def test_update_keychain_add_multi(self): logger.info(self.getTestHeader('test update keychain add multi')) keychain_file = ospj(self.test_config_dir, 'test-keychain-8.json') added_entries = [{ "uri": "https://foo.bar.com/", "auth_type": "http-basic", "auth_params": { "auth_method": "get", "username": "******", "password": "******" } }, { "uri": "https://foo.bar.com/", "auth_type": "bearer-token", "auth_params": { "token": "bar", "allow_redirects_with_token": "True", "additional_request_headers": { "X-Requested-With": "XMLHttpRequest" } } }] try: keychain = read_keychain(keychain_file, create_default=False) entries = get_auth_entries("https://foo.bar.com/", keychain) self.assertFalse(entries) updated_keychain = update_keychain(added_entries, keychain_file=keychain_file) logger.info("Updated keychain: %s" % json.dumps(updated_keychain)) entries = get_auth_entries("https://foo.bar.com/", updated_keychain) self.assertTrue(len(entries) == 2) except Exception as e: self.fail(bdbag.get_typed_exception(e))
def test_update_keychain_single(self): logger.info(self.getTestHeader('test update keychain single')) keychain_file = ospj(self.test_config_dir, 'test-keychain-8.json') updated_entry = { "uri": "https://raw.githubusercontent.com/", "auth_type": "http-basic", "auth_params": { "auth_method": "get", "username": "******", "password": "******" } } try: updated_keychain = update_keychain(updated_entry, keychain_file=keychain_file) logger.info("Updated keychain: %s" % json.dumps(updated_keychain)) entries = get_auth_entries("https://raw.githubusercontent.com/", updated_keychain) found = False for entry in entries: if entry["auth_type"] == "http-basic": if entry["auth_params"]["username"] == "foo" and entry[ "auth_params"]["password"] == "bar!": found = True break self.assertTrue(found) except Exception as e: self.fail(bdbag.get_typed_exception(e))
def test_update_keychain_del_by_tag(self): logger.info(self.getTestHeader('test update keychain del by tag')) keychain_file = ospj(self.test_config_dir, 'test-keychain-8.json') deleted_entries = {"tag": "unit test"} try: keychain = read_keychain(keychain_file, create_default=False) entries = get_auth_entries("https://raw.githubusercontent.com/", keychain) self.assertTrue(entries) updated_keychain = update_keychain(deleted_entries, keychain_file=keychain_file, delete=True) logger.info("Updated keychain: %s" % json.dumps(updated_keychain)) entries = get_auth_entries("https://raw.githubusercontent.com/", updated_keychain) self.assertFalse(entries) except Exception as e: self.fail(bdbag.get_typed_exception(e))
def test_update_keychain_del_single(self): logger.info(self.getTestHeader('test update keychain del single')) keychain_file = ospj(self.test_config_dir, 'test-keychain-8.json') deleted_entry = { "uri": "ftp://ftp.nist.gov/", "auth_type": "ftp-basic" } try: keychain = read_keychain(keychain_file, create_default=False) entries = get_auth_entries("ftp://ftp.nist.gov/", keychain) self.assertTrue(len(entries) == 1) updated_keychain = update_keychain(deleted_entry, keychain_file=keychain_file, delete=True) logger.info("Updated keychain: %s" % json.dumps(updated_keychain)) entries = get_auth_entries("ftp://ftp.nist.gov/", updated_keychain) self.assertFalse(entries) except Exception as e: self.fail(bdbag.get_typed_exception(e))
def test_update_keychain_del_multi(self): logger.info(self.getTestHeader('test update keychain del multi')) keychain_file = ospj(self.test_config_dir, 'test-keychain-8.json') deleted_entries = [{ "uri": "https://raw.githubusercontent.com/", "auth_type": "http-basic" }, { "uri": "https://raw.githubusercontent.com/", "auth_type": "bearer-token" }] try: keychain = read_keychain(keychain_file, create_default=False) entries = get_auth_entries("https://raw.githubusercontent.com/", keychain) self.assertTrue(entries) updated_keychain = update_keychain(deleted_entries, keychain_file=keychain_file, delete=True) logger.info("Updated keychain: %s" % json.dumps(updated_keychain)) entries = get_auth_entries("https://raw.githubusercontent.com/", updated_keychain) self.assertFalse(entries) except Exception as e: self.fail(bdbag.get_typed_exception(e))
def test_update_keychain_add_single(self): logger.info(self.getTestHeader('test update keychain add single')) keychain_file = ospj(self.test_config_dir, 'test-keychain-8.json') added_entry = { "uri": "https://foo.bar.com/", "auth_type": "http-basic", "auth_params": { "auth_method": "get", "username": "******", "password": "******" } } try: keychain = read_keychain(keychain_file, create_default=False) entries = get_auth_entries("https://foo.bar.com/", keychain) self.assertFalse(entries) updated_keychain = update_keychain(added_entry, keychain_file=keychain_file) logger.info("Updated keychain: %s" % json.dumps(updated_keychain)) entries = get_auth_entries("https://foo.bar.com/", updated_keychain) self.assertTrue(len(entries) == 1) except Exception as e: self.fail(bdbag.get_typed_exception(e))
def get_credentials(url, auth_config): credentials = None for auth in keychain.get_auth_entries(url, auth_config): if not validate_auth_config(auth): continue auth_type = auth.get("auth_type") auth_params = auth.get("auth_params") if auth_type == 'aws-credentials': credentials = auth_params break return credentials
def get_credentials(url, auth_config): credentials = (None, None) for auth in keychain.get_auth_entries(url, auth_config): if not validate_auth_config(auth): continue auth_type = auth.get("auth_type") auth_params = auth.get("auth_params", {}) if auth_type == 'globus_transfer': transfer_token = auth_params.get("transfer_token") local_endpoint = auth_params.get("local_endpoint") credentials = (transfer_token, local_endpoint) break return credentials
def get_credentials(url, auth_config): credentials = (None, None) for auth in keychain.get_auth_entries(url, auth_config): if not validate_auth_config(auth): continue auth_type = auth.get("auth_type") auth_params = auth.get("auth_params", {}) username = auth_params.get("username") password = auth_params.get("password") if auth_type == 'ftp-basic': credentials = (username, password) break return credentials
def test_update_keychain_multi(self): logger.info(self.getTestHeader('test update keychain multi')) keychain_file = ospj(self.test_config_dir, 'test-keychain-8.json') updated_entries = [{ "uri": "https://raw.githubusercontent.com/", "auth_type": "http-basic", "auth_params": { "auth_method": "get", "username": "******", "password": "******" } }, { "uri": "https://raw.githubusercontent.com/", "auth_type": "bearer-token", "auth_params": { "token": "bar", "allow_redirects_with_token": "True", "additional_request_headers": { "X-Requested-With": "XMLHttpRequest" } } }] try: updated_keychain = update_keychain(updated_entries, keychain_file=keychain_file) logger.info("Updated keychain: %s" % json.dumps(updated_keychain)) entries = get_auth_entries("https://raw.githubusercontent.com/", updated_keychain) found1 = found2 = False for entry in entries: if entry["auth_type"] == "http-basic": if entry["auth_params"]["password"] == "bar!": found1 = True if entry["auth_type"] == "bearer-token": if entry["auth_params"][ "allow_redirects_with_token"] == "True": found2 = True self.assertTrue(found1 and found2) except Exception as e: self.fail(bdbag.get_typed_exception(e))
def test_update_keychain_invalid_params(self): logger.info(self.getTestHeader('test update keychain invalid params')) keychain_file = ospj(self.test_config_dir, 'test-keychain-8.json') deleted_entries = [{ "uri": "https://raw.githubusercontent.com/", }, { "auth_type": "bearer-token" }, { "uri": "ftp://ftp.nist.gov/", "tag": "invalid" }] try: keychain = read_keychain(keychain_file, create_default=False) entries = get_auth_entries("https://raw.githubusercontent.com/", keychain) self.assertTrue(entries) updated_keychain = update_keychain(deleted_entries, keychain_file=keychain_file, delete=True) logger.info("Updated keychain: %s" % json.dumps(updated_keychain)) self.assertTrue(len(updated_keychain) == 3) except Exception as e: self.fail(bdbag.get_typed_exception(e))
def get_session(url, auth_config, config): session = None response = None for auth in keychain.get_auth_entries(url, auth_config): try: if not validate_auth_config(auth): continue uri = auth.get("uri") if uri in SESSIONS: session = SESSIONS[uri] break else: session = init_new_session(config["session_config"]) auth_type = auth.get("auth_type") auth_params = auth.get("auth_params", {}) if auth_type == 'cookie': if auth_params: cookies = auth_params.get("cookies", []) if cookies: for cookie in cookies: name, value = cookie.split('=', 1) session.cookies.set(name, value, domain=urlsplit(uri).hostname, path='/') session.headers.update( auth_params.get("additional_request_headers", {})) SESSIONS[uri] = session break if auth_type == 'bearer-token': token = auth_params.get("token") if token: session.headers.update( {"Authorization": "Bearer " + token}) session.headers.update( auth_params.get("additional_request_headers", {})) SESSIONS[uri] = session break else: logging.warning( "Missing required parameters [token] for auth_type [%s] for keychain entry [%s]" % (auth_type, uri)) # if we get here the assumption is that the auth_type is either http-basic or http-form and that an # actual session "login" request is necessary auth_uri = auth.get("auth_uri", uri) username = auth_params.get("username") password = auth_params.get("password") if not (username and password): logging.warning( "Missing required parameters [username, password] for auth_type [%s] for keychain entry [%s]" % (auth_type, uri)) continue session.headers.update( auth_params.get("additional_request_headers", {})) auth_method = auth_params.get("auth_method", "post") if auth_type == 'http-basic': session.auth = (username, password) if auth_method: auth_method = auth_method.lower() if auth_method == 'post': response = session.post(auth_uri, auth=session.auth) elif auth_method == 'get': response = session.get(auth_uri, auth=session.auth) else: logging.warning( "Unsupported auth_method [%s] for auth_type [%s] for keychain entry [%s]" % (auth_method, auth_type, uri)) elif auth_type == 'http-form': username_field = auth_params.get("username_field", "username") password_field = auth_params.get("password_field", "password") response = session.post(auth_uri, { username_field: username, password_field: password }) if response.status_code > 203: logger.warning( 'Authentication failed with Status Code: %s %s\n' % (response.status_code, response.text)) else: logger.info("Session established: %s", uri) SESSIONS[uri] = session break except Exception as e: logger.warning( "Unhandled exception during HTTP(S) authentication: %s" % get_typed_exception(e)) if not session: url_parts = urlsplit(url) base_url = str("%s://%s" % (url_parts.scheme, url_parts.netloc)) session = SESSIONS.get(base_url, None) if not session: session = init_new_session(config["session_config"]) SESSIONS[base_url] = session return session
def get_auth(url, auth_config): for auth in keychain.get_auth_entries(url, auth_config): if validate_auth_config(auth): return auth return None