def test_unauthenticated_userid_returns_userid_from_token(self, fake_token, pyramid_request): policy = TokenAuthenticationPolicy() pyramid_request.auth_token = fake_token result = policy.unauthenticated_userid(pyramid_request) assert result == "acct:[email protected]"
def test_unauthenticated_userid_returns_userid_from_token(self, pyramid_request): policy = TokenAuthenticationPolicy() pyramid_request.auth_token = 'valid123' result = policy.unauthenticated_userid(pyramid_request) assert result == 'acct:[email protected]'
def test_unauthenticated_userid_returns_none_if_token_invalid(self, pyramid_request, token_service): policy = TokenAuthenticationPolicy() token_service.validate.return_value = None pyramid_request.auth_token = 'abcd123' result = policy.unauthenticated_userid(pyramid_request) assert result is None
def test_unauthenticated_userid_returns_none_if_token_invalid(self, pyramid_request): policy = TokenAuthenticationPolicy() token = DummyToken(valid=False) pyramid_request.auth_token = token result = policy.unauthenticated_userid(pyramid_request) assert result is None
def test_unauthenticated_userid_returns_none_if_token_invalid( self, pyramid_request): policy = TokenAuthenticationPolicy() token = DummyToken(valid=False) pyramid_request.auth_token = token result = policy.unauthenticated_userid(pyramid_request) assert result is None
def test_authenticated_userid_uses_callback(self, pyramid_request): def callback(userid, request): return None policy = TokenAuthenticationPolicy(callback=callback) pyramid_request.auth_token = 'valid123' result = policy.authenticated_userid(pyramid_request) assert result is None
def test_unauthenticated_userid_returns_none_if_neither_token_valid(self, jwt, api_token): policy = TokenAuthenticationPolicy() api_token.return_value = None jwt.return_value = None request = DummyRequest(headers={'Authorization': 'Bearer f00ba12'}) result = policy.unauthenticated_userid(request) assert result is None
def test_unauthenticated_userid_returns_userid_from_jwt_as_fallback(self, jwt, api_token): policy = TokenAuthenticationPolicy() api_token.return_value = None jwt.return_value = 'acct:[email protected]' request = DummyRequest(headers={'Authorization': 'Bearer f00ba12'}) result = policy.unauthenticated_userid(request) assert result == 'acct:[email protected]'
def test_unauthenticated_userid_returns_userid_from_api_token_if_present(self, jwt, api_token, pyramid_request): policy = TokenAuthenticationPolicy() api_token.return_value = 'acct:[email protected]' jwt.return_value = 'acct:[email protected]' pyramid_request.headers = {'Authorization': 'Bearer f00ba12'} result = policy.unauthenticated_userid(pyramid_request) assert result == 'acct:[email protected]'
def test_unauthenticated_userid_returns_none_for_invalid_query_param_token(self, pyramid_request): """When the path is `/ws` but the token is invalid, it should still return None.""" policy = TokenAuthenticationPolicy() pyramid_request.GET['access_token'] = 'expired' pyramid_request.path = '/ws' result = policy.unauthenticated_userid(pyramid_request) assert result is None
def test_effective_principals_uses_callback(self, fake_token, pyramid_request): def callback(userid, request): return [userid + ".foo", "group:donkeys"] policy = TokenAuthenticationPolicy(callback=callback) pyramid_request.auth_token = fake_token result = policy.effective_principals(pyramid_request) assert set(result) > set(["acct:[email protected]", "acct:[email protected]", "group:donkeys"])
def test_unauthenticated_userid_returns_userid_from_jwt_as_fallback( self, jwt, api_token): policy = TokenAuthenticationPolicy() api_token.return_value = None jwt.return_value = 'acct:[email protected]' request = DummyRequest(headers={'Authorization': 'Bearer f00ba12'}) result = policy.unauthenticated_userid(request) assert result == 'acct:[email protected]'
def test_unauthenticated_userid_passes_token_to_extractor_functions(self, jwt, api_token): policy = TokenAuthenticationPolicy() api_token.return_value = None jwt.return_value = None request = DummyRequest(headers={'Authorization': 'Bearer f00ba12'}) policy.unauthenticated_userid(request) api_token.assert_called_once_with('f00ba12') jwt.assert_called_once_with('f00ba12', request)
def test_unauthenticated_userid_returns_none_if_neither_token_valid( self, jwt, api_token): policy = TokenAuthenticationPolicy() api_token.return_value = None jwt.return_value = None request = DummyRequest(headers={'Authorization': 'Bearer f00ba12'}) result = policy.unauthenticated_userid(request) assert result is None
def test_unauthenticated_userid_returns_userid_from_query_params_token(self, pyramid_request): """When the path is `/ws` then we look into the query string parameters as well.""" policy = TokenAuthenticationPolicy() pyramid_request.GET['access_token'] = 'valid123' pyramid_request.path = '/ws' result = policy.unauthenticated_userid(pyramid_request) assert result == 'acct:[email protected]'
def test_authenticated_userid_uses_callback(self, jwt, api_token): def callback(userid, request): return None policy = TokenAuthenticationPolicy(callback=callback) api_token.return_value = 'acct:[email protected]' jwt.return_value = None request = DummyRequest(headers={'Authorization': 'Bearer f00ba12'}) result = policy.authenticated_userid(request) assert result is None
def test_effective_principals_uses_callback(self, pyramid_request): def callback(userid, request): return [userid + '.foo', 'group:donkeys'] policy = TokenAuthenticationPolicy(callback=callback) pyramid_request.auth_token = 'valid123' result = policy.effective_principals(pyramid_request) assert set(result) > set(['acct:[email protected]', 'acct:[email protected]', 'group:donkeys'])
def test_unauthenticated_userid_passes_token_to_extractor_functions( self, jwt, api_token): policy = TokenAuthenticationPolicy() api_token.return_value = None jwt.return_value = None request = DummyRequest(headers={'Authorization': 'Bearer f00ba12'}) policy.unauthenticated_userid(request) api_token.assert_called_once_with('f00ba12') jwt.assert_called_once_with('f00ba12', request)
def test_unauthenticated_userid_skips_query_param_for_non_ws_requests(self, pyramid_request): """ When we have a valid token in the `access_token` query param, but it's not a request to /ws, then we should ignore this access token. """ policy = TokenAuthenticationPolicy() pyramid_request.GET['access_token'] = 'valid123' pyramid_request.path = '/api' result = policy.unauthenticated_userid(pyramid_request) assert result is None
def test_effective_principals_uses_callback(self, jwt, api_token): def callback(userid, request): return [userid + '.foo', 'group:donkeys'] policy = TokenAuthenticationPolicy(callback=callback) api_token.return_value = 'acct:[email protected]' jwt.return_value = None request = DummyRequest(headers={'Authorization': 'Bearer f00ba12'}) result = policy.effective_principals(request) assert set(result) > set(['acct:[email protected]', 'acct:[email protected]', 'group:donkeys'])
def test_effective_principals_uses_callback(self, pyramid_request): def callback(userid, request): return [userid + ".foo", "group:donkeys"] policy = TokenAuthenticationPolicy(callback=callback) pyramid_request.auth_token = "valid123" result = policy.effective_principals(pyramid_request) assert set(result) > { "acct:[email protected]", "acct:[email protected]", "group:donkeys", }
def test_effective_principals_uses_callback(self, jwt, api_token): def callback(userid, request): return [userid + '.foo', 'group:donkeys'] policy = TokenAuthenticationPolicy(callback=callback) api_token.return_value = 'acct:[email protected]' jwt.return_value = None request = DummyRequest(headers={'Authorization': 'Bearer f00ba12'}) result = policy.effective_principals(request) assert set(result) > set([ 'acct:[email protected]', 'acct:[email protected]', 'group:donkeys' ])
def create_app(global_config, **settings): config = configure(settings=settings) config.add_request_method(features.Client, name='feature', reify=True) config.set_authorization_policy(ACLAuthorizationPolicy()) policy = MultiAuthenticationPolicy([ TokenAuthenticationPolicy(callback=groupfinder), SessionAuthenticationPolicy(callback=groupfinder), ]) config.set_authentication_policy(policy) config.include('h.auth') config.include('h.sentry') config.include('h.stats') # We have to include models and db to set up sqlalchemy metadata. config.include('h.models') config.include('h.db') config.include('h.api.db') # We have to include search to set up the `request.es` property. config.include('h.api.search') config.include('h.streamer') return config.make_wsgi_app()
def test_unauthenticated_userid_is_none_if_no_token(self, pyramid_request): policy = TokenAuthenticationPolicy() assert policy.unauthenticated_userid(pyramid_request) is None
def test_remember_does_nothing(self, pyramid_request): policy = TokenAuthenticationPolicy() assert policy.remember(pyramid_request, "foo") == []
def test_forget_does_nothing(self, pyramid_request): policy = TokenAuthenticationPolicy() assert policy.forget(pyramid_request) == []
def test_remember_does_nothing(self): policy = TokenAuthenticationPolicy() request = DummyRequest() assert policy.remember(request, 'foo') == []
def policy(self): self.session_policy = mock.Mock(spec_set=SessionAuthenticationPolicy()) self.token_policy = mock.Mock(spec_set=TokenAuthenticationPolicy()) self.policy = AuthenticationPolicy() self.policy.session_policy = self.session_policy self.policy.token_policy = self.token_policy
def test_unauthenticated_userid_is_none_if_header_incorrectly_formatted(self, value): policy = TokenAuthenticationPolicy() request = DummyRequest(headers={'Authorization': value}) assert policy.unauthenticated_userid(request) is None
def test_unauthenticated_userid_is_none_if_header_missing(self): policy = TokenAuthenticationPolicy() request = DummyRequest() assert policy.unauthenticated_userid(request) is None
def test_unauthenticated_userid_is_none_if_header_incorrectly_formatted( self, value): policy = TokenAuthenticationPolicy() request = DummyRequest(headers={'Authorization': value}) assert policy.unauthenticated_userid(request) is None
def test_forget_does_nothing(self): policy = TokenAuthenticationPolicy() request = DummyRequest() assert policy.forget(request) == []
from h.auth.policy import TokenAuthenticationPolicy from h.auth.util import default_authority, groupfinder from h.security import derive_key __all__ = ( 'DEFAULT_POLICY', 'WEBSOCKET_POLICY', ) log = logging.getLogger(__name__) PROXY_POLICY = RemoteUserAuthenticationPolicy( environ_key='HTTP_X_FORWARDED_USER', callback=groupfinder) TICKET_POLICY = pyramid_authsanity.AuthServicePolicy() TOKEN_POLICY = TokenAuthenticationPolicy(callback=groupfinder) AUTH_CLIENT_POLICY = AuthClientPolicy() API_POLICY = APIAuthenticationPolicy(user_policy=TOKEN_POLICY, client_policy=AUTH_CLIENT_POLICY) DEFAULT_POLICY = AuthenticationPolicy(api_policy=API_POLICY, fallback_policy=TICKET_POLICY) WEBSOCKET_POLICY = TOKEN_POLICY def includeme(config): global DEFAULT_POLICY global WEBSOCKET_POLICY # Set up authsanity
def test_unauthenticated_userid_is_none_if_header_incorrectly_formatted(self, pyramid_request, value): policy = TokenAuthenticationPolicy() pyramid_request.headers = {'Authorization': value} assert policy.unauthenticated_userid(pyramid_request) is None