuthentication()
request = HttpRequest()
bob_doe = User.objects.get(username="******")
create_api_key(User, instance=bob_doe, created=True)
auth_request = auth.is_authenticated(request)
request.META["HTTP_AUTHORIZATION"] = python_digest.build_authorization_request(
username=bob_doe.username,
method=request.method,
uri="/",
nonce_count=1,
digest_challenge=python_digest.parse_digest_challenge(auth_request["WWW-Authenticate"]),
password=bob_doe.api_key.key,
)
auth_request = auth.is_authenticated(request)
self.assertFalse(auth_request)
def test_check_active_true(self):
auth = DigestAuthentication()
request = HttpRequest()
bob_doe = User.objects.get(username='******')
create_api_key(User, instance=bob_doe, created=True)
auth_request = auth.is_authenticated(request)
request.META['HTTP_AUTHORIZATION'] = python_digest.build_authorization_request(
bob_doe.username,
request.method,
'/', # uri
1, # nonce_count
digest_challenge=auth_request['WWW-Authenticate'],
password=bob_doe.api_key.key
)
auth_request = auth.is_authenticated(request)
self.assertFalse(auth_request)
def test_check_active_false(self):
auth = DigestAuthentication(require_active=False)
request = HttpRequest()
bob_doe = User.objects.get(username='******')
create_api_key(User, instance=bob_doe, created=True)
auth_request = auth.is_authenticated(request)
request.META[
'HTTP_AUTHORIZATION'] = python_digest.build_authorization_request(
bob_doe.username,
request.method,
'/', # uri
1, # nonce_count
digest_challenge=auth_request['WWW-Authenticate'],
password=bob_doe.api_key.key)
auth_request = auth.is_authenticated(request)
self.assertTrue(auth_request, True)
def test_check_active_false(self):
auth = DigestAuthentication(require_active=False)
request = HttpRequest()
bob_doe = User.objects.get(username='******')
create_api_key(User, instance=bob_doe, created=True)
auth_request = auth.is_authenticated(request)
request.META['HTTP_AUTHORIZATION'] = python_digest.build_authorization_request(
username=bob_doe.username,
method=request.method,
uri='/',
nonce_count=1,
digest_challenge=python_digest.parse_digest_challenge(auth_request['WWW-Authenticate']),
password=bob_doe.api_key.key
)
auth_request = auth.is_authenticated(request)
self.assertTrue(auth_request, True)
def test_check_active_true(self):
auth = DigestAuthentication()
request = HttpRequest()
bob_doe = User.objects.get(username='******')
create_api_key(User, instance=bob_doe, created=True)
auth_request = auth.is_authenticated(request)
request.META['HTTP_AUTHORIZATION'] = python_digest.build_authorization_request(
username=bob_doe.username,
method=request.method,
uri='/',
nonce_count=1,
digest_challenge=python_digest.parse_digest_challenge(auth_request['WWW-Authenticate']),
password=bob_doe.api_key.key
)
auth_request = auth.is_authenticated(request)
self.assertFalse(auth_request)
def test_is_authenticated(self):
auth = DigestAuthentication()
request = HttpRequest()
# Simulate sending the signal.
john_doe = User.objects.get(username="******")
create_api_key(User, instance=john_doe, created=True)
# No HTTP Basic auth details should fail.
auth_request = auth.is_authenticated(request)
self.assertEqual(isinstance(auth_request, HttpUnauthorized), True)
# HttpUnauthorized with auth type and realm
self.assertEqual(auth_request["WWW-Authenticate"].find("Digest"), 0)
self.assertEqual(auth_request["WWW-Authenticate"].find(' realm="django-tastypie"') > 0, True)
self.assertEqual(auth_request["WWW-Authenticate"].find(" opaque=") > 0, True)
self.assertEqual(auth_request["WWW-Authenticate"].find("nonce=") > 0, True)
# Wrong basic auth details.
request.META["HTTP_AUTHORIZATION"] = "abcdefg"
auth_request = auth.is_authenticated(request)
self.assertEqual(isinstance(auth_request, HttpUnauthorized), True)
# No password.
request.META["HTTP_AUTHORIZATION"] = base64.b64encode("daniel")
auth_request = auth.is_authenticated(request)
self.assertEqual(isinstance(auth_request, HttpUnauthorized), True)
# Wrong user/password.
request.META["HTTP_AUTHORIZATION"] = base64.b64encode("daniel:pass")
auth_request = auth.is_authenticated(request)
self.assertEqual(isinstance(auth_request, HttpUnauthorized), True)
# Correct user/password.
john_doe = User.objects.get(username="******")
request.META["HTTP_AUTHORIZATION"] = python_digest.build_authorization_request(
john_doe.username,
request.method,
"/", # uri
1, # nonce_count
digest_challenge=auth_request["WWW-Authenticate"],
password=john_doe.api_key.key,
)
auth_request = auth.is_authenticated(request)
self.assertEqual(auth_request, True)
def test_is_authenticated(self):
auth = DigestAuthentication()
request = HttpRequest()
# Simulate sending the signal.
john_doe = User.objects.get(username='******')
create_api_key(User, instance=john_doe, created=True)
# No HTTP Basic auth details should fail.
auth_request = auth.is_authenticated(request)
self.assertEqual(isinstance(auth_request, HttpUnauthorized), True)
# HttpUnauthorized with auth type and realm
self.assertEqual(auth_request['WWW-Authenticate'].find('Digest'), 0)
self.assertEqual(auth_request['WWW-Authenticate'].find(' realm="django-tastypie"') > 0, True)
self.assertEqual(auth_request['WWW-Authenticate'].find(' opaque=') > 0, True)
self.assertEqual(auth_request['WWW-Authenticate'].find('nonce=') > 0, True)
# Wrong basic auth details.
request.META['HTTP_AUTHORIZATION'] = 'abcdefg'
auth_request = auth.is_authenticated(request)
self.assertEqual(isinstance(auth_request, HttpUnauthorized), True)
# No password.
request.META['HTTP_AUTHORIZATION'] = base64.b64encode('daniel'.encode('utf-8')).decode('utf-8')
auth_request = auth.is_authenticated(request)
self.assertEqual(isinstance(auth_request, HttpUnauthorized), True)
# Wrong user/password.
request.META['HTTP_AUTHORIZATION'] = base64.b64encode('daniel:pass'.encode('utf-8')).decode('utf-8')
auth_request = auth.is_authenticated(request)
self.assertEqual(isinstance(auth_request, HttpUnauthorized), True)
# Correct user/password.
john_doe = User.objects.get(username='******')
request.META['HTTP_AUTHORIZATION'] = python_digest.build_authorization_request(
username=john_doe.username,
method=request.method,
uri='/',
nonce_count=1,
digest_challenge=python_digest.parse_digest_challenge(auth_request['WWW-Authenticate']),
password=john_doe.api_key.key
)
auth_request = auth.is_authenticated(request)
self.assertEqual(auth_request, True)
def test_check_active_false(self):
if django.VERSION >= (1, 10):
# Authenticating inactive users via ModelUserBackend not supported for Django >= 1.10"
return
auth = DigestAuthentication(require_active=False)
request = HttpRequest()
bob_doe = User.objects.get(username='******')
create_api_key(User, instance=bob_doe, created=True)
auth_request = auth.is_authenticated(request)
request.META['HTTP_AUTHORIZATION'] = python_digest.build_authorization_request(
bob_doe.username,
request.method,
'/', # uri
1, # nonce_count
digest_challenge=auth_request['WWW-Authenticate'],
password=bob_doe.api_key.key
)
auth_request = auth.is_authenticated(request)
self.assertTrue(auth_request, True)
def test_whitelisting(self):
auth = ApiKeyAuthentication(whitelisted_methods=['a_method'])
request = HttpRequest()
# Simulate sending the signal.
john_doe = User.objects.get(username='******')
create_api_key(User, instance=john_doe, created=True)
# Calling with a whitelisted method_name without credentials should work
self.assertEqual(auth.is_authenticated(request, method_name='a_method'), True)
# Calling any other method should require the Api Key
self.assertEqual(isinstance(auth.is_authenticated(request, method_name='another_method'), HttpUnauthorized), True)
# Correct user/api_key
john_doe = User.objects.get(username='******')
request.GET['username'] = '******'
request.GET['api_key'] = john_doe.api_key.key
self.assertEqual(auth.is_authenticated(request, method_name="another_method"), True)
self.assertEqual(auth.get_identifier(request), 'johndoe')
self.assertEqual(auth.is_authenticated(request, method_name="a_method"), True)
self.assertEqual(auth.get_identifier(request), 'johndoe')
def authenticate(self, username=None, password=None, **kwargs):
puppet_user = UserAuthentication.check_user(username)
if puppet_user is False:
logger.error('Connection Failed')
return None
if puppet_user is None:
logger.error('Nothing is return from puppetdb')
return None
if puppet_user and \
UserAuthentication.verify_password(puppet_user, password):
new_user, created = User.objects.get_or_create(username=username)
user_groups = puppet_user.parameters['groups']
create_api_key(self, instance=new_user, created=created)
if settings.PUPPETDB_ADMIN_GROUP in user_groups:
new_user.is_staff = 1
new_user.is_superuser = 1
new_user.save()
return new_user
def user_post_save(sender, **kwargs):
from tastypie.models import create_api_key
create_api_key(sender, **kwargs)
def create_user_profile_and_apikey(sender, instance, created, **kwargs):
if instance.is_superuser:
return
if created:
VaultUser.objects.create(user=instance, )
create_api_key(User, instance=instance, created=True)
def create_apikey(sender, instance, **kwargs):
if instance.is_api is True:
from tastypie.models import create_api_key
create_api_key(sender, instance, **kwargs)
def create_user_api_key(sender, **kwargs):
"""
Auto-create ApiKey objects using Tastypie's create_api_key
"""
from tastypie.models import create_api_key
create_api_key(User, **kwargs)
def create_user_api_key(sender, **kwargs):
"""
Auto-create ApiKey objects using Tastypie's create_api_key
"""
from tastypie.models import create_api_key
create_api_key(User, **kwargs)
def create_user_api_key(sender, **kwargs):
from tastypie.models import create_api_key
create_api_key(User, **kwargs)
def forwards(self, orm):
for u in get_user_model().objects.all():
create_api_key(None, instance=u, created=True)
def create_user_api_key(sender, **kwargs):
from tastypie.models import create_api_key
create_api_key(User, **kwargs)
def create_user_api_key(sender, **kwargs):
from tastypie.models import create_api_key
user = kwargs.get('instance')
if user.is_active:
create_api_key(User, **kwargs)
def create_api_key_ignore_dberrors(*args, **kwargs):
try:
return create_api_key(*args, **kwargs)
except DatabaseError:
pass # no such table yet, first syncdb
