def test_fail_to_retrieve_public_key_v2(self):
KeyHolder.get_public_key = MagicMock(return_value="")
self.authenticator.signed = Signed.from_headers(self.v2_headers)
with self.assertRaises(UnableToAuthenticateError) as exc:
self.authenticator._authenticate()
self.assertEqual(str(exc.exception),
"Unable to identify Public Key type from Signature.")
def test_protocol_test_suite(self):
for case_path in TEST_SUITE.cases():
parser = ProtocolTestSuiteParser(case_path)
request_signable = RequestSignable(**parser.request_attributes)
signed_headers_v2 = TEST_SUITE.signer.signed_headers_v2(
request_signable, TEST_SUITE.additional_attributes)
if "authentication-only" not in case_path:
with self.subTest(test="string_to_sign_v2",
case_name=parser.case_name):
string_to_sign = request_signable.string_to_sign_v2(
TEST_SUITE.additional_attributes)
self.assertEqual(string_to_sign.decode("utf-8"),
parser.sts)
with self.subTest(test="signature",
case_name=parser.case_name):
self.assertEqual(
TEST_SUITE.signer.signature_v2(parser.sts), parser.sig)
with self.subTest(test="authentication headers",
case_name=parser.case_name):
self.assertEqual(signed_headers_v2, parser.auth_headers)
with self.subTest(test="authentication",
case_name=parser.case_name):
signed = Signed.from_headers(signed_headers_v2)
authenticator = LocalAuthenticator(request_signable, signed,
self.logger)
self.assertTrue(authenticator._authenticate())
def test_from_headers_v2(self):
signed = Signed.from_headers(MWSV2_HEADERS)
self.assertEqual(signed.protocol_version(), 2)
self.assertEqual(signed.mcc_time, EPOCH)
self.assertEqual(signed.token, "MWSV2")
self.assertEqual(signed.app_uuid, APP_UUID)
self.assertEqual(signed.signature, MWSV2_SIGNATURE)
def test_from_headers_v1(self):
signed = Signed.from_headers(X_MWS_HEADERS)
self.assertEqual(signed.protocol_version(), 1)
self.assertEqual(signed.x_mws_time, EPOCH)
self.assertEqual(signed.token, "MWS")
self.assertEqual(signed.app_uuid, APP_UUID)
self.assertEqual(signed.signature, X_MWS_SIGNATURE)
def test_from_headers_missing_header(self):
signed = Signed.from_headers({})
self.assertEqual(signed.protocol_version(), None)
self.assertEqual(signed.mcc_time, "")
self.assertEqual(signed.token, "")
self.assertEqual(signed.app_uuid, "")
self.assertEqual(signed.signature, "")
def test_authentication_v2_does_not_authenticate_500(self):
self.authenticator.signed = Signed.from_headers(self.v2_headers)
with requests_mock.mock() as requests:
requests.post(MAUTH_AUTHENTICATION_URL, status_code=500)
with self.assertRaises(UnableToAuthenticateError) as exc:
self.authenticator._authenticate()
self.assertEqual(str(exc.exception),
"The mAuth service responded with 500: ")
def test_authentication_v2_does_not_authenticate_a_false_message(self):
self.authenticator.signed = Signed.from_headers(self.v2_headers)
self.authenticator.signable = RequestSignable(method="GET",
url=URL,
body=BODY)
with self.assertRaises(InauthenticError) as exc:
self.authenticator._authenticate()
self.assertEqual(str(exc.exception),
"Signature verification failed for request.")
def authenticate(self, signed_request):
"""
Authenticates a request
:param signed_request: Request object
:type request: werkzeug.wrappers.BaseRequest
:return: Is the request authentic, Status Code, Message
:rtype: bool, int, str
"""
signable = RequestSignable(method=signed_request.method, url=signed_request.path, body=signed_request.data)
return self._authenticator(signable, Signed.from_headers(signed_request.headers), logger).is_authentic()
def test_from_headers_bad_header(self):
bad_header = {
"MCC-Time": EPOCH,
"MCC-Authentication": X_MWS_AUTHENTICATION
}
signed = Signed.from_headers(bad_header)
self.assertEqual(signed.protocol_version(), 2)
self.assertEqual(signed.mcc_time, EPOCH)
self.assertEqual(signed.token, "")
self.assertEqual(signed.app_uuid, "")
self.assertEqual(signed.signature, "")
def setUp(self):
self.__get_public_key__ = KeyHolder.get_public_key
KeyHolder.get_public_key = MagicMock(return_value=load_key("rsapub"))
Config.V2_ONLY_AUTHENTICATE = False
self.logger = logging.getLogger()
self.v1_headers = copy.deepcopy(X_MWS_HEADERS)
self.v2_headers = copy.deepcopy(MWSV2_HEADERS)
self.signable = RequestSignable(method="POST", url=URL, body=BODY)
self.authenticator = LocalAuthenticator(
self.signable, Signed.from_headers(self.v1_headers), self.logger)
def setUp(self):
Config.V2_ONLY_AUTHENTICATE = False
RemoteAuthenticator._MAUTH = {
"auth": MagicMock(),
"url": MAUTH_AUTHENTICATION_URL
}
self.logger = logging.getLogger()
self.v1_headers = copy.deepcopy(X_MWS_HEADERS)
self.v2_headers = copy.deepcopy(MWSV2_HEADERS)
self.signable = RequestSignable(method="POST", url=URL, body=BODY)
self.signed = Signed.from_headers(self.v1_headers)
self.authenticator = RemoteAuthenticator(self.signable, self.signed,
self.logger)
def test_authentication_v2_happy_path(self):
expected_ticket_v2 = {
"authentication_ticket": {
"verb": "POST",
"app_uuid": APP_UUID,
"client_signature": MWSV2_SIGNATURE,
"request_url": "/sandbox/path",
"request_time": EPOCH,
"b64encoded_body": "44GT44KT44Gr44Gh44Gvw4Y=",
"query_string": "",
"token": "MWSV2",
}
}
self.authenticator.signed = Signed.from_headers(self.v2_headers)
with requests_mock.mock() as requests:
requests.post(MAUTH_AUTHENTICATION_URL, status_code=200)
result = self.authenticator._authenticate()
self.assertTrue(result)
self.assertEqual(requests.last_request.json(), expected_ticket_v2)
def test_authentication_v2_happy_path(self):
self.authenticator.signed = Signed.from_headers(self.v2_headers)
self.assertTrue(self.authenticator._authenticate())
def __init__(self, headers, v2_only_authenticate=False, method="POST"):
Config.V2_ONLY_AUTHENTICATE = v2_only_authenticate
signable = RequestSignable(method=method, url=URL, body=BODY)
super().__init__(signable, Signed.from_headers(headers),
logging.getLogger())
def test_authentication_v2_happy_path_multiple_versions(self):
self.v2_headers[
"MCC-Authentication"] = "RWS {app_uuid}:ABC;{mwsv2_authentication};MWSV3 {app_uuid}:DEF".format(
app_uuid=APP_UUID, mwsv2_authentication=MWSV2_AUTHENTICATION)
self.authenticator.signed = Signed.from_headers(self.v2_headers)
self.assertTrue(self.authenticator._authenticate())
def test_authentication_v2_happy_path_pub_key(self):
self.authenticator.signed = Signed.from_headers(self.v2_headers)
KeyHolder.get_public_key = MagicMock(return_value=load_key("pub"))
self.assertTrue(self.authenticator._authenticate())
def __init__(self, method, url, headers, body):
logger = logging.getLogger()
signable = RequestSignable(method=method, url=url, body=body)
authenticator = LocalAuthenticator if Config.MAUTH_MODE == "local" else RemoteAuthenticator
self._authenticator = authenticator(signable, Signed.from_headers(headers), logger)