def test_mapped_with_remote_user(self): method_name = 'saml2' auth_data = {'methods': [method_name]} # put the method name in the payload so its easier to correlate # method name with payload auth_data[method_name] = {'protocol': method_name} auth_data = {'identity': auth_data} auth_context = auth.controllers.AuthContext( extras={}, method_names=[], user_id=uuid.uuid4().hex) self.useFixture(auth_plugins.LoadAuthPlugins(method_name)) with mock.patch.object(auth.plugins.mapped.Mapped, 'authenticate', return_value=None) as authenticate: auth_info = auth.controllers.AuthInfo.create(auth_data) request = self.make_request(environ={'REMOTE_USER': '******'}) self.api.authenticate(request, auth_info, auth_context) # make sure Mapped plugin got invoked with the correct payload ((context, auth_payload, auth_context), kwargs) = authenticate.call_args self.assertEqual(method_name, auth_payload['protocol'])
def test_load_openid_ifca(self): method_name = "openid" with mock.patch.object(auth_plugin.OpenIDConnect, 'authenticate', return_value=None) as authenticate: self.useFixture( auth_plugins.ConfigAuthPlugins(self.config_fixture, [method_name], openid="ifca")) self.useFixture(auth_plugins.LoadAuthPlugins(method_name)) auth_data = { 'identity': { 'methods': [method_name], method_name: { 'protocol': method_name }, } } auth_info = auth.core.AuthInfo.create(auth_data) auth_context = auth.core.AuthContext(method_names=[], user_id=uuid.uuid4().hex) with self.make_request(): authentication.authenticate(auth_info, auth_context) # make sure Mapped plugin got invoked with the correct payload ((auth_payload, ), kwargs) = authenticate.call_args self.assertEqual(method_name, auth_payload['protocol'])
def test_addition_auth_steps(self, stevedore_mock): simple_challenge_plugin = SimpleChallengeResponse() extension = stevedore.extension.Extension(name='simple_challenge', entry_point=None, plugin=None, obj=simple_challenge_plugin) test_manager = stevedore.DriverManager.make_test_instance(extension) stevedore_mock.return_value = test_manager self.useFixture( auth_plugins.ConfigAuthPlugins(self.config_fixture, methods=[METHOD_NAME])) self.useFixture(auth_plugins.LoadAuthPlugins(METHOD_NAME)) auth_data = {'methods': [METHOD_NAME]} auth_data[METHOD_NAME] = {'test': 'test'} auth_data = {'identity': auth_data} auth_info = auth.core.AuthInfo.create(auth_data) auth_context = auth.core.AuthContext(method_names=[]) try: with self.make_request(): authentication.authenticate(auth_info, auth_context) except exception.AdditionalAuthRequired as e: self.assertIn('methods', e.authentication) self.assertIn(METHOD_NAME, e.authentication['methods']) self.assertIn(METHOD_NAME, e.authentication) self.assertIn('challenge', e.authentication[METHOD_NAME]) # test correct response auth_data = {'methods': [METHOD_NAME]} auth_data[METHOD_NAME] = {'response': EXPECTED_RESPONSE} auth_data = {'identity': auth_data} auth_info = auth.core.AuthInfo.create(auth_data) auth_context = auth.core.AuthContext(method_names=[]) with self.make_request(): authentication.authenticate(auth_info, auth_context) self.assertEqual(DEMO_USER_ID, auth_context['user_id']) # test incorrect response auth_data = {'methods': [METHOD_NAME]} auth_data[METHOD_NAME] = {'response': uuid.uuid4().hex} auth_data = {'identity': auth_data} auth_info = auth.core.AuthInfo.create(auth_data) auth_context = auth.core.AuthContext(method_names=[]) with self.make_request(): self.assertRaises(exception.Unauthorized, authentication.authenticate, auth_info, auth_context)
def test_addition_auth_steps(self): self.useFixture( auth_plugins.ConfigAuthPlugins(self.config_fixture, methods=[METHOD_NAME], **METHOD_OPTS)) self.useFixture(auth_plugins.LoadAuthPlugins(METHOD_NAME)) auth_data = {'methods': [METHOD_NAME]} auth_data[METHOD_NAME] = { 'test': 'test'} auth_data = {'identity': auth_data} auth_info = auth.controllers.AuthInfo.create(auth_data) auth_context = auth.controllers.AuthContext(extras={}, method_names=[]) try: self.api.authenticate(self.make_request(), auth_info, auth_context) except exception.AdditionalAuthRequired as e: self.assertIn('methods', e.authentication) self.assertIn(METHOD_NAME, e.authentication['methods']) self.assertIn(METHOD_NAME, e.authentication) self.assertIn('challenge', e.authentication[METHOD_NAME]) # test correct response auth_data = {'methods': [METHOD_NAME]} auth_data[METHOD_NAME] = { 'response': EXPECTED_RESPONSE} auth_data = {'identity': auth_data} auth_info = auth.controllers.AuthInfo.create(auth_data) auth_context = auth.controllers.AuthContext(extras={}, method_names=[]) self.api.authenticate(self.make_request(), auth_info, auth_context) self.assertEqual(DEMO_USER_ID, auth_context['user_id']) # test incorrect response auth_data = {'methods': [METHOD_NAME]} auth_data[METHOD_NAME] = { 'response': uuid.uuid4().hex} auth_data = {'identity': auth_data} auth_info = auth.controllers.AuthInfo.create(auth_data) auth_context = auth.controllers.AuthContext(extras={}, method_names=[]) self.assertRaises(exception.Unauthorized, self.api.authenticate, self.make_request(), auth_info, auth_context)
def test_supporting_multiple_methods(self): method_names = ('saml2', 'openid', 'x509', 'mapped') self.useFixture(auth_plugins.LoadAuthPlugins(*method_names)) for method_name in method_names: self._test_mapped_invocation_with_method_name(method_name)