def test_cache_auth_token_invalid_permissions(self):
shell = Shell()
username = '******'
cached_token_path = shell._get_cached_token_path_for_user(
username=username)
expiry = datetime.datetime.utcnow() + datetime.timedelta(seconds=30)
token_db = TokenDB(user=username, token='fyeah', expiry=expiry)
cached_token_path = shell._get_cached_token_path_for_user(
username=username)
data = {
'token': 'yayvalid',
'expire_timestamp': (int(time.time()) + 20)
}
with open(cached_token_path, 'w') as fp:
fp.write(json.dumps(data))
# 1. Current user has no write access to the parent directory
os.chmod(self._mock_config_directory_path, 0o000)
shell.LOG = mock.Mock()
shell._cache_auth_token(token_obj=token_db)
self.assertEqual(shell.LOG.warn.call_count, 1)
log_message = shell.LOG.warn.call_args[0][0]
expected_msg = (
'Unable to write token to .*? doesn\'t have write access to the parent '
'directory')
self.assertRegexpMatches(log_message, expected_msg)
# 2. Current user has no write access to the cached token file
os.chmod(self._mock_config_directory_path, 0o777) # nosec
os.chmod(cached_token_path, 0o000)
shell.LOG = mock.Mock()
shell._cache_auth_token(token_obj=token_db)
self.assertEqual(shell.LOG.warn.call_count, 1)
log_message = shell.LOG.warn.call_args[0][0]
expected_msg = (
'Unable to write token to .*? doesn\'t have write access to this file'
)
self.assertRegexpMatches(log_message, expected_msg)
def test_get_cached_auth_token_invalid_permissions(self):
shell = Shell()
client = Client()
username = '******'
password = '******'
cached_token_path = shell._get_cached_token_path_for_user(username=username)
data = {
'token': 'yayvalid',
'expire_timestamp': (int(time.time()) + 20)
}
with open(cached_token_path, 'w') as fp:
fp.write(json.dumps(data))
# 1. Current user doesn't have read access to the config directory
os.chmod(self._mock_config_directory_path, 0000)
shell.LOG = mock.Mock()
result = shell._get_cached_auth_token(client=client, username=username,
password=password)
self.assertEqual(result, None)
self.assertEqual(shell.LOG.warn.call_count, 1)
log_message = shell.LOG.warn.call_args[0][0]
expected_msg = ('Unable to retrieve cached token from .*? read access to the parent '
'directory')
self.assertRegexpMatches(log_message, expected_msg)
# 2. Read access on the directory, but not on the cached token file
os.chmod(self._mock_config_directory_path, 0777) # nosec
os.chmod(cached_token_path, 0000)
shell.LOG = mock.Mock()
result = shell._get_cached_auth_token(client=client, username=username,
password=password)
self.assertEqual(result, None)
self.assertEqual(shell.LOG.warn.call_count, 1)
log_message = shell.LOG.warn.call_args[0][0]
expected_msg = ('Unable to retrieve cached token from .*? read access to this file')
self.assertRegexpMatches(log_message, expected_msg)
# 3. Other users also have read access to the file
os.chmod(self._mock_config_directory_path, 0777) # nosec
os.chmod(cached_token_path, 0444)
shell.LOG = mock.Mock()
result = shell._get_cached_auth_token(client=client, username=username,
password=password)
self.assertEqual(result, 'yayvalid')
self.assertEqual(shell.LOG.warn.call_count, 1)
log_message = shell.LOG.warn.call_args[0][0]
expected_msg = ('Permissions .*? for cached token file .*? are to permissive')
self.assertRegexpMatches(log_message, expected_msg)
def test_get_cached_auth_token_invalid_permissions(self):
shell = Shell()
client = Client()
username = '******'
password = '******'
cached_token_path = shell._get_cached_token_path_for_user(username=username)
data = {
'token': 'yayvalid',
'expire_timestamp': (int(time.time()) + 20)
}
with open(cached_token_path, 'w') as fp:
fp.write(json.dumps(data))
# 1. Current user doesn't have read access to the config directory
os.chmod(self._mock_config_directory_path, 0o000)
shell.LOG = mock.Mock()
result = shell._get_cached_auth_token(client=client, username=username,
password=password)
self.assertEqual(result, None)
self.assertEqual(shell.LOG.warn.call_count, 1)
log_message = shell.LOG.warn.call_args[0][0]
expected_msg = ('Unable to retrieve cached token from .*? read access to the parent '
'directory')
self.assertRegexpMatches(log_message, expected_msg)
# 2. Read access on the directory, but not on the cached token file
os.chmod(self._mock_config_directory_path, 0o777) # nosec
os.chmod(cached_token_path, 0o000)
shell.LOG = mock.Mock()
result = shell._get_cached_auth_token(client=client, username=username,
password=password)
self.assertEqual(result, None)
self.assertEqual(shell.LOG.warn.call_count, 1)
log_message = shell.LOG.warn.call_args[0][0]
expected_msg = ('Unable to retrieve cached token from .*? read access to this file')
self.assertRegexpMatches(log_message, expected_msg)
# 3. Other users also have read access to the file
os.chmod(self._mock_config_directory_path, 0o777) # nosec
os.chmod(cached_token_path, 0o444)
shell.LOG = mock.Mock()
result = shell._get_cached_auth_token(client=client, username=username,
password=password)
self.assertEqual(result, 'yayvalid')
self.assertEqual(shell.LOG.warn.call_count, 1)
log_message = shell.LOG.warn.call_args[0][0]
expected_msg = ('Permissions .*? for cached token file .*? are too permissive.*')
self.assertRegexpMatches(log_message, expected_msg)
def test_cache_auth_token_invalid_permissions(self):
shell = Shell()
username = '******'
cached_token_path = shell._get_cached_token_path_for_user(username=username)
expiry = datetime.datetime.utcnow() + datetime.timedelta(seconds=30)
token_db = TokenDB(user=username, token='fyeah', expiry=expiry)
cached_token_path = shell._get_cached_token_path_for_user(username=username)
data = {
'token': 'yayvalid',
'expire_timestamp': (int(time.time()) + 20)
}
with open(cached_token_path, 'w') as fp:
fp.write(json.dumps(data))
# 1. Current user has no write access to the parent directory
os.chmod(self._mock_config_directory_path, 0000)
shell.LOG = mock.Mock()
shell._cache_auth_token(token_obj=token_db)
self.assertEqual(shell.LOG.warn.call_count, 1)
log_message = shell.LOG.warn.call_args[0][0]
expected_msg = ('Unable to write token to .*? doesn\'t have write access to the parent '
'directory')
self.assertRegexpMatches(log_message, expected_msg)
# 2. Current user has no write access to the cached token file
os.chmod(self._mock_config_directory_path, 0777) # nosec
os.chmod(cached_token_path, 0000)
shell.LOG = mock.Mock()
shell._cache_auth_token(token_obj=token_db)
self.assertEqual(shell.LOG.warn.call_count, 1)
log_message = shell.LOG.warn.call_args[0][0]
expected_msg = ('Unable to write token to .*? doesn\'t have write access to this file')
self.assertRegexpMatches(log_message, expected_msg)
def test_get_cached_auth_token_corrupted_token_cache_file(self):
client = Client()
shell = Shell()
username = '******'
password = '******'
cached_token_path = shell._get_cached_token_path_for_user(username=username)
with open(cached_token_path, 'w') as fp:
fp.write('CORRRRRUPTED!')
expected_msg = 'File (.+) with cached token is corrupted or invalid'
self.assertRaisesRegexp(ValueError, expected_msg, shell._get_cached_auth_token,
client=client, username=username, password=password)
def test_get_cached_auth_token_valid_token_in_cache_file(self):
client = Client()
shell = Shell()
username = "******"
password = "******"
cached_token_path = shell._get_cached_token_path_for_user(username=username)
data = {"token": "yayvalid", "expire_timestamp": (int(time.time()) + 20)}
with open(cached_token_path, "w") as fp:
fp.write(json.dumps(data))
result = shell._get_cached_auth_token(
client=client, username=username, password=password
)
self.assertEqual(result, "yayvalid")
def test_get_cached_auth_token_valid_token_in_cache_file(self):
client = Client()
shell = Shell()
username = '******'
password = '******'
cached_token_path = shell._get_cached_token_path_for_user(username=username)
data = {
'token': 'yayvalid',
'expire_timestamp': (int(time.time()) + 20)
}
with open(cached_token_path, 'w') as fp:
fp.write(json.dumps(data))
result = shell._get_cached_auth_token(client=client, username=username,
password=password)
self.assertEqual(result, 'yayvalid')
def test_get_cached_auth_token_corrupted_token_cache_file(self):
client = Client()
shell = Shell()
username = "******"
password = "******"
cached_token_path = shell._get_cached_token_path_for_user(username=username)
with open(cached_token_path, "w") as fp:
fp.write("CORRRRRUPTED!")
expected_msg = "File (.+) with cached token is corrupted or invalid"
self.assertRaisesRegexp(
ValueError,
expected_msg,
shell._get_cached_auth_token,
client=client,
username=username,
password=password,
)
