def _create_context(self, request, mapping_ref=None, exception_expected=False): """Builds the auth context from the given arguments. auth context will be returned from the AuthContextMiddleware based on what is being passed in the given request and what mapping is being setup in the backend DB. :param request: HTTP request :param mapping_ref: A mapping in JSON structure will be setup in the backend DB for mapping a user or a group. :param exception_expected: Sets to True when an exception is expected to raised based on the given arguments. :returns: context an auth context contains user and role information :rtype: dict """ if mapping_ref: self._load_mapping_rules(mapping_ref) if not exception_expected: (middleware.AuthContextMiddleware( 'Tokenless_auth_test').process_request(request)) context = request.environ.get(authorization.AUTH_CONTEXT_ENV) else: context = middleware.AuthContextMiddleware('Tokenless_auth_test') return context
def test_admin_token_auth_context(self): # test to make sure AuthContextMiddleware does not attempt to build # auth context if the incoming auth token is the special admin token req = self._mock_request_object(CONF.admin_token) application = None middleware.AuthContextMiddleware(application).process_request(req) self.assertDictEqual(req.environ.get(authorization.AUTH_CONTEXT_ENV), {})
def test_project_scoped_token_auth_context(self): project_scoped_token = self.get_scoped_token() req = self._mock_request_object(project_scoped_token) application = None middleware.AuthContextMiddleware(application).process_request(req) self.assertEqual( self.project['id'], req.environ.get(authorization.AUTH_CONTEXT_ENV)['project_id'])
def test_unscoped_token_auth_context(self): unscoped_token = self.get_unscoped_token() req = self._mock_request_object(unscoped_token) application = None middleware.AuthContextMiddleware(application).process_request(req) for key in ['project_id', 'domain_id', 'domain_name']: self.assertNotIn( key, req.environ.get(authorization.AUTH_CONTEXT_ENV))
def test_auth_context_build_by_middleware(self): # test to make sure AuthContextMiddleware successful build the auth # context from the incoming auth token admin_token = self.get_scoped_token() req = self._mock_request_object(admin_token) application = None middleware.AuthContextMiddleware(application).process_request(req) self.assertEqual( self.user['id'], req.environ.get(authorization.AUTH_CONTEXT_ENV)['user_id'])
def test_auth_context_override(self): overridden_context = 'OVERRIDDEN_CONTEXT' # this token should not be used token = uuid.uuid4().hex req = self._mock_request_object(token) req.environ[authorization.AUTH_CONTEXT_ENV] = overridden_context application = None middleware.AuthContextMiddleware(application).process_request(req) # make sure overridden context take precedence self.assertEqual(overridden_context, req.environ.get(authorization.AUTH_CONTEXT_ENV))
def test_domain_scoped_token_auth_context(self): # grant the domain role to user path = '/domains/%s/users/%s/roles/%s' % ( self.domain['id'], self.user['id'], self.role['id']) self.put(path=path) domain_scoped_token = self.get_domain_scoped_token() req = self._mock_request_object(domain_scoped_token) application = None middleware.AuthContextMiddleware(application).process_request(req) self.assertEqual( self.domain['id'], req.environ.get(authorization.AUTH_CONTEXT_ENV)['domain_id']) self.assertEqual( self.domain['name'], req.environ.get(authorization.AUTH_CONTEXT_ENV)['domain_name'])