def get(cls, value):
result = cls.query(token=value).first()
if not result:
raise TokenNotFoundError()
return result
class TestTokenValidation(AuthMiddlewareTest):
@mock.patch.object(
Token, 'get',
mock.Mock(return_value=TokenDB(id=OBJ_ID, user=USER, token=TOKEN, expiry=FUTURE)))
def test_token_validation_token_in_headers(self):
response = self.app.get('/v1/actions', headers={'X-Auth-Token': TOKEN},
expect_errors=False)
self.assertEqual(response.status_int, 200)
@mock.patch.object(
Token, 'get',
mock.Mock(return_value=TokenDB(id=OBJ_ID, user=USER, token=TOKEN, expiry=FUTURE)))
def test_token_validation_token_in_query_params(self):
response = self.app.get('/v1/actions?x-auth-token=%s' % (TOKEN), expect_errors=False)
self.assertEqual(response.status_int, 200)
@mock.patch.object(
Token, 'get',
mock.Mock(return_value=TokenDB(id=OBJ_ID, user=USER, token=TOKEN, expiry=PAST)))
def test_token_expired(self):
response = self.app.get('/v1/actions', headers={'X-Auth-Token': TOKEN},
expect_errors=True)
self.assertEqual(response.status_int, 401)
@mock.patch.object(
Token, 'get', mock.MagicMock(side_effect=TokenNotFoundError()))
def test_token_not_found(self):
response = self.app.get('/v1/actions', headers={'X-Auth-Token': TOKEN},
expect_errors=True)
self.assertEqual(response.status_int, 401)
def test_token_not_provided(self):
response = self.app.get('/v1/actions', expect_errors=True)
self.assertEqual(response.status_int, 401)
class TestTokenBasedAuth(FunctionalTest):
enable_auth = True
@mock.patch.object(Token, 'get',
mock.Mock(return_value=TokenDB(
id=OBJ_ID, user=USER, token=TOKEN, expiry=FUTURE)))
def test_token_validation_token_in_headers(self):
response = self.app.get('/v1/actions',
headers={'X-Auth-Token': TOKEN},
expect_errors=False)
self.assertTrue('application/json' in response.headers['content-type'])
self.assertEqual(response.status_int, 200)
@mock.patch.object(Token, 'get',
mock.Mock(return_value=TokenDB(
id=OBJ_ID, user=USER, token=TOKEN, expiry=FUTURE)))
def test_token_validation_token_in_query_params(self):
response = self.app.get('/v1/actions?x-auth-token=%s' % (TOKEN),
expect_errors=False)
self.assertTrue('application/json' in response.headers['content-type'])
self.assertEqual(response.status_int, 200)
@mock.patch.object(Token, 'get',
mock.Mock(return_value=TokenDB(
id=OBJ_ID, user=USER, token=TOKEN, expiry=PAST)))
def test_token_expired(self):
response = self.app.get('/v1/actions',
headers={'X-Auth-Token': TOKEN},
expect_errors=True)
self.assertTrue('application/json' in response.headers['content-type'])
self.assertEqual(response.status_int, 401)
@mock.patch.object(Token, 'get',
mock.MagicMock(side_effect=TokenNotFoundError()))
def test_token_not_found(self):
response = self.app.get('/v1/actions',
headers={'X-Auth-Token': TOKEN},
expect_errors=True)
self.assertTrue('application/json' in response.headers['content-type'])
self.assertEqual(response.status_int, 401)
def test_token_not_provided(self):
response = self.app.get('/v1/actions', expect_errors=True)
self.assertTrue('application/json' in response.headers['content-type'])
self.assertEqual(response.status_int, 401)
class TestTokenBasedAuth(FunctionalTest):
enable_auth = True
@mock.patch.object(
Token,
"get",
mock.Mock(
return_value=TokenDB(id=OBJ_ID, user=USER, token=TOKEN, expiry=FUTURE)
),
)
@mock.patch.object(User, "get_by_name", mock.Mock(return_value=USER_DB))
def test_token_validation_token_in_headers(self):
response = self.app.get(
"/v1/actions", headers={"X-Auth-Token": TOKEN}, expect_errors=False
)
self.assertIn("application/json", response.headers["content-type"])
self.assertEqual(response.status_int, 200)
@mock.patch.object(
Token,
"get",
mock.Mock(
return_value=TokenDB(id=OBJ_ID, user=USER, token=TOKEN, expiry=FUTURE)
),
)
@mock.patch.object(User, "get_by_name", mock.Mock(return_value=USER_DB))
def test_token_validation_token_in_query_params(self):
response = self.app.get(
"/v1/actions?x-auth-token=%s" % (TOKEN), expect_errors=False
)
self.assertIn("application/json", response.headers["content-type"])
self.assertEqual(response.status_int, 200)
@mock.patch.object(
Token,
"get",
mock.Mock(
return_value=TokenDB(id=OBJ_ID, user=USER, token=TOKEN, expiry=FUTURE)
),
)
@mock.patch.object(User, "get_by_name", mock.Mock(return_value=USER_DB))
def test_token_validation_token_in_cookies(self):
response = self.app.get(
"/v1/actions", headers={"X-Auth-Token": TOKEN}, expect_errors=False
)
self.assertIn("application/json", response.headers["content-type"])
self.assertEqual(response.status_int, 200)
with mock.patch.object(self.app.cookiejar, "clear", return_value=None):
response = self.app.get("/v1/actions", expect_errors=False)
self.assertIn("application/json", response.headers["content-type"])
self.assertEqual(response.status_int, 200)
@mock.patch.object(
Token,
"get",
mock.Mock(return_value=TokenDB(id=OBJ_ID, user=USER, token=TOKEN, expiry=PAST)),
)
def test_token_expired(self):
response = self.app.get(
"/v1/actions", headers={"X-Auth-Token": TOKEN}, expect_errors=True
)
self.assertIn("application/json", response.headers["content-type"])
self.assertEqual(response.status_int, 401)
@mock.patch.object(Token, "get", mock.MagicMock(side_effect=TokenNotFoundError()))
def test_token_not_found(self):
response = self.app.get(
"/v1/actions", headers={"X-Auth-Token": TOKEN}, expect_errors=True
)
self.assertIn("application/json", response.headers["content-type"])
self.assertEqual(response.status_int, 401)
def test_token_not_provided(self):
response = self.app.get("/v1/actions", expect_errors=True)
self.assertIn("application/json", response.headers["content-type"])
self.assertEqual(response.status_int, 401)
def get(cls, value):
for model_object in TokenDB.objects(token=value):
return model_object
raise TokenNotFoundError()
class TestTokenBasedAuth(FunctionalTest):
enable_auth = True
@mock.patch.object(
Token,
"get",
mock.Mock(return_value=TokenDB(
id=OBJ_ID, user=USER, token=TOKEN, expiry=FUTURE)),
)
@mock.patch.object(User, "get_by_name", mock.Mock(return_value=USER_DB))
def test_token_validation_token_in_headers(self):
response = self.app.get("/v1/actions",
headers={"X-Auth-Token": TOKEN},
expect_errors=False)
self.assertIn("application/json", response.headers["content-type"])
self.assertEqual(response.status_int, 200)
@mock.patch.object(
Token,
"get",
mock.Mock(return_value=TokenDB(
id=OBJ_ID, user=USER, token=TOKEN, expiry=FUTURE)),
)
@mock.patch.object(User, "get_by_name", mock.Mock(return_value=USER_DB))
def test_token_validation_token_in_query_params(self):
response = self.app.get("/v1/actions?x-auth-token=%s" % (TOKEN),
expect_errors=False)
self.assertIn("application/json", response.headers["content-type"])
self.assertEqual(response.status_int, 200)
@mock.patch.object(
Token,
"get",
mock.Mock(return_value=TokenDB(
id=OBJ_ID, user=USER, token=TOKEN, expiry=FUTURE)),
)
@mock.patch.object(User, "get_by_name", mock.Mock(return_value=USER_DB))
def test_token_validation_token_in_query_params_auth_cookie_is_set(self):
response = self.app.get("/v1/actions?x-auth-token=%s" % (TOKEN),
expect_errors=False)
self.assertIn("application/json", response.headers["content-type"])
self.assertEqual(response.status_int, 200)
self.assertTrue("Set-Cookie" in response.headers)
self.assertTrue("HttpOnly" in response.headers["Set-Cookie"])
# Also test same cookie values + secure
valid_values = ["strict", "lax", "none", "unset"]
for value in valid_values:
cfg.CONF.set_override(group="api",
name="auth_cookie_same_site",
override=value)
cfg.CONF.set_override(group="api",
name="auth_cookie_secure",
override=True)
response = self.app.get("/v1/actions?x-auth-token=%s" % (TOKEN),
expect_errors=False)
self.assertIn("application/json", response.headers["content-type"])
self.assertEqual(response.status_int, 200)
self.assertTrue("Set-Cookie" in response.headers)
self.assertTrue("HttpOnly" in response.headers["Set-Cookie"])
if value == "unset":
self.assertFalse("SameSite" in response.headers["Set-Cookie"])
else:
self.assertTrue("SameSite=%s" %
(value) in response.headers["Set-Cookie"])
self.assertTrue("secure" in response.headers["Set-Cookie"])
# SameSite=Lax, Secure=False
cfg.CONF.set_override(group="api",
name="auth_cookie_same_site",
override="lax")
cfg.CONF.set_override(group="api",
name="auth_cookie_secure",
override=False)
response = self.app.get("/v1/actions?x-auth-token=%s" % (TOKEN),
expect_errors=False)
self.assertIn("application/json", response.headers["content-type"])
self.assertEqual(response.status_int, 200)
self.assertTrue("Set-Cookie" in response.headers)
self.assertTrue("HttpOnly" in response.headers["Set-Cookie"])
self.assertTrue("SameSite=lax" in response.headers["Set-Cookie"])
self.assertTrue("secure" not in response.headers["Set-Cookie"])
@mock.patch.object(
Token,
"get",
mock.Mock(return_value=TokenDB(
id=OBJ_ID, user=USER, token=TOKEN, expiry=FUTURE)),
)
@mock.patch.object(User, "get_by_name", mock.Mock(return_value=USER_DB))
def test_token_validation_token_in_cookies(self):
response = self.app.get("/v1/actions",
headers={"X-Auth-Token": TOKEN},
expect_errors=False)
self.assertIn("application/json", response.headers["content-type"])
self.assertEqual(response.status_int, 200)
with mock.patch.object(self.app.cookiejar, "clear", return_value=None):
response = self.app.get("/v1/actions", expect_errors=False)
self.assertIn("application/json", response.headers["content-type"])
self.assertEqual(response.status_int, 200)
@mock.patch.object(
Token,
"get",
mock.Mock(return_value=TokenDB(
id=OBJ_ID, user=USER, token=TOKEN, expiry=PAST)),
)
def test_token_expired(self):
response = self.app.get("/v1/actions",
headers={"X-Auth-Token": TOKEN},
expect_errors=True)
self.assertIn("application/json", response.headers["content-type"])
self.assertEqual(response.status_int, 401)
@mock.patch.object(Token, "get",
mock.MagicMock(side_effect=TokenNotFoundError()))
def test_token_not_found(self):
response = self.app.get("/v1/actions",
headers={"X-Auth-Token": TOKEN},
expect_errors=True)
self.assertIn("application/json", response.headers["content-type"])
self.assertEqual(response.status_int, 401)
def test_token_not_provided(self):
response = self.app.get("/v1/actions", expect_errors=True)
self.assertIn("application/json", response.headers["content-type"])
self.assertEqual(response.status_int, 401)