def test_signature(self):
# Check signature of token by corrupting the signature
with self.assertRaises(Unauthorized) as context:
t = template.copy()
t['signature'] = t['signature'][:84] + '5' + t['signature'][
85:] # Just modify one random letter.
validate_gamecenter_token(t)
self.assertIn("Can't verify signature:", context.exception.description)
self.assertIn("'padding check failed'", context.exception.description)
# Check signature of token by modifying the payload
with self.assertRaises(Unauthorized) as context:
t = template.copy()
t['player_id'] = 'G:5637867917'
validate_gamecenter_token(t)
self.assertIn("Can't verify signature:", context.exception.description)
self.assertIn("'bad signature'", context.exception.description)
def auth_request_handler():
if request.method == "GET":
abort_unauthorized("Bad Request. "
"This endpoint only supports the POST method.")
auth_info = request.get_json()
if not auth_info:
abort_unauthorized("Bad Request. Expected json payload.")
if "provider" not in auth_info:
auth_info = _fix_legacy_auth(auth_info)
# HACK: Client bug workaround:
if auth_info.get("provider") == "gamecenter" and \
"provider_details" not in auth_info:
auth_info = _fix_legacy_auth(auth_info)
identity = None
provider_details = auth_info.get('provider_details')
# TODO: Move specific auth logic outside this module.
# Steam and Game Center. should not be in here.
if auth_info['provider'] == "jwt":
# Authenticate using a JWT. We validate the token,
# and issue a new one based on that.
token = provider_details['jwt']
payload = verify_token(token, "JWT")
# Issue a JWT with same payload as the one we got
log.debug("Authenticating using a JWT: %s", payload)
identity = payload
elif auth_info['provider'] == "jti":
if provider_details and 'jti' in provider_details:
identity = get_cached_token(provider_details['jti'])
if not identity:
abort_unauthorized("Bad Request. Invalid JTI.")
elif auth_info['provider'] in ['device_id', 'user+pass', 'uuid']:
# Authenticate using access key, secret key pair
# (or username, password pair)
identity = authenticate(auth_info['username'],
auth_info['password'])
elif auth_info['provider'] == "gamecenter":
app_bundles = app.config.get('apple_game_center', {}) \
.get('bundle_ids')
from drift.auth.gamecenter import validate_gamecenter_token
identity_id = validate_gamecenter_token(provider_details,
app_bundles=app_bundles)
gc_player_id = "gamecenter:" + identity_id
username = "******" + pbkdf2_hex(gc_player_id, "staticsalt",
iterations=25000)
identity = authenticate(username, "")
elif auth_info['provider'] == "steam":
from drift.auth.steam import validate_steam_ticket
identity_id = validate_steam_ticket()
username = "******" + identity_id
identity = authenticate(username, "")
elif auth_info['provider'] == "oculus" and provider_details.get('provisional', False):
if len(provider_details['username']) < 1:
abort_unauthorized("Bad Request. 'username' cannot be an empty string.")
username = "******" + provider_details['username']
password = provider_details['password']
identity = authenticate(username, password)
elif auth_info['provider'] == "oculus":
from drift.auth.oculus import validate_oculus_ticket
identity_id = validate_oculus_ticket()
username = "******" + identity_id
identity = authenticate(username, "")
elif auth_info['provider'] == "viveport" and provider_details.get('provisional', False):
if len(provider_details['username']) < 1:
abort_unauthorized("Bad Request. 'username' cannot be an empty string.")
username = "******" + provider_details['username']
password = provider_details['password']
identity = authenticate(username, password)
elif auth_info['provider'] == "hypereal" and provider_details.get('provisional', False):
if len(provider_details['username']) < 1:
abort_unauthorized("Bad Request. 'username' cannot be an empty string.")
username = "******" + provider_details['username']
password = provider_details['password']
identity = authenticate(username, password)
elif auth_info['provider'] == "googleplay" and provider_details.get('provisional', False):
if len(provider_details['username']) < 1:
abort_unauthorized("Bad Request. 'username' cannot be an empty string.")
username = "******" + provider_details['username']
password = provider_details['password']
identity = authenticate(username, password)
elif auth_info['provider'] == "psn":
from drift.auth.psn import validate_psn_ticket
identity_id = validate_psn_ticket()
username = "******" + identity_id
identity = authenticate(username, "")
elif auth_info['provider'] == "7663":
username = "******" + provider_details['username']
password = provider_details['password']
identity = authenticate(username, password)
else:
abort_unauthorized("Bad Request. Unknown provider '%s'." %
auth_info['provider'])
if not identity or not identity.get("identity_id"):
raise RuntimeError("authenticate must return a dict with at"
" least 'identity_id' field.")
if 'service' in identity['roles']:
expire = JWT_EXPIRATION_DELTA_FOR_SERVICES
else:
expire = JWT_EXPIRATION_DELTA
ret = issue_token(identity, expire=expire)
log.info("Authenticated: %s", identity)
return jsonify(ret)
def test_app_bundles(self):
# Verify that the token is issued to the appropriate app.
with self.assertRaises(Unauthorized) as context:
validate_gamecenter_token(template, app_bundles=['dummy'])
self.assertIn("'app_bundle_id' not one of ['dummy']",
context.exception.description)
def test_gamecenter(self):
# This should fly straight through
validate_gamecenter_token(template, app_bundles=app_bundles)