def setUp(self): twisted.internet.base.DelayedCall.debug = True settings = endpoint.RegistrationHandler.ap_settings =\ AutopushSettings( hostname="localhost", statsd_host=None, auth_key='AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB=', ) self.fernet_mock = settings.fernet = Mock(spec=Fernet) self.metrics_mock = settings.metrics = Mock(spec=Metrics) self.router_mock = settings.router = Mock(spec=Router) self.storage_mock = settings.storage = Mock(spec=Storage) self.senderIDs_mock = settings.senderIDs = Mock(spec=SenderIDs) self.senderIDs_mock.get_ID.return_value = "test_senderid" self.router_mock.check_token = Mock() self.router_mock.check_token.return_value = (True, 'test') self.router_mock.register_user = Mock() self.router_mock.register_user.return_value = (True, {}, {}) settings.routers["test"] = self.router_mock self.request_mock = Mock(body=b'', arguments={}, headers={}) self.reg = endpoint.RegistrationHandler(Application(), self.request_mock, ap_settings=settings) self.status_mock = self.reg.set_status = Mock() self.write_mock = self.reg.write = Mock() self.auth = ("Bearer %s" % generate_hash(self.reg.ap_settings.auth_key[0], dummy_uaid)) d = self.finish_deferred = Deferred() self.reg.finish = lambda: d.callback(True) self.settings = settings
def _validate_auth(self, uaid): """Validates the Authorization header in a request Validate the given request bearer token """ test, _ = validate_uaid(uaid) if not test: return False header = self.request.headers.get("Authorization") if header is None: return False try: token_type, rtoken = re.sub(r' +', ' ', header.strip()).split(" ", 2) except ValueError: return False if "bearer" != token_type.lower(): return False if self.ap_settings.auth_key: for key in self.ap_settings.auth_key: token = generate_hash(key, uaid) if rtoken == token: return True return False else: return True
def _validate_auth(self, uaid): """Validates the Authorization header in a request Validate the given request bearer token """ test, _ = validate_uaid(uaid) if not test: return False header = self.request.headers.get("Authorization") if header is None: return False try: token_type, rtoken = re.sub(r' +', ' ', header.strip()).split(" ", 2) except ValueError: return False if AUTH_SCHEME != token_type.lower(): return False if self.ap_settings.bear_hash_key: for key in self.ap_settings.bear_hash_key: token = generate_hash(key, uaid) if rtoken == token: return True return False else: return True
def setUp(self): twisted.internet.base.DelayedCall.debug = True conf = AutopushConfig( hostname="localhost", statsd_host=None, bear_hash_key='AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB=', ) self.fernet_mock = conf.fernet = Mock(spec=Fernet) self.db = db = test_db() db.router = Mock(spec=Router) db.router.register_user.return_value = (True, {}, {}) db.router.get_uaid.return_value = { "router_type": "test", "router_data": dict() } db.create_initial_message_tables() self.routers = routers = routers_from_config(conf, db, Mock()) routers["test"] = Mock(spec=IRouter) app = EndpointHTTPFactory(conf, db=db, routers=routers) self.client = Client(app) self.request_mock = Mock(body=b'', arguments={}, headers={}) self.reg = NewRegistrationHandler(app, self.request_mock) self.auth = ("WebPush %s" % generate_hash(conf.bear_hash_key[0], dummy_uaid.hex)) self.conf = conf
def setUp(self): twisted.internet.base.DelayedCall.debug = True settings = AutopushSettings( hostname="localhost", statsd_host=None, bear_hash_key='AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB=', ) self.fernet_mock = settings.fernet = Mock(spec=Fernet) self.metrics_mock = settings.metrics = Mock(spec=Metrics) self.router_mock = settings.router = Mock(spec=Router) self.storage_mock = settings.storage = Mock(spec=Storage) self.router_mock.register_user = Mock() self.router_mock.register_user.return_value = (True, {}, {}) settings.routers["test"] = Mock(spec=IRouter) settings.router.get_uaid.return_value = { "router_type": "test", "router_data": dict() } self.request_mock = Mock(body=b'', arguments={}, headers={}) self.reg = RegistrationHandler(Application(), self.request_mock, ap_settings=settings) self.reg.request.uri = '/v1/xxx/yyy/register' self.status_mock = self.reg.set_status = Mock() self.write_mock = self.reg.write = Mock() self.auth = ("WebPush %s" % generate_hash(self.reg.ap_settings.bear_hash_key[0], dummy_uaid.hex)) d = self.finish_deferred = Deferred() self.reg.finish = lambda: d.callback(True) self.settings = settings
def _write_endpoint(self, endpoint, uaid, chid, router_type, router_data, new_uaid=False): # type: (str, uuid.UUID, str, str, JSONDict, bool) -> None """Write the JSON response of the created endpoint""" response = dict(channelID=chid, endpoint=endpoint) if new_uaid: secret = None if self.conf.bear_hash_key: secret = generate_hash(self.conf.bear_hash_key[0], uaid.hex) response.update(uaid=uaid.hex, secret=secret) # Apply any router specific fixes to the outbound response. router = self.routers[router_type] router.amend_endpoint_response(response, router_data) self.set_header("Content-Type", "application/json") self.write(json.dumps(response)) self.log.info("Register", client_info=self._client_info, endpoint=endpoint, uaid_hash=hasher(uaid.hex)) self.finish()
def validate_auth(self, data): request_pref_header = {'www-authenticate': PREF_SCHEME} auth = data["headers"].get("authorization") if not auth: raise InvalidRequest("Unauthorized", status_code=401, errno=109, headers=request_pref_header) try: auth_type, auth_token = re.sub( r' +', ' ', auth.strip()).split(" ", 2) except ValueError: raise InvalidRequest("Invalid Authentication", status_code=401, errno=109, headers=request_pref_header) if auth_type.lower() not in AUTH_SCHEMES: raise InvalidRequest("Invalid Authentication", status_code=401, errno=109, headers=request_pref_header) conf = self.context['conf'] uaid = data["path_kwargs"]["uaid"] if conf.bear_hash_key: is_valid = False for key in conf.bear_hash_key: test_token = generate_hash(key, uaid.hex) is_valid |= constant_time.bytes_eq(bytes(test_token), bytes(auth_token)) if not is_valid: raise InvalidRequest("Invalid Authentication", status_code=401, errno=109, headers=request_pref_header)
def test_validate_hash(self): key = str(uuid.uuid4()) payload = str(uuid.uuid4()) hashed = generate_hash(key, payload) print hashed eq_(validate_hash(key, payload, hashed), True) eq_(validate_hash(key, payload, str(uuid.uuid4())), False) eq_(validate_hash(key, payload, ""), False)
def _return_endpoint(self, endpoint, new_uaid): """Called after the endpoint was made and should be returned to the requestor""" if new_uaid: hashed = generate_hash(self.uaid, self.ap_settings.crypto_key) msg = dict( uaid=self.uaid, secret=hashed, channelID=self.chid, endpoint=endpoint, ) else: msg = dict(channelID=self.chid, endpoint=endpoint) self.write(json.dumps(msg)) log.msg("Endpoint registered via HTTP", **self._client_info()) self.finish()
def validate_data(self, data): settings = self.context['settings'] try: data['router'] = settings.routers[data['router_type']] except KeyError: raise InvalidRequest("Invalid router", status_code=400, errno=108) if data.get('uaid'): request_pref_header = {'www-authenticate': PREF_SCHEME} try: settings.router.get_uaid(data['uaid'].hex) except ItemNotFound: raise InvalidRequest("UAID not found", status_code=410, errno=103) if not data.get('auth'): raise InvalidRequest("Unauthorized", status_code=401, errno=109, headers=request_pref_header) settings = self.context['settings'] try: auth_type, auth_token = re.sub(r' +', ' ', data['auth'].strip()).split( " ", 2) except ValueError: raise InvalidRequest("Invalid Authentication", status_code=401, errno=109, headers=request_pref_header) if auth_type.lower() not in AUTH_SCHEMES: raise InvalidRequest("Invalid Authentication", status_code=401, errno=109, headers=request_pref_header) if settings.bear_hash_key: is_valid = False for key in settings.bear_hash_key: test_token = generate_hash(key, data['uaid'].hex) is_valid |= constant_time.bytes_eq(bytes(test_token), bytes(auth_token)) if not is_valid: raise InvalidRequest("Invalid Authentication", status_code=401, errno=109, headers=request_pref_header)
def _return_endpoint(self, endpoint, new_uaid, router=None): """Called after the endpoint was made and should be returned to the requestor""" if new_uaid: hashed = generate_hash(self.ap_settings.crypto_key[0], self.uaid) msg = dict( uaid=self.uaid, secret=hashed, channelID=self.chid, endpoint=endpoint, ) # Apply any router specific fixes to the outbound response. if router is not None: msg = router.amend_msg(msg) else: msg = dict(channelID=self.chid, endpoint=endpoint) self.write(json.dumps(msg)) log.msg("Endpoint registered via HTTP", **self._client_info()) self.finish()
def _validate_auth(self, uaid): """Validates the Authorization header in a request Validate the given request using HAWK. """ test, _ = validate_uaid(uaid) if not test: return False for key in self.ap_settings.crypto_key: secret = generate_hash(key, uaid) fReq = prequests.Request( self.request.method, "%s://%s%s" % (self.request.protocol, self.request.host, self.request.uri), headers=self.request.headers, data=self.request.body).prepare() if hawkauthlib.check_signature(fReq, secret): return True return False
def _return_endpoint(self, endpoint_data, new_uaid, router=None): """Called after the endpoint was made and should be returned to the requestor""" if new_uaid: if self.ap_settings.bear_hash_key: hashed = generate_hash(self.ap_settings.bear_hash_key[0], self.uaid) msg = dict( uaid=self.uaid, secret=hashed, channelID=self.chid, endpoint=endpoint_data[0], ) # Apply any router specific fixes to the outbound response. if router is not None: msg = router.amend_msg(msg, endpoint_data[1].get('router_data')) else: msg = dict(channelID=self.chid, endpoint=endpoint_data[0]) self.write(json.dumps(msg)) self.log.debug(format="Endpoint registered via HTTP", **self._client_info) self.finish()
def _write_endpoint( self, endpoint, # type: str uaid, # type: uuid.UUID chid, # type: str router=None, # type: Optional[Any] router_data=None # type: Optional[JSONDict] ): # type: (...) -> None """Write the JSON response of the created endpoint""" response = dict(channelID=chid, endpoint=endpoint) if router_data is not None: # a new uaid secret = None if self.ap_settings.bear_hash_key: secret = generate_hash(self.ap_settings.bear_hash_key[0], uaid.hex) response.update(uaid=uaid.hex, secret=secret) # Apply any router specific fixes to the outbound response. router.amend_endpoint_response(response, router_data) self.write(json.dumps(response)) self.log.debug("Endpoint registered via HTTP", client_info=self._client_info) self.finish()
def hasher(uaid): if key_hash: return generate_hash(key_hash, uaid) return uaid
def hasher(uaid): # type: (str) -> str """Hashes a key using a key_hash if present""" if key_hash: return generate_hash(key_hash, uaid) return uaid
def _validate_auth(self, uaid): """Validates the Authorization header in a request""" secret = self.ap_settings.crypto_key hashed = self.request.headers.get("Authorization", "").strip() key = generate_hash(secret, uaid) return validate_hash(key, self.request.body, hashed)