def setUp(self):
twisted.internet.base.DelayedCall.debug = True
settings = endpoint.RegistrationHandler.ap_settings =\
AutopushSettings(
hostname="localhost",
statsd_host=None,
auth_key='AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB=',
)
self.fernet_mock = settings.fernet = Mock(spec=Fernet)
self.metrics_mock = settings.metrics = Mock(spec=Metrics)
self.router_mock = settings.router = Mock(spec=Router)
self.storage_mock = settings.storage = Mock(spec=Storage)
self.senderIDs_mock = settings.senderIDs = Mock(spec=SenderIDs)
self.senderIDs_mock.get_ID.return_value = "test_senderid"
self.router_mock.check_token = Mock()
self.router_mock.check_token.return_value = (True, 'test')
self.router_mock.register_user = Mock()
self.router_mock.register_user.return_value = (True, {}, {})
settings.routers["test"] = self.router_mock
self.request_mock = Mock(body=b'', arguments={}, headers={})
self.reg = endpoint.RegistrationHandler(Application(),
self.request_mock,
ap_settings=settings)
self.status_mock = self.reg.set_status = Mock()
self.write_mock = self.reg.write = Mock()
self.auth = ("Bearer %s" %
generate_hash(self.reg.ap_settings.auth_key[0],
dummy_uaid))
d = self.finish_deferred = Deferred()
self.reg.finish = lambda: d.callback(True)
self.settings = settings
def _validate_auth(self, uaid):
"""Validates the Authorization header in a request
Validate the given request bearer token
"""
test, _ = validate_uaid(uaid)
if not test:
return False
header = self.request.headers.get("Authorization")
if header is None:
return False
try:
token_type, rtoken = re.sub(r' +', ' ',
header.strip()).split(" ", 2)
except ValueError:
return False
if "bearer" != token_type.lower():
return False
if self.ap_settings.auth_key:
for key in self.ap_settings.auth_key:
token = generate_hash(key, uaid)
if rtoken == token:
return True
return False
else:
return True
def _validate_auth(self, uaid):
"""Validates the Authorization header in a request
Validate the given request bearer token
"""
test, _ = validate_uaid(uaid)
if not test:
return False
header = self.request.headers.get("Authorization")
if header is None:
return False
try:
token_type, rtoken = re.sub(r' +', ' ',
header.strip()).split(" ", 2)
except ValueError:
return False
if AUTH_SCHEME != token_type.lower():
return False
if self.ap_settings.bear_hash_key:
for key in self.ap_settings.bear_hash_key:
token = generate_hash(key, uaid)
if rtoken == token:
return True
return False
else:
return True
def setUp(self):
twisted.internet.base.DelayedCall.debug = True
conf = AutopushConfig(
hostname="localhost",
statsd_host=None,
bear_hash_key='AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB=',
)
self.fernet_mock = conf.fernet = Mock(spec=Fernet)
self.db = db = test_db()
db.router = Mock(spec=Router)
db.router.register_user.return_value = (True, {}, {})
db.router.get_uaid.return_value = {
"router_type": "test",
"router_data": dict()
}
db.create_initial_message_tables()
self.routers = routers = routers_from_config(conf, db, Mock())
routers["test"] = Mock(spec=IRouter)
app = EndpointHTTPFactory(conf, db=db, routers=routers)
self.client = Client(app)
self.request_mock = Mock(body=b'', arguments={}, headers={})
self.reg = NewRegistrationHandler(app, self.request_mock)
self.auth = ("WebPush %s" %
generate_hash(conf.bear_hash_key[0], dummy_uaid.hex))
self.conf = conf
def setUp(self):
twisted.internet.base.DelayedCall.debug = True
settings = AutopushSettings(
hostname="localhost",
statsd_host=None,
bear_hash_key='AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB=',
)
self.fernet_mock = settings.fernet = Mock(spec=Fernet)
self.metrics_mock = settings.metrics = Mock(spec=Metrics)
self.router_mock = settings.router = Mock(spec=Router)
self.storage_mock = settings.storage = Mock(spec=Storage)
self.router_mock.register_user = Mock()
self.router_mock.register_user.return_value = (True, {}, {})
settings.routers["test"] = Mock(spec=IRouter)
settings.router.get_uaid.return_value = {
"router_type": "test",
"router_data": dict()
}
self.request_mock = Mock(body=b'', arguments={}, headers={})
self.reg = RegistrationHandler(Application(),
self.request_mock,
ap_settings=settings)
self.reg.request.uri = '/v1/xxx/yyy/register'
self.status_mock = self.reg.set_status = Mock()
self.write_mock = self.reg.write = Mock()
self.auth = ("WebPush %s" %
generate_hash(self.reg.ap_settings.bear_hash_key[0],
dummy_uaid.hex))
d = self.finish_deferred = Deferred()
self.reg.finish = lambda: d.callback(True)
self.settings = settings
def _write_endpoint(self,
endpoint,
uaid,
chid,
router_type,
router_data,
new_uaid=False):
# type: (str, uuid.UUID, str, str, JSONDict, bool) -> None
"""Write the JSON response of the created endpoint"""
response = dict(channelID=chid, endpoint=endpoint)
if new_uaid:
secret = None
if self.conf.bear_hash_key:
secret = generate_hash(self.conf.bear_hash_key[0], uaid.hex)
response.update(uaid=uaid.hex, secret=secret)
# Apply any router specific fixes to the outbound response.
router = self.routers[router_type]
router.amend_endpoint_response(response, router_data)
self.set_header("Content-Type", "application/json")
self.write(json.dumps(response))
self.log.info("Register",
client_info=self._client_info,
endpoint=endpoint,
uaid_hash=hasher(uaid.hex))
self.finish()
def validate_auth(self, data):
request_pref_header = {'www-authenticate': PREF_SCHEME}
auth = data["headers"].get("authorization")
if not auth:
raise InvalidRequest("Unauthorized", status_code=401, errno=109,
headers=request_pref_header)
try:
auth_type, auth_token = re.sub(
r' +', ' ', auth.strip()).split(" ", 2)
except ValueError:
raise InvalidRequest("Invalid Authentication",
status_code=401,
errno=109,
headers=request_pref_header)
if auth_type.lower() not in AUTH_SCHEMES:
raise InvalidRequest("Invalid Authentication",
status_code=401,
errno=109,
headers=request_pref_header)
conf = self.context['conf']
uaid = data["path_kwargs"]["uaid"]
if conf.bear_hash_key:
is_valid = False
for key in conf.bear_hash_key:
test_token = generate_hash(key, uaid.hex)
is_valid |= constant_time.bytes_eq(bytes(test_token),
bytes(auth_token))
if not is_valid:
raise InvalidRequest("Invalid Authentication",
status_code=401,
errno=109,
headers=request_pref_header)
def test_validate_hash(self):
key = str(uuid.uuid4())
payload = str(uuid.uuid4())
hashed = generate_hash(key, payload)
print hashed
eq_(validate_hash(key, payload, hashed), True)
eq_(validate_hash(key, payload, str(uuid.uuid4())), False)
eq_(validate_hash(key, payload, ""), False)
def _return_endpoint(self, endpoint, new_uaid):
"""Called after the endpoint was made and should be returned to the
requestor"""
if new_uaid:
hashed = generate_hash(self.uaid, self.ap_settings.crypto_key)
msg = dict(
uaid=self.uaid,
secret=hashed,
channelID=self.chid,
endpoint=endpoint,
)
else:
msg = dict(channelID=self.chid, endpoint=endpoint)
self.write(json.dumps(msg))
log.msg("Endpoint registered via HTTP", **self._client_info())
self.finish()
def validate_data(self, data):
settings = self.context['settings']
try:
data['router'] = settings.routers[data['router_type']]
except KeyError:
raise InvalidRequest("Invalid router", status_code=400, errno=108)
if data.get('uaid'):
request_pref_header = {'www-authenticate': PREF_SCHEME}
try:
settings.router.get_uaid(data['uaid'].hex)
except ItemNotFound:
raise InvalidRequest("UAID not found",
status_code=410,
errno=103)
if not data.get('auth'):
raise InvalidRequest("Unauthorized",
status_code=401,
errno=109,
headers=request_pref_header)
settings = self.context['settings']
try:
auth_type, auth_token = re.sub(r' +', ' ',
data['auth'].strip()).split(
" ", 2)
except ValueError:
raise InvalidRequest("Invalid Authentication",
status_code=401,
errno=109,
headers=request_pref_header)
if auth_type.lower() not in AUTH_SCHEMES:
raise InvalidRequest("Invalid Authentication",
status_code=401,
errno=109,
headers=request_pref_header)
if settings.bear_hash_key:
is_valid = False
for key in settings.bear_hash_key:
test_token = generate_hash(key, data['uaid'].hex)
is_valid |= constant_time.bytes_eq(bytes(test_token),
bytes(auth_token))
if not is_valid:
raise InvalidRequest("Invalid Authentication",
status_code=401,
errno=109,
headers=request_pref_header)
def _return_endpoint(self, endpoint, new_uaid, router=None):
"""Called after the endpoint was made and should be returned to the
requestor"""
if new_uaid:
hashed = generate_hash(self.ap_settings.crypto_key[0], self.uaid)
msg = dict(
uaid=self.uaid,
secret=hashed,
channelID=self.chid,
endpoint=endpoint,
)
# Apply any router specific fixes to the outbound response.
if router is not None:
msg = router.amend_msg(msg)
else:
msg = dict(channelID=self.chid, endpoint=endpoint)
self.write(json.dumps(msg))
log.msg("Endpoint registered via HTTP", **self._client_info())
self.finish()
def _return_endpoint(self, endpoint, new_uaid, router=None):
"""Called after the endpoint was made and should be returned to the
requestor"""
if new_uaid:
hashed = generate_hash(self.ap_settings.crypto_key[0], self.uaid)
msg = dict(
uaid=self.uaid,
secret=hashed,
channelID=self.chid,
endpoint=endpoint,
)
# Apply any router specific fixes to the outbound response.
if router is not None:
msg = router.amend_msg(msg)
else:
msg = dict(channelID=self.chid, endpoint=endpoint)
self.write(json.dumps(msg))
log.msg("Endpoint registered via HTTP", **self._client_info())
self.finish()
def _validate_auth(self, uaid):
"""Validates the Authorization header in a request
Validate the given request using HAWK.
"""
test, _ = validate_uaid(uaid)
if not test:
return False
for key in self.ap_settings.crypto_key:
secret = generate_hash(key, uaid)
fReq = prequests.Request(
self.request.method,
"%s://%s%s" %
(self.request.protocol, self.request.host, self.request.uri),
headers=self.request.headers,
data=self.request.body).prepare()
if hawkauthlib.check_signature(fReq, secret):
return True
return False
def _validate_auth(self, uaid):
"""Validates the Authorization header in a request
Validate the given request using HAWK.
"""
test, _ = validate_uaid(uaid)
if not test:
return False
for key in self.ap_settings.crypto_key:
secret = generate_hash(key, uaid)
fReq = prequests.Request(
self.request.method,
"%s://%s%s" % (self.request.protocol, self.request.host,
self.request.uri),
headers=self.request.headers,
data=self.request.body).prepare()
if hawkauthlib.check_signature(fReq, secret):
return True
return False
def _return_endpoint(self, endpoint_data, new_uaid, router=None):
"""Called after the endpoint was made and should be returned to the
requestor"""
if new_uaid:
if self.ap_settings.bear_hash_key:
hashed = generate_hash(self.ap_settings.bear_hash_key[0],
self.uaid)
msg = dict(
uaid=self.uaid,
secret=hashed,
channelID=self.chid,
endpoint=endpoint_data[0],
)
# Apply any router specific fixes to the outbound response.
if router is not None:
msg = router.amend_msg(msg,
endpoint_data[1].get('router_data'))
else:
msg = dict(channelID=self.chid, endpoint=endpoint_data[0])
self.write(json.dumps(msg))
self.log.debug(format="Endpoint registered via HTTP",
**self._client_info)
self.finish()
def _return_endpoint(self, endpoint_data, new_uaid, router=None):
"""Called after the endpoint was made and should be returned to the
requestor"""
if new_uaid:
if self.ap_settings.bear_hash_key:
hashed = generate_hash(self.ap_settings.bear_hash_key[0],
self.uaid)
msg = dict(
uaid=self.uaid,
secret=hashed,
channelID=self.chid,
endpoint=endpoint_data[0],
)
# Apply any router specific fixes to the outbound response.
if router is not None:
msg = router.amend_msg(msg,
endpoint_data[1].get('router_data'))
else:
msg = dict(channelID=self.chid, endpoint=endpoint_data[0])
self.write(json.dumps(msg))
self.log.debug(format="Endpoint registered via HTTP",
**self._client_info)
self.finish()
def _write_endpoint(
self,
endpoint, # type: str
uaid, # type: uuid.UUID
chid, # type: str
router=None, # type: Optional[Any]
router_data=None # type: Optional[JSONDict]
):
# type: (...) -> None
"""Write the JSON response of the created endpoint"""
response = dict(channelID=chid, endpoint=endpoint)
if router_data is not None:
# a new uaid
secret = None
if self.ap_settings.bear_hash_key:
secret = generate_hash(self.ap_settings.bear_hash_key[0],
uaid.hex)
response.update(uaid=uaid.hex, secret=secret)
# Apply any router specific fixes to the outbound response.
router.amend_endpoint_response(response, router_data)
self.write(json.dumps(response))
self.log.debug("Endpoint registered via HTTP",
client_info=self._client_info)
self.finish()
def hasher(uaid):
if key_hash:
return generate_hash(key_hash, uaid)
return uaid
def hasher(uaid):
# type: (str) -> str
"""Hashes a key using a key_hash if present"""
if key_hash:
return generate_hash(key_hash, uaid)
return uaid
def hasher(uaid):
if key_hash:
return generate_hash(key_hash, uaid)
return uaid
def _validate_auth(self, uaid):
"""Validates the Authorization header in a request"""
secret = self.ap_settings.crypto_key
hashed = self.request.headers.get("Authorization", "").strip()
key = generate_hash(secret, uaid)
return validate_hash(key, self.request.body, hashed)
