def test_privileged_access(self):
"""
Tests that initially, a non-authenticating server is accessible,
but an authenticating one is not.
"""
auth_client = env.setup_auth_client(self._test_workspace)
handshake = auth_client.getAuthParameters()
self.assertTrue(
handshake.requiresAuthentication, "Privileged server " +
"did not report that it requires authentication.")
self.assertFalse(handshake.sessionStillActive,
"Empty session was " + "reported to be still active.")
sessionToken = auth_client.performLogin("Username:Password",
"invalid:invalid")
self.assertIsNone(sessionToken, "Invalid credentials gave us a token!")
self.sessionToken = auth_client.performLogin("Username:Password",
"cc:test")
self.assertIsNotNone(self.sessionToken,
"Valid credentials didn't give us a token!")
handshake = auth_client.getAuthParameters()
self.assertTrue(
handshake.requiresAuthentication, "Privileged server " +
"did not report that it requires authentication.")
self.assertFalse(handshake.sessionStillActive,
"Valid session was " + "reported not to be active.")
client = env.setup_viewer_client(self._test_workspace,
session_token=self.sessionToken)
self.assertIsNotNone(client.getAPIVersion(),
"Privileged server didn't respond properly.")
auth_client = env.setup_auth_client(self._test_workspace,
session_token=self.sessionToken)
result = auth_client.destroySession()
self.assertTrue(result, "Server did not allow us to destroy session.")
try:
client.getAPIVersion()
success = False
except TProtocolException as tpe:
# The server reports a HTTP 401 error which
# is not a valid Thrift response.
# But if it does so, it passes the test!
success = True
self.assertTrue(success,
"Privileged client allowed access after logout.")
handshake = auth_client.getAuthParameters()
self.assertFalse(
handshake.sessionStillActive,
"Destroyed session was " + "reported to be still active.")
def test_group_auth(self):
"""
Test for case insensitive group comparison at authorization.
"""
auth_client = env.setup_auth_client(self._test_workspace,
session_token='_PROHIBIT')
# A non-authenticated session should return an empty user.
user = auth_client.getLoggedInUser()
self.assertEqual(user, "")
# Create a SUPERUSER login.
self.sessionToken = auth_client.performLogin("Username:Password",
"root:root")
self.assertIsNotNone(self.sessionToken,
"Valid credentials didn't give us a token!")
authd_auth_client = \
env.setup_auth_client(self._test_workspace,
session_token=self.sessionToken)
user = authd_auth_client.getLoggedInUser()
self.assertEqual(user, "root")
product_name = self._test_cfg['codechecker_cfg']['viewer_product']
pr_client = env.setup_product_client(self._test_workspace,
product=product_name)
product_id = pr_client.getCurrentProduct().id
extra_params = {'productID': product_id}
ret = authd_auth_client.addPermission(Permission.PRODUCT_ADMIN,
"ADMIN_group", True,
json.dumps(extra_params))
self.assertTrue(ret)
result = auth_client.destroySession()
self.assertTrue(result, "Server did not allow us to destroy session.")
# Perform login with a user who is in ADMIN_GROUP and check that
# he has permission to perform operations.
self.sessionToken = \
auth_client.performLogin("Username:Password",
"admin_group_user:admin123")
self.assertIsNotNone(self.sessionToken,
"Valid credentials didn't give us a token!")
client = env.setup_viewer_client(self._test_workspace,
session_token=self.sessionToken)
self.assertIsNotNone(client.allowsStoringAnalysisStatistics(),
"Privileged server didn't respond properly.")
result = auth_client.destroySession()
self.assertTrue(result, "Server did not allow us to destroy session.")
def test_regex_groups(self):
auth_client = env.setup_auth_client(self._test_workspace,
session_token='_PROHIBIT')
# First login as root.
self.sessionToken = auth_client.performLogin("Username:Password",
"root:root")
self.assertIsNotNone(self.sessionToken, "root was unable to login!")
# Then give SUPERUSER privs to admins_custom_group.
authd_auth_client = \
env.setup_auth_client(self._test_workspace,
session_token=self.sessionToken)
ret = authd_auth_client.addPermission(Permission.SUPERUSER,
"admins_custom_group", True,
None)
self.assertTrue(ret)
result = auth_client.destroySession()
self.assertTrue(result, "Server did not allow us to destroy session.")
# Login as a user who is in admins_custom_group.
sessionToken = auth_client.performLogin("Username:Password",
"regex_admin:blah")
self.assertIsNotNone(sessionToken,
"Valid credentials didn't give us a token!")
# Do something privileged.
client = env.setup_viewer_client(self._test_workspace,
session_token=sessionToken)
self.assertIsNotNone(client.allowsStoringAnalysisStatistics(),
"Privileged call failed.")
result = auth_client.destroySession()
self.assertTrue(result, "Server did not allow us to destroy session.")
# Finally try to do the same with an unprivileged user.
sessionToken = auth_client.performLogin("Username:Password",
"john:doe")
self.assertIsNotNone(sessionToken,
"Valid credentials didn't give us a token!")
client = env.setup_viewer_client(self._test_workspace,
session_token=sessionToken)
self.assertFalse(
client.allowsStoringAnalysisStatistics(),
"Privileged call from unprivileged user"
" did not fail!")
result = auth_client.destroySession()
self.assertTrue(result, "Server did not allow us to destroy session.")
def setUp(self):
# TEST_WORKSPACE is automatically set by test package __init__.py .
self._test_workspace = os.environ['TEST_WORKSPACE']
# Display test name to log.
test_class = self.__class__.__name__
print(f"Running {test_class} tests in {self._test_workspace}")
# Get the test configuration from the prepared int the test workspace.
test_config = env.import_test_cfg(self._test_workspace)
# Log in and create credential file (if it is not exists).
superuser_name = "root"
superuser_passwd = "root"
codechecker.login(test_config['codechecker_cfg'],
self._test_workspace, superuser_name,
superuser_passwd)
temp_auth_client = env.setup_auth_client(self._test_workspace,
session_token='_PROHIBIT')
# A non-authenticated session should return an empty user.
user_name = temp_auth_client.getLoggedInUser()
self.assertEqual(user_name, "")
# Create a SUPERUSER login.
self._session_token = temp_auth_client.performLogin(
"Username:Password", f"{superuser_name}:{superuser_passwd}")
self.assertIsNotNone(self._session_token,
"Valid credentials didn't give us a token!")
# Connect as root to the server.
self._root_auth_client = env.setup_auth_client(
self._test_workspace, session_token=self._session_token)
user_name = self._root_auth_client.getLoggedInUser()
self.assertEqual(user_name, superuser_name)
# Query data of current product
self._product_name = test_config['codechecker_cfg']['viewer_product']
self._product_client = env.setup_product_client(
self._test_workspace, product=self._product_name)
self.assertIsNotNone(self._product_client)
self._current_product = self._product_client.getCurrentProduct()
self.assertIsNotNone(self._current_product)
self._product_id = self._current_product.id
self.assertIsNotNone(self._product_id)
self._extra_params = json.dumps({'productID': self._product_id})
def setUp(self):
# TEST_WORKSPACE is automatically set by test package __init__.py .
self._test_workspace = os.environ['TEST_WORKSPACE']
# Display test name to log.
test_class = self.__class__.__name__
print(f"Running {test_class} tests in {self._test_workspace}")
# Get the test configuration from the prepared int the test workspace.
test_config = env.import_test_cfg(self._test_workspace)
self.codechecker_cfg = test_config['codechecker_cfg']
# Log in and create credential file (if it is not exists).
self.superuser_name = "root"
self.superuser_passwd = "root"
codechecker.login(test_config['codechecker_cfg'], self._test_workspace,
self.superuser_name, self.superuser_passwd)
self.temp_auth_client = env.setup_auth_client(
self._test_workspace, session_token='_PROHIBIT')
# A non-authenticated session should return an empty user.
user_name = self.temp_auth_client.getLoggedInUser()
self.assertEqual(user_name, "")
self.root_client = self.__get_auth_client(self.superuser_name,
self.superuser_passwd)
def test_auth_su_notification_edit(self):
"""
Test that SUPERADMINS can edit the notification text.
"""
# Create a SUPERUSER login.
self.sessionToken = self.auth_client.performLogin("Username:Password",
"root:root")
ret = self.auth_client.addPermission(Permission.SUPERUSER,
"root",
False,
"")
self.assertTrue(ret)
# we got the permission
su_auth_client = \
env.setup_auth_client(self._test_workspace,
session_token=self.sessionToken)
su_config_client = \
env.setup_config_client(self._test_workspace,
session_token=self.sessionToken)
user = su_auth_client.getLoggedInUser()
self.assertEqual(user, "root")
# we are root
su_config_client.setNotificationBannerText(
base64.b64encode('su notification'))
self.assertEqual(base64.b64decode(
su_config_client.getNotificationBannerText()),
'su notification')
def test_personal_access_tokens(self):
""" Test personal access token commands. """
codechecker_cfg = self._test_cfg['codechecker_cfg']
host = codechecker_cfg['viewer_host']
port = codechecker_cfg['viewer_port']
new_token_cmd = [
env.codechecker_cmd(), 'cmd', 'token', 'new', '--url',
env.parts_to_url(codechecker_cfg)
]
with self.assertRaises(subprocess.CalledProcessError):
subprocess.check_output(new_token_cmd)
# Login to the server.
auth_client = env.setup_auth_client(self._test_workspace,
session_token='_PROHIBIT')
# A non-authenticated session should return an empty user.
user = auth_client.getLoggedInUser()
self.assertEqual(user, "")
# Create a SUPERUSER login.
session_token = auth_client.performLogin("Username:Password",
"cc:test")
self.assertIsNotNone(session_token,
"Valid credentials didn't give us a token!")
cred_manager = UserCredentials()
cred_manager.save_token(host, port, session_token)
# Run the new token command after login.
subprocess.check_output(new_token_cmd)
# List personal access tokens.
list_token_cmd = [
env.codechecker_cmd(), 'cmd', 'token', 'list', '--url',
env.parts_to_url(codechecker_cfg), '-o', 'json'
]
out_json = subprocess.check_output(list_token_cmd)
tokens = json.loads(out_json)
self.assertEqual(len(tokens), 1)
# Remove personal access token.
del_token_cmd = [
env.codechecker_cmd(), 'cmd', 'token', 'del', '--url',
env.parts_to_url(codechecker_cfg), tokens[0]['token']
]
subprocess.check_output(del_token_cmd)
cred_manager.save_token(host, port, session_token, True)
def setUp(self):
self._test_workspace = os.environ.get('TEST_WORKSPACE')
test_class = self.__class__.__name__
print('Running ' + test_class + ' tests in ' + self._test_workspace)
self._clang_to_test = env.clang_to_test()
self._testproject_data = env.setup_test_proj_cfg(self._test_workspace)
self.assertIsNotNone(self._testproject_data)
# Get the test configuration from the prepared int the test workspace.
self.test_cfg = env.import_test_cfg(self._test_workspace)
self._product_name = self.test_cfg['codechecker_cfg']['viewer_product']
pr_client = env.setup_product_client(self._test_workspace,
product=self._product_name)
product_id = pr_client.getCurrentProduct().id
# Setup an authentication client for creating sessions.
self._auth_client = env.setup_auth_client(self._test_workspace,
session_token='_PROHIBIT')
# Create an PRODUCT_ADMIN login.
admin_token = self._auth_client.performLogin("Username:Password",
"admin:admin123")
extra_params = '{"productID":' + str(product_id) + '}'
ret = self._auth_client.addPermission(Permission.PRODUCT_ADMIN,
"admin", False, extra_params)
self.assertTrue(ret)
self._cc_client = env.setup_viewer_client(self._test_workspace,
session_token=admin_token)
self.assertIsNotNone(self._cc_client)
# Get the run names which belong to this test
run_names = env.get_run_names(self._test_workspace)
runs = self._cc_client.getRunData(None)
test_runs = [run for run in runs if run.name in run_names]
self.assertEqual(len(test_runs), 1,
'There should be only one run for this test.')
self._runid = test_runs[0].runId
self._run_name = test_runs[0].name
self._component_name = 'dummy_component'
self._component_value = '\n'.join(
['+*/divide_zero.cpp', '-*/new_delete.cpp'])
self._component_description = "Test component"
def __get_auth_client(self, username, password):
""" """
# Create a SUPERUSER login.
session_token = self.temp_auth_client.performLogin(
"Username:Password", f"{username}:{password}")
self.assertIsNotNone(session_token,
"Valid credentials didn't give us a token!")
# Connect as root to the server.
auth_client = env.setup_auth_client(self._test_workspace,
session_token=session_token)
user_name = auth_client.getLoggedInUser()
self.assertEqual(user_name, username)
return auth_client
def setUp(self):
"""
"""
# TEST_WORKSPACE is automatically set by test package __init__.py .
self.test_workspace = os.environ['TEST_WORKSPACE']
test_class = self.__class__.__name__
print('Running ' + test_class + ' tests in ' + self.test_workspace)
# Get the test configuration from the prepared int the test workspace.
self.test_cfg = env.import_test_cfg(self.test_workspace)
self.product_name = self.test_cfg['codechecker_cfg']['viewer_product']
# Setup a viewer client to test viewer API calls.
self._cc_client = env.setup_viewer_client(self.test_workspace)
self.assertIsNotNone(self._cc_client)
# Setup an authentication client for creating sessions.
self._auth_client = env.setup_auth_client(self.test_workspace,
session_token='_PROHIBIT')
# Create a SUPERUSER login.
root_token = self._auth_client.performLogin("Username:Password",
"root:root")
# Setup a product client to test product API calls.
self._pr_client = env.setup_product_client(self.test_workspace)
self.assertIsNotNone(self._pr_client)
# Setup a product client to test product API calls which requires root.
self._root_client = env.setup_product_client(self.test_workspace,
session_token=root_token)
self.assertIsNotNone(self._pr_client)
# Get the run names which belong to this test.
run_names = env.get_run_names(self.test_workspace)
runs = self._cc_client.getRunData(None)
test_runs = [run for run in runs if run.name in run_names]
self.assertEqual(len(test_runs), 1,
"There should be only one run for this test.")
self._runid = test_runs[0].runId
def setUp(self):
"""
"""
# TEST_WORKSPACE is automatically set by test package __init__.py .
self.test_workspace = os.environ['TEST_WORKSPACE']
test_class = self.__class__.__name__
print('Running ' + test_class + ' tests in ' + self.test_workspace)
# Get the test configuration from the prepared int the test workspace.
self.test_cfg = env.import_test_cfg(self.test_workspace)
self.product_name = self.test_cfg['codechecker_cfg']['viewer_product']
# Setup a viewer client to test viewer API calls.
self._cc_client = env.setup_viewer_client(self.test_workspace)
self.assertIsNotNone(self._cc_client)
# Setup an authentication client for creating sessions.
self._auth_client = env.setup_auth_client(self.test_workspace,
session_token='_PROHIBIT')
# Create a SUPERUSER login.
root_token = self._auth_client.performLogin("Username:Password",
"root:root")
# Setup a product client to test product API calls.
self._pr_client = env.setup_product_client(self.test_workspace)
self.assertIsNotNone(self._pr_client)
# Setup a product client to test product API calls which requires root.
self._root_client = env.setup_product_client(self.test_workspace,
session_token=root_token)
self.assertIsNotNone(self._pr_client)
# Get the run names which belong to this test.
run_names = env.get_run_names(self.test_workspace)
runs = self._cc_client.getRunData(None, None, 0, None)
test_runs = [run for run in runs if run.name in run_names]
self.assertEqual(len(test_runs), 1,
"There should be only one run for this test.")
self._runid = test_runs[0].runId
def setUp(self):
"""
Setup Configuration for tests.
"""
# TEST_WORKSPACE is automatically set by test package __init__.py .
self._test_workspace = os.environ['TEST_WORKSPACE']
test_class = self.__class__.__name__
print('Running ' + test_class + ' tests in ' + self._test_workspace)
# Setup a viewer client to test viewer API calls.
self._cc_client = env.setup_viewer_client(self._test_workspace)
self.assertIsNotNone(self._cc_client)
self.auth_client = env.setup_auth_client(self._test_workspace,
session_token='_PROHIBIT')
self.config_client = env.setup_config_client(self._test_workspace,
session_token='_PROHIBIT')
def setUp(self):
self._test_workspace = os.environ.get('TEST_WORKSPACE')
test_class = self.__class__.__name__
print('Running ' + test_class + ' tests in ' + self._test_workspace)
self._clang_to_test = env.clang_to_test()
self._testproject_data = env.setup_test_proj_cfg(self._test_workspace)
self.assertIsNotNone(self._testproject_data)
auth_client = env.setup_auth_client(self._test_workspace,
session_token='_PROHIBIT')
sessionToken_cc = auth_client.performLogin("Username:Password",
"cc:test")
sessionToken_john = auth_client.performLogin("Username:Password",
"john:doe")
self._cc_client =\
env.setup_viewer_client(
self._test_workspace,
session_token=sessionToken_cc)
self._cc_client_john =\
env.setup_viewer_client(
self._test_workspace,
session_token=sessionToken_john)
self.assertIsNotNone(self._cc_client)
# Get the run names which belong to this test
run_names = env.get_run_names(self._test_workspace)
runs = self._cc_client.getRunData(None, None, 0, None)
self._test_runs = [run for run in runs if run.name in run_names]
self.assertEqual(len(self._test_runs), 2,
'There should be two runs for this test.')
def setUp(self):
self._test_workspace = os.environ.get('TEST_WORKSPACE')
test_class = self.__class__.__name__
print('Running ' + test_class + ' tests in ' + self._test_workspace)
self._clang_to_test = env.clang_to_test()
self._testproject_data = env.setup_test_proj_cfg(self._test_workspace)
self.assertIsNotNone(self._testproject_data)
auth_client = env.setup_auth_client(self._test_workspace,
session_token='_PROHIBIT')
sessionToken_cc = auth_client.performLogin("Username:Password",
"cc:test")
sessionToken_john = auth_client.performLogin("Username:Password",
"john:doe")
self._cc_client =\
env.setup_viewer_client(
self._test_workspace,
session_token=sessionToken_cc)
self._cc_client_john =\
env.setup_viewer_client(
self._test_workspace,
session_token=sessionToken_john)
self.assertIsNotNone(self._cc_client)
# Get the run names which belong to this test
run_names = env.get_run_names(self._test_workspace)
runs = self._cc_client.getRunData(None)
self._test_runs = [run for run in runs if run.name in run_names]
self.assertEqual(len(self._test_runs), 2,
'There should be two runs for this test.')
def test_auth_non_su_notification_edit(self):
"""
Test that non SUPERADMINS can't edit the notification text.
"""
self.sessionToken = self.auth_client.performLogin("Username:Password",
"cc:test")
authd_auth_client = \
env.setup_auth_client(self._test_workspace,
session_token=self.sessionToken)
authd_config_client = \
env.setup_config_client(self._test_workspace,
session_token=self.sessionToken)
user = authd_auth_client.getLoggedInUser()
self.assertEqual(user, "cc")
with self.assertRaises(RequestFailed):
authd_config_client.setNotificationBannerText(
base64.b64encode('non su notification'))
print("You are not authorized to modify notifications!")
def setUp(self):
self._test_workspace = os.environ.get('TEST_WORKSPACE')
test_class = self.__class__.__name__
print('Running ' + test_class + ' tests in ' + self._test_workspace)
self._clang_to_test = env.clang_to_test()
self._testproject_data = env.setup_test_proj_cfg(self._test_workspace)
self.assertIsNotNone(self._testproject_data)
# Get the test configuration from the prepared int the test workspace.
self.test_cfg = env.import_test_cfg(self._test_workspace)
self._product_name = self.test_cfg['codechecker_cfg']['viewer_product']
pr_client = env.setup_product_client(
self._test_workspace, product=self._product_name)
product_id = pr_client.getCurrentProduct().id
# Setup an authentication client for creating sessions.
self._auth_client = env.setup_auth_client(self._test_workspace,
session_token='_PROHIBIT')
# Create an PRODUCT_ADMIN login.
admin_token = self._auth_client.performLogin("Username:Password",
"admin:admin123")
extra_params = '{"productID":' + str(product_id) + '}'
ret = self._auth_client.addPermission(Permission.PRODUCT_ADMIN,
"admin",
False,
extra_params)
self.assertTrue(ret)
self._cc_client = env.setup_viewer_client(self._test_workspace,
session_token=admin_token)
self.assertIsNotNone(self._cc_client)
# Get the run names which belong to this test
run_names = env.get_run_names(self._test_workspace)
runs = self._cc_client.getRunData(None)
test_runs = [run for run in runs if run.name in run_names]
self.assertEqual(len(test_runs), 1,
'There should be only one run for this test.')
self._runid = test_runs[0].runId
self._run_name = test_runs[0].name
self.components = [
{
'name': 'test_component1',
'value': '\n'.join(['+*/divide_zero.cpp',
'-*/new_delete.cpp']),
'description': 'Description of my first component'
},
{
'name': 'component name with whitespaces',
'value': '\n'.join(['+*/divide_zero.cpp',
'-*/new_delete.cpp']),
'description': 'Description of my second component'
},
{
'name': 'test_component2',
'value': '\n'.join(['+*/divide_zero.cpp',
'+*/null_dereference.cpp',
'-*/call_and_message.cpp',
'-*/new_delete.*']),
'description': 'Description of my second component'
},
{
'name': 'complex1',
'value': '\n'.join(['+*/divide_zero.cpp',
'-*/call_and_message.cpp'])
},
{
'name': 'complex2',
'value': '\n'.join(['+*/null_dereference.cpp',
'-*/new_delete.cpp'])
},
{
'name': 'exclude_all',
'value': '-*'
}
]
def test_privileged_access(self):
"""
Tests that initially, a non-authenticating server is accessible,
but an authenticating one is not.
"""
# Switch off certificate validation on the clients.
os.environ["OSPYTHONHTTPSVERIFY"] = '0'
# FIXME: change this to https
access_protocol = 'http'
auth_client = env.setup_auth_client(self._test_workspace,
session_token='_PROHIBIT',
proto=access_protocol)
handshake = auth_client.getAuthParameters()
self.assertTrue(handshake.requiresAuthentication,
"Privileged server " +
"did not report that it requires authentication.")
self.assertFalse(handshake.sessionStillActive, "Empty session was " +
"reported to be still active.")
with self.assertRaises(RequestFailed):
auth_client.performLogin("Username:Password", "invalid:invalid")
print("Invalid credentials gave us a token!")
# A non-authenticated session should return an empty user.
user = auth_client.getLoggedInUser()
self.assertEqual(user, "")
# We still need to create a product on the new server, because
# in PostgreSQL mode, the same database is used for configuration
# by the newly started instance of this test suite too.
codechecker.add_test_package_product(
self._test_cfg['codechecker_cfg'],
self._test_workspace,
# Use the test's home directory to find the session token file.
self._test_cfg['codechecker_cfg']['check_env'],
access_protocol)
self.sessionToken = auth_client.performLogin("Username:Password",
"cc:test")
self.assertIsNotNone(self.sessionToken,
"Valid credentials didn't give us a token!")
handshake = auth_client.getAuthParameters()
self.assertTrue(handshake.requiresAuthentication,
"Privileged server " +
"did not report that it requires authentication.")
self.assertFalse(handshake.sessionStillActive,
"Valid session was " + "reported not to be active.")
client = env.setup_viewer_client(self._test_workspace,
session_token=self.sessionToken,
proto=access_protocol)
self.assertIsNotNone(client.getPackageVersion(),
"Privileged server didn't respond properly.")
authd_auth_client = \
env.setup_auth_client(self._test_workspace,
session_token=self.sessionToken,
proto=access_protocol)
user = authd_auth_client.getLoggedInUser()
self.assertEqual(user, "cc")
auth_client = env.setup_auth_client(self._test_workspace,
session_token=self.sessionToken,
proto=access_protocol)
result = auth_client.destroySession()
self.assertTrue(result, "Server did not allow us to destroy session.")
# Kill the session token that was created by login() too.
codechecker.logout(self._test_cfg['codechecker_cfg'],
self._test_workspace,
access_protocol)
with self.assertRaises(TProtocolException):
# The server reports a HTTP 401 error which is not a valid
# Thrift response. But if it does so, it passes the test!
client.getPackageVersion()
print("Privileged client allowed access after logout.")
handshake = auth_client.getAuthParameters()
self.assertFalse(handshake.sessionStillActive,
"Destroyed session was " +
"reported to be still active.")
codechecker.remove_test_package_product(
self._test_workspace,
# Use the test's home directory to find the session token file.
self._test_cfg['codechecker_cfg']['check_env'],
access_protocol)
def setUp(self):
"""
Set up the environment and the test module's configuration from the
package.
"""
# TEST_WORKSPACE is automatically set by test package __init__.py .
self.test_workspace_main = os.environ['TEST_WORKSPACE']
test_class = self.__class__.__name__
print('Running ' + test_class + ' tests in ' +
self.test_workspace_main)
# Set up a configuration for the main server.
# Get the test configuration from the prepared int the test workspace.
self.test_cfg = env.import_test_cfg(self.test_workspace_main)
self.product_name = self.test_cfg['codechecker_cfg']['viewer_product']
# Setup a viewer client to test viewer API calls.
self._cc_client = env.setup_viewer_client(self.test_workspace_main)
self.assertIsNotNone(self._cc_client)
# Setup an authentication client for creating sessions.
self._auth_client = env.setup_auth_client(self.test_workspace_main,
session_token='_PROHIBIT')
# Create a SUPERUSER login.
root_token = self._auth_client.performLogin("Username:Password",
"root:root")
ret = self._auth_client.addPermission(Permission.SUPERUSER, "root",
False, "")
self.assertTrue(ret)
# Setup a product client to test product API calls.
self._pr_client = env.setup_product_client(self.test_workspace_main)
self.assertIsNotNone(self._pr_client)
# Setup a product client to test product API calls which requires root.
self._root_client = env.setup_product_client(self.test_workspace_main,
session_token=root_token)
self.assertIsNotNone(self._pr_client)
# Get the run names which belong to this test.
run_names = env.get_run_names(self.test_workspace_main)
runs = self._cc_client.getRunData(None)
test_runs = [run for run in runs if run.name in run_names]
self.assertEqual(len(test_runs), 1,
"There should be only one run for this test.")
self._runid = test_runs[0].runId
# Start a second server with the same configuration database as the
# main one.
self.test_workspace_secondary = env.get_workspace('producttest_second')
self.codechecker_cfg_2 = {
'check_env': self.test_cfg['codechecker_cfg']['check_env'],
'workspace': self.test_workspace_secondary,
'checkers': [],
'viewer_host': 'localhost',
'viewer_port': env.get_free_port(),
'viewer_product': 'producttest_second'
}
self.codechecker_cfg_2['check_env']['HOME'] = \
self.test_workspace_secondary
env.export_test_cfg(self.test_workspace_secondary,
{'codechecker_cfg': self.codechecker_cfg_2})
start_server(self.codechecker_cfg_2, EVENT)
# Set up API clients for the secondary server.
self._auth_client_2 = env.setup_auth_client(
self.test_workspace_secondary, session_token='_PROHIBIT')
root_token_2 = self._auth_client_2.performLogin(
"Username:Password", "root:root")
self._pr_client_2 = env.setup_product_client(
self.test_workspace_secondary, session_token=root_token_2)
self.assertIsNotNone(self._pr_client_2)
def test_privileged_access(self):
"""
Tests that initially, a non-authenticating server is accessible,
but an authenticating one is not.
"""
auth_client = env.setup_auth_client(self._test_workspace,
session_token='_PROHIBIT')
handshake = auth_client.getAuthParameters()
self.assertTrue(handshake.requiresAuthentication,
"Privileged server " +
"did not report that it requires authentication.")
self.assertFalse(handshake.sessionStillActive, "Empty session was " +
"reported to be still active.")
with self.assertRaises(RequestFailed):
auth_client.performLogin("Username:Password", "invalid:invalid")
print("Invalid credentials gave us a token!")
# A non-authenticated session should return an empty user.
user = auth_client.getLoggedInUser()
self.assertEqual(user, "")
# We still need to create a product on the new server, because
# in PostgreSQL mode, the same database is used for configuration
# by the newly started instance of this test suite too.
codechecker.add_test_package_product(
self._test_cfg['codechecker_cfg'],
self._test_workspace,
# Use the test's home directory to find the session token file.
self._test_cfg['codechecker_cfg']['check_env'])
self.sessionToken = auth_client.performLogin("Username:Password",
"cc:test")
self.assertIsNotNone(self.sessionToken,
"Valid credentials didn't give us a token!")
handshake = auth_client.getAuthParameters()
self.assertTrue(handshake.requiresAuthentication,
"Privileged server " +
"did not report that it requires authentication.")
self.assertFalse(handshake.sessionStillActive,
"Valid session was " + "reported not to be active.")
client = env.setup_viewer_client(self._test_workspace,
session_token=self.sessionToken)
self.assertIsNotNone(client.getPackageVersion(),
"Privileged server didn't respond properly.")
authd_auth_client = \
env.setup_auth_client(self._test_workspace,
session_token=self.sessionToken)
user = authd_auth_client.getLoggedInUser()
self.assertEqual(user, "cc")
# No personal token in the database.
personal_tokens = authd_auth_client.getTokens()
self.assertEqual(len(personal_tokens), 0)
# Create a new personal token.
description = "description"
personal_token = authd_auth_client.newToken(description)
token = personal_token.token
self.assertEqual(personal_token.description, description)
# Check whether the new token has been added.
personal_tokens = authd_auth_client.getTokens()
self.assertEqual(len(personal_tokens), 1)
self.assertEqual(personal_tokens[0].token, token)
self.assertEqual(personal_tokens[0].description, description)
auth_client = env.setup_auth_client(self._test_workspace,
session_token=self.sessionToken)
result = auth_client.destroySession()
self.assertTrue(result, "Server did not allow us to destroy session.")
self.sessionToken = auth_client.performLogin("Username:Password",
"colon:my:password")
self.assertIsNotNone(self.sessionToken,
"Valid credentials didn't give us a token!")
result = auth_client.destroySession()
self.assertTrue(result, "Server did not allow us to destroy session.")
# Kill the session token that was created by login() too.
codechecker.logout(self._test_cfg['codechecker_cfg'],
self._test_workspace)
auth_token_client = \
env.setup_auth_client(self._test_workspace,
session_token=token)
# Log-in by using an already generated personal token.
self.sessionToken = auth_token_client.performLogin("Username:Password",
"cc:" + token)
self.assertIsNotNone(self.sessionToken,
"Valid credentials didn't give us a token!")
user = auth_token_client.getLoggedInUser()
self.assertEqual(user, "cc")
result = auth_token_client.destroySession()
self.assertTrue(result, "Server did not allow us to destroy session.")
# Kill the session token that was created by login() too.
codechecker.logout(self._test_cfg['codechecker_cfg'],
self._test_workspace)
self.sessionToken = auth_client.performLogin("Username:Password",
"cc:test")
self.assertIsNotNone(self.sessionToken,
"Valid credentials didn't give us a token!")
auth_client = env.setup_auth_client(self._test_workspace,
session_token=self.sessionToken)
# Remove the generated personal token.
ret = auth_client.removeToken(token)
self.assertTrue(ret)
# Check whether no more personal token in the database.
personal_tokens = auth_client.getTokens()
self.assertEqual(len(personal_tokens), 0)
result = auth_client.destroySession()
self.assertTrue(result, "Server did not allow us to destroy session.")
with self.assertRaises(TProtocolException):
# The server reports a HTTP 401 error which is not a valid
# Thrift response. But if it does so, it passes the test!
client.getPackageVersion()
print("Privileged client allowed access after logout.")
handshake = auth_client.getAuthParameters()
self.assertFalse(handshake.sessionStillActive,
"Destroyed session was " +
"reported to be still active.")
def test_privileged_access(self):
"""
Tests that initially, a non-authenticating server is accessible,
but an authenticating one is not.
"""
auth_client = env.setup_auth_client(self._test_workspace,
session_token='_PROHIBIT')
handshake = auth_client.getAuthParameters()
self.assertTrue(
handshake.requiresAuthentication, "Privileged server " +
"did not report that it requires authentication.")
self.assertFalse(handshake.sessionStillActive,
"Empty session was " + "reported to be still active.")
with self.assertRaises(RequestFailed):
auth_client.performLogin("Username:Password", "invalid:invalid")
print("Invalid credentials gave us a token!")
# A non-authenticated session should return an empty user.
user = auth_client.getLoggedInUser()
self.assertEqual(user, "")
# We still need to create a product on the new server, because
# in PostgreSQL mode, the same database is used for configuration
# by the newly started instance of this test suite too.
codechecker.add_test_package_product(
self._test_cfg['codechecker_cfg'],
self._test_workspace,
# Use the test's home directory to find the session token file.
self._test_cfg['codechecker_cfg']['check_env'])
self.sessionToken = auth_client.performLogin("Username:Password",
"cc:test")
self.assertIsNotNone(self.sessionToken,
"Valid credentials didn't give us a token!")
handshake = auth_client.getAuthParameters()
self.assertTrue(
handshake.requiresAuthentication, "Privileged server " +
"did not report that it requires authentication.")
self.assertFalse(handshake.sessionStillActive,
"Valid session was " + "reported not to be active.")
client = env.setup_viewer_client(self._test_workspace,
session_token=self.sessionToken)
self.assertIsNotNone(client.getPackageVersion(),
"Privileged server didn't respond properly.")
authd_auth_client = \
env.setup_auth_client(self._test_workspace,
session_token=self.sessionToken)
user = authd_auth_client.getLoggedInUser()
self.assertEqual(user, "cc")
auth_client = env.setup_auth_client(self._test_workspace,
session_token=self.sessionToken)
result = auth_client.destroySession()
self.assertTrue(result, "Server did not allow us to destroy session.")
# Kill the session token that was created by login() too.
codechecker.logout(self._test_cfg['codechecker_cfg'],
self._test_workspace)
with self.assertRaises(TProtocolException):
# The server reports a HTTP 401 error which is not a valid
# Thrift response. But if it does so, it passes the test!
client.getPackageVersion()
print("Privileged client allowed access after logout.")
handshake = auth_client.getAuthParameters()
self.assertFalse(
handshake.sessionStillActive,
"Destroyed session was " + "reported to be still active.")
def test_privileged_access(self):
"""
Tests that initially, a non-authenticating server is accessible,
but an authenticating one is not.
"""
auth_client = env.setup_auth_client(self._test_workspace,
session_token='_PROHIBIT')
handshake = auth_client.getAuthParameters()
self.assertTrue(
handshake.requiresAuthentication, "Privileged server " +
"did not report that it requires authentication.")
self.assertFalse(handshake.sessionStillActive,
"Empty session was " + "reported to be still active.")
with self.assertRaises(RequestFailed):
auth_client.performLogin("Username:Password", "invalid:invalid")
print("Invalid credentials gave us a token!")
with self.assertRaises(RequestFailed):
auth_client.performLogin("Username:Password", None)
# A non-authenticated session should return an empty user.
user = auth_client.getLoggedInUser()
self.assertEqual(user, "")
self.sessionToken = auth_client.performLogin("Username:Password",
"cc:test")
self.assertIsNotNone(self.sessionToken,
"Valid credentials didn't give us a token!")
handshake = auth_client.getAuthParameters()
self.assertTrue(
handshake.requiresAuthentication, "Privileged server " +
"did not report that it requires authentication.")
self.assertFalse(handshake.sessionStillActive,
"Valid session was " + "reported not to be active.")
client = env.setup_viewer_client(self._test_workspace,
session_token=self.sessionToken)
self.assertIsNotNone(client.getPackageVersion(),
"Privileged server didn't respond properly.")
authd_auth_client = \
env.setup_auth_client(self._test_workspace,
session_token=self.sessionToken)
user = authd_auth_client.getLoggedInUser()
self.assertEqual(user, "cc")
# No personal token in the database.
personal_tokens = authd_auth_client.getTokens()
self.assertEqual(len(personal_tokens), 0)
# Create a new personal token.
description = "description"
personal_token = authd_auth_client.newToken(description)
token = personal_token.token
self.assertEqual(personal_token.description, description)
# Check whether the new token has been added.
personal_tokens = authd_auth_client.getTokens()
self.assertEqual(len(personal_tokens), 1)
self.assertEqual(personal_tokens[0].token, token)
self.assertEqual(personal_tokens[0].description, description)
auth_client = env.setup_auth_client(self._test_workspace,
session_token=self.sessionToken)
result = auth_client.destroySession()
self.assertTrue(result, "Server did not allow us to destroy session.")
self.sessionToken = auth_client.performLogin("Username:Password",
"colon:my:password")
self.assertIsNotNone(self.sessionToken,
"Valid credentials didn't give us a token!")
result = auth_client.destroySession()
self.assertTrue(result, "Server did not allow us to destroy session.")
# Kill the session token that was created by login() too.
codechecker.logout(self._test_cfg['codechecker_cfg'],
self._test_workspace)
auth_token_client = \
env.setup_auth_client(self._test_workspace,
session_token=token)
# Log-in by using an already generated personal token.
self.sessionToken = auth_token_client.performLogin(
"Username:Password", "cc:" + token)
self.assertIsNotNone(self.sessionToken,
"Valid credentials didn't give us a token!")
user = auth_token_client.getLoggedInUser()
self.assertEqual(user, "cc")
result = auth_token_client.destroySession()
self.assertTrue(result, "Server did not allow us to destroy session.")
# Kill the session token that was created by login() too.
codechecker.logout(self._test_cfg['codechecker_cfg'],
self._test_workspace)
self.sessionToken = auth_client.performLogin("Username:Password",
"cc:test")
self.assertIsNotNone(self.sessionToken,
"Valid credentials didn't give us a token!")
auth_client = env.setup_auth_client(self._test_workspace,
session_token=self.sessionToken)
# Remove the generated personal token.
ret = auth_client.removeToken(token)
self.assertTrue(ret)
# Check whether no more personal token in the database.
personal_tokens = auth_client.getTokens()
self.assertEqual(len(personal_tokens), 0)
result = auth_client.destroySession()
self.assertTrue(result, "Server did not allow us to destroy session.")
# The server reports a HTTP 401 error which is not a valid
# Thrift response. But if it does so, it passes the test!
version = client.getPackageVersion()
self.assertIsNone(version,
"Privileged client allowed access after logout.")
handshake = auth_client.getAuthParameters()
self.assertFalse(
handshake.sessionStillActive,
"Destroyed session was " + "reported to be still active.")
def test_privileged_access(self):
"""
Tests that initially, a non-authenticating server is accessible,
but an authenticating one is not.
"""
# Switch off certificate validation on the clients.
os.environ["OSPYTHONHTTPSVERIFY"] = '0'
# FIXME: change this to https
access_protocol = 'http'
auth_client = env.setup_auth_client(self._test_workspace,
session_token='_PROHIBIT',
proto=access_protocol)
handshake = auth_client.getAuthParameters()
self.assertTrue(
handshake.requiresAuthentication, "Privileged server " +
"did not report that it requires authentication.")
self.assertFalse(handshake.sessionStillActive,
"Empty session was " + "reported to be still active.")
with self.assertRaises(RequestFailed):
auth_client.performLogin("Username:Password", "invalid:invalid")
print("Invalid credentials gave us a token!")
# A non-authenticated session should return an empty user.
user = auth_client.getLoggedInUser()
self.assertEqual(user, "")
# We still need to create a product on the new server, because
# in PostgreSQL mode, the same database is used for configuration
# by the newly started instance of this test suite too.
codechecker.add_test_package_product(
self._test_cfg['codechecker_cfg'],
self._test_workspace,
# Use the test's home directory to find the session token file.
self._test_cfg['codechecker_cfg']['check_env'],
access_protocol)
self.sessionToken = auth_client.performLogin("Username:Password",
"cc:test")
self.assertIsNotNone(self.sessionToken,
"Valid credentials didn't give us a token!")
handshake = auth_client.getAuthParameters()
self.assertTrue(
handshake.requiresAuthentication, "Privileged server " +
"did not report that it requires authentication.")
self.assertFalse(handshake.sessionStillActive,
"Valid session was " + "reported not to be active.")
client = env.setup_viewer_client(self._test_workspace,
session_token=self.sessionToken,
proto=access_protocol)
self.assertIsNotNone(client.getPackageVersion(),
"Privileged server didn't respond properly.")
authd_auth_client = \
env.setup_auth_client(self._test_workspace,
session_token=self.sessionToken,
proto=access_protocol)
user = authd_auth_client.getLoggedInUser()
self.assertEqual(user, "cc")
auth_client = env.setup_auth_client(self._test_workspace,
session_token=self.sessionToken,
proto=access_protocol)
result = auth_client.destroySession()
self.assertTrue(result, "Server did not allow us to destroy session.")
# Kill the session token that was created by login() too.
codechecker.logout(self._test_cfg['codechecker_cfg'],
self._test_workspace, access_protocol)
# The server reports a HTTP 401 error which is not a valid
# Thrift response. But if it does so, it passes the test!
# FIXME: Because of the local session cache this check will fail.
# To enable this again we need to eliminate the local cache.
# version = client.getPackageVersion()
# self.assertIsNone(version,
# "Privileged client allowed access after logout.")
# handshake = auth_client.getAuthParameters()
# self.assertFalse(handshake.sessionStillActive,
# "Destroyed session was " +
# "reported to be still active.")
codechecker.remove_test_package_product(
self._test_workspace,
# Use the test's home directory to find the session token file.
self._test_cfg['codechecker_cfg']['check_env'],
access_protocol)
