def setUp(self):
self.store = FakeSecretsStore({
"secrets": {
"secret/authentication/public-key": {
"type": "versioned",
"current": AUTH_TOKEN_PUBLIC_KEY,
}
},
})
self.factory = EdgeRequestContextFactory(self.store)
def setUp(self):
configurator = Configurator()
configurator.add_route("example", "/example", request_method="GET")
configurator.add_route("trace_context",
"/trace_context",
request_method="GET")
configurator.add_view(example_application,
route_name="example",
renderer="json")
configurator.add_view(local_tracing_within_context,
route_name="trace_context",
renderer="json")
configurator.add_view(render_exception_view,
context=ControlFlowException,
renderer="json")
configurator.add_view(render_bad_exception_view,
context=ControlFlowException2,
renderer="json")
mock_filewatcher = mock.Mock(spec=FileWatcher)
mock_filewatcher.get_data.return_value = {
"secrets": {
"secret/authentication/public-key": {
"type": "versioned",
"current": AUTH_TOKEN_PUBLIC_KEY,
}
},
"vault": {
"token": "test",
"url": "http://vault.example.com:8200/"
},
}
secrets = SecretsStore("/secrets")
secrets._filewatcher = mock_filewatcher
self.observer = mock.Mock(spec=BaseplateObserver)
self.server_observer = mock.Mock(spec=ServerSpanObserver)
def _register_mock(context, server_span):
server_span.register(self.server_observer)
self.observer.on_server_span_created.side_effect = _register_mock
self.baseplate = Baseplate()
self.baseplate.register(self.observer)
self.baseplate_configurator = BaseplateConfigurator(
self.baseplate,
trust_trace_headers=True,
edge_context_factory=EdgeRequestContextFactory(secrets),
)
configurator.include(self.baseplate_configurator.includeme)
self.context_init_event_subscriber = mock.Mock()
configurator.add_subscriber(self.context_init_event_subscriber,
ServerSpanInitialized)
app = configurator.make_wsgi_app()
self.test_app = webtest.TestApp(app)
def setUp(self):
mock_filewatcher = mock.Mock(spec=FileWatcher)
mock_filewatcher.get_data.return_value = {
"secrets": {
"secret/authentication/public-key": {
"type": "versioned",
"current": AUTH_TOKEN_PUBLIC_KEY,
}
},
"vault": {
"token": "test",
"url": "http://vault.example.com:8200/"
},
}
self.store = SecretsStore("/secrets")
self.store._filewatcher = mock_filewatcher
self.factory = EdgeRequestContextFactory(self.store)
def make_edge_context_factory():
secrets = FakeSecretsStore(
{
"secrets": {
"secret/authentication/public-key": {
"type": "versioned",
"current": AUTH_TOKEN_PUBLIC_KEY,
}
},
}
)
return EdgeRequestContextFactory(secrets)
class EdgeRequestContextTests(unittest.TestCase):
LOID_ID = "t2_deadbeef"
LOID_CREATED_MS = 100000
SESSION_ID = "beefdead"
DEVICE_ID = "becc50f6-ff3d-407a-aa49-fa49531363be"
ORIGIN_NAME = "baseplate"
def setUp(self):
mock_filewatcher = mock.Mock(spec=FileWatcher)
mock_filewatcher.get_data.return_value = {
"secrets": {
"secret/authentication/public-key": {
"type": "versioned",
"current": AUTH_TOKEN_PUBLIC_KEY,
}
},
"vault": {
"token": "test",
"url": "http://vault.example.com:8200/"
},
}
self.store = SecretsStore("/secrets")
self.store._filewatcher = mock_filewatcher
self.factory = EdgeRequestContextFactory(self.store)
def test_create(self):
request_context = self.factory.new(
authentication_token=AUTH_TOKEN_VALID,
loid_id=self.LOID_ID,
loid_created_ms=self.LOID_CREATED_MS,
session_id=self.SESSION_ID,
device_id=self.DEVICE_ID,
origin_service_name=self.ORIGIN_NAME,
)
self.assertIsNot(request_context._t_request, None)
self.assertEqual(request_context._header,
SERIALIZED_EDGECONTEXT_WITH_VALID_AUTH)
def test_create_validation(self):
with self.assertRaises(ValueError):
self.factory.new(
authentication_token=None,
loid_id="abc123",
loid_created_ms=self.LOID_CREATED_MS,
session_id=self.SESSION_ID,
)
def test_create_empty_context(self):
request_context = self.factory.new()
self.assertEqual(
request_context._header,
b"\x0c\x00\x01\x00\x0c\x00\x02\x00\x0c\x00\x04\x00\x0c\x00\x05\x00\x00",
)
def test_logged_out_user(self):
request_context = self.factory.from_upstream(
SERIALIZED_EDGECONTEXT_WITH_NO_AUTH)
with self.assertRaises(NoAuthenticationError):
request_context.user.id
with self.assertRaises(NoAuthenticationError):
request_context.user.roles
self.assertFalse(request_context.user.is_logged_in)
self.assertEqual(request_context.user.loid, self.LOID_ID)
self.assertEqual(request_context.user.cookie_created_ms,
self.LOID_CREATED_MS)
with self.assertRaises(NoAuthenticationError):
request_context.oauth_client.id
with self.assertRaises(NoAuthenticationError):
request_context.oauth_client.is_type("third_party")
self.assertEqual(request_context.session.id, self.SESSION_ID)
self.assertEqual(request_context.device.id, self.DEVICE_ID)
self.assertEqual(
request_context.event_fields(),
{
"user_id": self.LOID_ID,
"logged_in": False,
"cookie_created_timestamp": self.LOID_CREATED_MS,
"session_id": self.SESSION_ID,
"oauth_client_id": None,
"device_id": self.DEVICE_ID,
},
)
@unittest.skipIf(not cryptography_installed, "cryptography not installed")
def test_logged_in_user(self):
request_context = self.factory.from_upstream(
SERIALIZED_EDGECONTEXT_WITH_VALID_AUTH)
self.assertEqual(request_context.user.id, "t2_example")
self.assertTrue(request_context.user.is_logged_in)
self.assertEqual(request_context.user.loid, self.LOID_ID)
self.assertEqual(request_context.user.cookie_created_ms,
self.LOID_CREATED_MS)
self.assertEqual(request_context.user.roles, set())
self.assertFalse(request_context.user.has_role("test"))
self.assertIs(request_context.oauth_client.id, None)
self.assertFalse(request_context.oauth_client.is_type("third_party"))
self.assertEqual(request_context.session.id, self.SESSION_ID)
self.assertEqual(request_context.device.id, self.DEVICE_ID)
self.assertEqual(request_context.origin_service.name, self.ORIGIN_NAME)
self.assertEqual(
request_context.event_fields(),
{
"user_id": "t2_example",
"logged_in": True,
"cookie_created_timestamp": self.LOID_CREATED_MS,
"session_id": self.SESSION_ID,
"oauth_client_id": None,
"device_id": self.DEVICE_ID,
},
)
@unittest.skipIf(not cryptography_installed, "cryptography not installed")
def test_expired_token(self):
request_context = self.factory.from_upstream(
SERIALIZED_EDGECONTEXT_WITH_EXPIRED_AUTH)
with self.assertRaises(NoAuthenticationError):
request_context.user.id
with self.assertRaises(NoAuthenticationError):
request_context.user.roles
with self.assertRaises(NoAuthenticationError):
request_context.oauth_client.id
with self.assertRaises(NoAuthenticationError):
request_context.oauth_client.is_type("third_party")
self.assertFalse(request_context.user.is_logged_in)
self.assertEqual(request_context.user.loid, self.LOID_ID)
self.assertEqual(request_context.user.cookie_created_ms,
self.LOID_CREATED_MS)
self.assertEqual(request_context.session.id, self.SESSION_ID)
self.assertEqual(
request_context.event_fields(),
{
"user_id": self.LOID_ID,
"logged_in": False,
"cookie_created_timestamp": self.LOID_CREATED_MS,
"session_id": self.SESSION_ID,
"oauth_client_id": None,
},
)
@unittest.skipIf(not cryptography_installed, "cryptography not installed")
def test_anonymous_token(self):
request_context = self.factory.from_upstream(
SERIALIZED_EDGECONTEXT_WITH_ANON_AUTH)
with self.assertRaises(NoAuthenticationError):
request_context.user.id
self.assertFalse(request_context.user.is_logged_in)
self.assertEqual(request_context.user.loid, self.LOID_ID)
self.assertEqual(request_context.user.cookie_created_ms,
self.LOID_CREATED_MS)
self.assertEqual(request_context.session.id, self.SESSION_ID)
self.assertTrue(request_context.user.has_role("anonymous"))