def create_session(config):
session = Session(config)
session.add_authenticator(
create_authenticator(
"cryptosign",
authid="foo",
authrole="role0",
privkey="a" * 64,
))
def joined(session, details):
print("joined: {} {}".format(session, details))
session.config.extra['running'].callback(session)
session.on('join', joined)
def left(session, details):
if "no_such_procedure" in str(details.reason):
session.config.extra['running'].errback(Exception(details.reason))
session.on('leave', left)
def disconnected(*args, **kw):
print("disconnect: {} {}".format(args, kw))
session.on('disconnect', disconnected)
return session
def test_inconsistent_authids(self):
session = Session(mock.Mock())
auth0 = create_authenticator(
"wampcra",
authid="alice",
secret="p4ssw0rd",
)
auth1 = create_authenticator(
"wampcra",
authid="bob",
secret="password42",
)
session.add_authenticator(auth0)
with self.assertRaises(ValueError) as ctx:
session.add_authenticator(auth1)
assert "authids" in str(ctx.exception)
def test_inconsistent_authids(self):
session = Session(mock.Mock())
auth0 = create_authenticator(
"wampcra",
authid=u"alice",
secret=u"p4ssw0rd",
)
auth1 = create_authenticator(
"wampcra",
authid=u"bob",
secret=u"password42",
)
session.add_authenticator(auth0)
with self.assertRaises(ValueError) as ctx:
session.add_authenticator(auth1)
assert "authids" in str(ctx.exception)
def test_authenticator(self):
authenticator = create_authenticator(
u"cryptosign",
authid="someone",
privkey=self.privkey_hex,
)
session = Mock()
session._transport.get_channel_id = Mock(return_value=self.channel_id)
challenge = types.Challenge(u"cryptosign", dict(challenge="ff" * 32))
reply = yield authenticator.on_challenge(session, challenge)
self.assertEqual(
reply.result,
u'9b6f41540c9b95b4b7b281c3042fa9c54cef43c842d62ea3fd6030fcb66e70b3e80d49d44c29d1635da9348d02ec93f3ed1ef227dfb59a07b580095c2b82f80f9d16ca518aa0c2b707f2b2a609edeca73bca8dd59817a633f35574ac6fd80d00',
)
def test_authenticator(self):
authenticator = create_authenticator(
u"cryptosign",
authid="someone",
privkey=self.privkey_hex,
)
session = Mock()
session._transport.get_channel_id = Mock(return_value=self.channel_id)
challenge = types.Challenge(u"cryptosign", dict(challenge="ff" * 32))
reply = yield authenticator.on_challenge(session, challenge)
self.assertEqual(
reply.result,
u'9b6f41540c9b95b4b7b281c3042fa9c54cef43c842d62ea3fd6030fcb66e70b3e80d49d44c29d1635da9348d02ec93f3ed1ef227dfb59a07b580095c2b82f80f9d16ca518aa0c2b707f2b2a609edeca73bca8dd59817a633f35574ac6fd80d00',
)
def on_connect(self):
auth_methods = [u'scram']
auth_role = u'user'
authid = u'{}'.format(self.component_config.session.username)
password = u'{}'.format(self.component_config.session.password)
self.authenticator = create_authenticator(AuthScram.name,
authid=authid,
password=saslprep(password))
self.join(self.config.realm,
authmethods=auth_methods,
authid=authid,
authrole=auth_role,
authextra=self.authenticator.authextra)
def create_session():
session = ProxyBackendSession()
# we will do cryptosign authentication to any backend
if 'auth' in backend_config and 'cryptosign-proxy' in backend_config['auth']:
session.add_authenticator(create_authenticator("cryptosign", privkey=key['hex']))
# we allow anonymous authentication to just unix-sockets
# currently. I don't think it's a good idea to allow any
# anonymous auth to "real" backends over TCP due to
# cross-protocol hijinks (and if a Web browser is running on
# that machine, any website can try to access the "real"
# backend)
if 'auth' not in backend_config or 'anonymous-proxy' in backend_config['auth']:
if backend_config['transport']['endpoint']['type'] == 'unix':
session.add_authenticator(create_authenticator("anonymous"))
else:
raise RuntimeError('anonymous-proxy authenticator only allowed on Unix domain socket based transports, not type "{}"'.format(backend_config['transport']['endpoint']['type']))
def connected(session, transport):
connected_d.callback(session)
session.on('connect', connected)
return session
def test_authenticator(self):
authenticator = create_authenticator(
"cryptosign",
authid="someone",
privkey=self.privkey_hex,
)
session = Mock()
session._transport.transport_details = self.transport_details
challenge = types.Challenge("cryptosign", dict(challenge="ff" * 32))
f_reply = authenticator.on_challenge(session, challenge)
def success(reply):
self.assertEqual(
reply,
'9b6f41540c9b95b4b7b281c3042fa9c54cef43c842d62ea3fd6030fcb66e70b3e80d49d44c29d1635da9348d02ec93f3ed1ef227dfb59a07b580095c2b82f80f9d16ca518aa0c2b707f2b2a609edeca73bca8dd59817a633f35574ac6fd80d00',
)
def failed(err):
self.fail(str(err))
txaio.add_callbacks(f_reply, success, failed)
def create_session():
cfg = ComponentConfig(self._realm, self._extra)
try:
self._session = session = self.session_factory(cfg)
for auth_name, auth_config in self._authentication.items():
if isinstance(auth_config, IAuthenticator):
session.add_authenticator(auth_config)
else:
authenticator = create_authenticator(
auth_name, **auth_config)
session.add_authenticator(authenticator)
except Exception as e:
# couldn't instantiate session calls, which is fatal.
# let the reconnection logic deal with that
f = txaio.create_failure(e)
txaio.reject(done, f)
raise
else:
# hook up the listener to the parent so we can bubble
# up events happning on the session onto the
# connection. This lets you do component.on('join',
# cb) which will work just as if you called
# session.on('join', cb) for every session created.
session._parent = self
# listen on leave events; if we get errors
# (e.g. no_such_realm), an on_leave can happen without
# an on_join before
def on_leave(session, details):
self.log.info(
"session leaving '{details.reason}'",
details=details,
)
if not txaio.is_called(done):
if details.reason in [u"wamp.close.normal"]:
txaio.resolve(done, None)
else:
f = txaio.create_failure(
ApplicationError(details.reason))
txaio.reject(done, f)
session.on('leave', on_leave)
# if we were given a "main" procedure, we run through
# it completely (i.e. until its Deferred fires) and
# then disconnect this session
def on_join(session, details):
transport.connect_sucesses += 1
self.log.debug("session on_join: {details}",
details=details)
d = txaio.as_future(self._entry, reactor, session)
def main_success(_):
self.log.debug("main_success")
def leave():
try:
session.leave()
except SessionNotReady:
# someone may have already called
# leave()
pass
txaio.call_later(0, leave)
def main_error(err):
self.log.debug("main_error: {err}", err=err)
txaio.reject(done, err)
session.disconnect()
txaio.add_callbacks(d, main_success, main_error)
if self._entry is not None:
session.on('join', on_join)
# listen on disconnect events. Note that in case we
# had a "main" procedure, we could have already
# resolve()'d our "done" future
def on_disconnect(session, was_clean):
self.log.debug(
"session on_disconnect: was_clean={was_clean}",
was_clean=was_clean,
)
if not txaio.is_called(done):
if not was_clean:
self.log.warn(u"Session disconnected uncleanly")
else:
# eg the session has left the realm, and the transport was properly
# shut down. successfully finish the connection
txaio.resolve(done, None)
session.on('disconnect', on_disconnect)
# return the fresh session object
return session
def create_session():
cfg = ComponentConfig(self._realm, self._extra)
try:
self._session = session = self.session_factory(cfg)
for auth_name, auth_config in self._authentication.items():
authenticator = create_authenticator(auth_name, **auth_config)
session.add_authenticator(authenticator)
except Exception as e:
# couldn't instantiate session calls, which is fatal.
# let the reconnection logic deal with that
f = txaio.create_failure(e)
txaio.reject(done, f)
raise
else:
# hook up the listener to the parent so we can bubble
# up events happning on the session onto the
# connection. This lets you do component.on('join',
# cb) which will work just as if you called
# session.on('join', cb) for every session created.
session._parent = self
# listen on leave events; if we get errors
# (e.g. no_such_realm), an on_leave can happen without
# an on_join before
def on_leave(session, details):
self.log.info(
"session leaving '{details.reason}'",
details=details,
)
if not txaio.is_called(done):
if details.reason in [u"wamp.error.no_auth_method"]:
txaio.resolve(done, txaio.create_failure(
ApplicationError(
u"wamp.error.no_auth_method"
)
))
else:
txaio.resolve(done, None)
session.on('leave', on_leave)
# if we were given a "main" procedure, we run through
# it completely (i.e. until its Deferred fires) and
# then disconnect this session
def on_join(session, details):
transport.connect_sucesses += 1
self.log.debug("session on_join: {details}", details=details)
d = txaio.as_future(self._entry, reactor, session)
def main_success(_):
self.log.debug("main_success")
def leave():
try:
session.leave()
except SessionNotReady:
# someone may have already called
# leave()
pass
txaio.call_later(0, leave)
def main_error(err):
self.log.debug("main_error: {err}", err=err)
txaio.reject(done, err)
session.disconnect()
txaio.add_callbacks(d, main_success, main_error)
if self._entry is not None:
session.on('join', on_join)
# listen on disconnect events. Note that in case we
# had a "main" procedure, we could have already
# resolve()'d our "done" future
def on_disconnect(session, was_clean):
self.log.debug(
"session on_disconnect: was_clean={was_clean}",
was_clean=was_clean,
)
if not txaio.is_called(done):
if not was_clean:
self.log.warn(
u"Session disconnected uncleanly"
)
# eg the session has left the realm, and the transport was properly
# shut down. successfully finish the connection
txaio.resolve(done, None)
session.on('disconnect', on_disconnect)
# return the fresh session object
return session
