Python principals_for_auth_client_userの例

コード例 #1

ファイル: util_test.py プロジェクト: hypothesis/h

    def test_it_proxies_to_principals_for_user(
        self, principals_for_user, factories, auth_client
    ):
        user = factories.User()
        util.principals_for_auth_client_user(user, auth_client)

        principals_for_user.assert_called_once_with(user)

コード例 #2

    def test_it_proxies_to_principals_for_user(
        self, principals_for_user, factories, auth_client
    ):
        user = factories.User()
        util.principals_for_auth_client_user(user, auth_client)

        principals_for_user.assert_called_once_with(user)

コード例 #3

ファイル: util_test.py プロジェクト: luke-rm/h

    def test_it_returns_combined_principals(self, factories, auth_client):
        user = factories.User(authority=auth_client.authority)
        group = factories.Group()
        user.groups.append(group)

        principals = util.principals_for_auth_client_user(user, auth_client)

        assert 'group:{pubid}'.format(pubid=group.pubid) in principals
        assert 'client:{client_id}@{authority}'.format(client_id=auth_client.id,
                                                       authority=auth_client.authority) in principals
        assert 'authority:{authority}'.format(authority=auth_client.authority)
        assert role.AuthClient in principals

コード例 #4

ファイル: util_test.py プロジェクト: hypothesis/h

    def test_it_returns_combined_principals(self, factories, auth_client):
        user = factories.User(authority=auth_client.authority)
        group = factories.Group()
        user.groups.append(group)

        principals = util.principals_for_auth_client_user(user, auth_client)

        assert "group:{pubid}".format(pubid=group.pubid) in principals
        assert (
            "client:{client_id}@{authority}".format(
                client_id=auth_client.id, authority=auth_client.authority
            )
            in principals
        )
        assert "authority:{authority}".format(authority=auth_client.authority)
        assert role.AuthClient in principals

コード例 #5

ファイル: policy.py プロジェクト: Manuelinux/kubeh

    def check(username, password, request):
        """
        Return list of appropriate principals or None if authentication is
        unsuccessful.

        Validate the basic auth credentials from the request by matching them to
        an auth_client record in the DB.

        If an HTTP ``X-Forwarded-User`` header is present in the request, this
        represents the intent to authenticate "on behalf of" a user within
        the auth_client's authority. If this header is present, the user indicated
        by its value (a :py:attr:`h.models.user.User.userid`) _must_ exist and
        be within the auth_client's authority, or authentication will fail.

        :param username: username parsed out of Authorization header (Basic)
        :param password: password parsed out of Authorization header (Basic)
        :returns: additional principals for the auth_client or None
        :rtype: list or None
        """
        client_id = username
        client_secret = password

        # validate that the credentials in BasicAuth header
        # match an AuthClient record in the db
        client = util.verify_auth_client(client_id, client_secret, request.db)

        if client is None:
            return None

        forwarded_userid = AuthClientPolicy._forwarded_userid(request)

        if (
            forwarded_userid is None
        ):  # No forwarded user; set principals for basic auth_client
            return util.principals_for_auth_client(client)

        user_service = request.find_service(name="user")
        try:
            user = user_service.fetch(forwarded_userid)
        except ValueError:  # raised if userid is invalid format
            return None  # invalid user, so we are failing here

        if user and user.authority == client.authority:
            return util.principals_for_auth_client_user(user, client)

        return None

コード例 #6

ファイル: policy.py プロジェクト: hypothesis/h

    def check(username, password, request):
        """
        Return list of appropriate principals or None if authentication is
        unsuccessful.

        Validate the basic auth credentials from the request by matching them to
        an auth_client record in the DB.

        If an HTTP ``X-Forwarded-User`` header is present in the request, this
        represents the intent to authenticate "on behalf of" a user within
        the auth_client's authority. If this header is present, the user indicated
        by its value (a :py:attr:`h.models.user.User.userid`) _must_ exist and
        be within the auth_client's authority, or authentication will fail.

        :param username: username parsed out of Authorization header (Basic)
        :param password: password parsed out of Authorization header (Basic)
        :returns: additional principals for the auth_client or None
        :rtype: list or None
        """
        client_id = username
        client_secret = password

        # validate that the credentials in BasicAuth header
        # match an AuthClient record in the db
        client = util.verify_auth_client(client_id, client_secret, request.db)

        if client is None:
            return None

        forwarded_userid = AuthClientPolicy._forwarded_userid(request)

        if (
            forwarded_userid is None
        ):  # No forwarded user; set principals for basic auth_client
            return util.principals_for_auth_client(client)

        user_service = request.find_service(name="user")
        try:
            user = user_service.fetch(forwarded_userid)
        except ValueError:  # raised if userid is invalid format
            return None  # invalid user, so we are failing here

        if user and user.authority == client.authority:
            return util.principals_for_auth_client_user(user, client)

        return None

コード例 #7

ファイル: util_test.py プロジェクト: luke-rm/h

    def test_it_proxies_to_principals_for_auth_client(self, principals_for_auth_client, factories, auth_client):
        util.principals_for_auth_client_user(factories.User(), auth_client)

        principals_for_auth_client.assert_called_once_with(auth_client)

コード例 #8

ファイル: util_test.py プロジェクト: wisdom-garden/h

    def test_it_adds_the_authclientuser_role(self, factories, auth_client):
        user = factories.User(authority=auth_client.authority)

        principals = util.principals_for_auth_client_user(user, auth_client)

        assert role.AuthClientUser in principals

コード例 #9

    def test_it_adds_the_userid_principal(self, factories, auth_client):
        user = factories.User(authority=auth_client.authority)

        principals = util.principals_for_auth_client_user(user, auth_client)

        assert user.userid in principals

コード例 #10

ファイル: util_test.py プロジェクト: hypothesis/h

    def test_it_adds_the_authclientuser_role(self, factories, auth_client):
        user = factories.User(authority=auth_client.authority)

        principals = util.principals_for_auth_client_user(user, auth_client)

        assert role.AuthClientUser in principals

コード例 #11

ファイル: util_test.py プロジェクト: hypothesis/h

    def test_it_adds_the_userid_principal(self, factories, auth_client):
        user = factories.User(authority=auth_client.authority)

        principals = util.principals_for_auth_client_user(user, auth_client)

        assert user.userid in principals

コード例 #12

ファイル: util_test.py プロジェクト: hypothesis/h

    def test_it_proxies_to_principals_for_auth_client(
        self, principals_for_auth_client, factories, auth_client
    ):
        util.principals_for_auth_client_user(factories.User(), auth_client)

        principals_for_auth_client.assert_called_once_with(auth_client)