def testIsRead(self): conf.use_test_db(False) # Simple read cases gitaccess = GITAccessControl(DummyReq("cartman", "cartmans_pw", "GET", "/git/storageauthtest", "")) self.assertTrue(gitaccess.is_read()) gitaccess = GITAccessControl(DummyReq("cartman", "cartmans_pw", "GET", "/git/storageauthtest.git", "")) self.assertTrue(gitaccess.is_read()) # Simple write cases gitaccess = GITAccessControl( DummyReq("cartman", "cartmans_pw", "GET", "/git/storageauthtest.git", "service=git-receive-pack&some=other") ) self.assertFalse(gitaccess.is_read()) gitaccess = GITAccessControl( DummyReq("cartman", "cartmans_pw", "GET", "/git/storageauthtest.git", "some=other&service=git-receive-pack") ) self.assertFalse(gitaccess.is_read()) gitaccess = GITAccessControl( DummyReq("cartman", "cartmans_pw", "GET", "/git/storageauthtest.git/refs/jotain/git-receive-pack", "") ) self.assertFalse(gitaccess.is_read())
def headerparserhandler(req): from mod_python.apache import HTTP_UNAUTHORIZED, HTTP_FORBIDDEN, OK control = GITAccessControl(req) if not control.is_authentic(): req.err_headers_out['WWW-Authenticate'] = 'Basic realm="%s"' % control.options['realm'] return HTTP_UNAUTHORIZED # Check if blocked or expired if control.is_blocked(): return HTTP_FORBIDDEN if not control.has_permission(): if 'Authorization' not in req.headers_in: req.err_headers_out['WWW-Authenticate'] = 'Basic realm="%s"' % control.options['realm'] return HTTP_UNAUTHORIZED return HTTP_FORBIDDEN if not control.is_allowed_scheme('git'): return HTTP_FORBIDDEN return OK
def testProjectIdentifier(self): conf.use_test_db(False) # Without .git gitaccess = GITAccessControl(DummyReq("cartman", "cartmans_pw", "GET", "/git/storageauthtest", "")) self.assertEquals(gitaccess.environment_identifier(), "storageauthtest") gitaccess = GITAccessControl(DummyReq("kenny", "ohmygod", "GET", "/git/iahedfba/dsfgas", "")) self.assertEquals(gitaccess.environment_identifier(), "iahedfba") # With .git gitaccess = GITAccessControl(DummyReq("cartman", "cartmans_pw", "GET", "/git/storageauthtest.git", "")) self.assertEquals(gitaccess.environment_identifier(), "storageauthtest") gitaccess = GITAccessControl(DummyReq("kenny", "ohmygod", "GET", "/git/iahedfba.git/refs/HEAD", "")) self.assertEquals(gitaccess.environment_identifier(), "iahedfba")
def testProjectIdentifier(self): conf.use_test_db(False) # Without .git gitaccess = GITAccessControl(DummyReq('cartman', 'cartmans_pw', 'GET', '/git/storageauthtest', '')) self.assertEquals(gitaccess.environment_identifier(), 'storageauthtest') gitaccess = GITAccessControl(DummyReq('kenny', 'ohmygod', 'GET', '/git/iahedfba/dsfgas', '')) self.assertEquals(gitaccess.environment_identifier(), 'iahedfba') # With .git gitaccess = GITAccessControl(DummyReq('cartman', 'cartmans_pw', 'GET', '/git/storageauthtest.git', '')) self.assertEquals(gitaccess.environment_identifier(), 'storageauthtest') gitaccess = GITAccessControl(DummyReq('kenny', 'ohmygod', 'GET', '/git/iahedfba.git/refs/HEAD', '')) self.assertEquals(gitaccess.environment_identifier(), 'iahedfba')
def testAccess(self): conf.use_test_db(True) self.load_fixtures() # Cartman has read access to storageauthtest # Simple read cases when having read access gitaccess = GITAccessControl(DummyReq('cartman', 'cartmans_pw', 'GET', '/git/storageauthtest', '')) self.assertTrue(gitaccess.is_authentic()) self.assertTrue(gitaccess.has_permission()) gitaccess = GITAccessControl(DummyReq('cartman', 'cartmans_pw', 'GET', '/git/storageauthtest.git', '')) self.assertTrue(gitaccess.is_authentic()) self.assertTrue(gitaccess.has_permission()) # Simple write cases when having read access gitaccess = GITAccessControl(DummyReq('cartman', 'cartmans_pw', 'GET', '/git/storageauthtest.git', 'service=git-receive-pack&some=other')) self.assertTrue(gitaccess.is_authentic()) self.assertFalse(gitaccess.has_permission()) gitaccess = GITAccessControl(DummyReq('cartman', 'cartmans_pw', 'GET', '/git/storageauthtest.git', 'some=other&service=git-receive-pack')) self.assertTrue(gitaccess.is_authentic()) self.assertFalse(gitaccess.has_permission()) gitaccess = GITAccessControl(DummyReq('cartman', 'cartmans_pw', 'GET', '/git/storageauthtest.git/refs/jotain/git-receive-pack', '')) self.assertTrue(gitaccess.is_authentic()) self.assertFalse(gitaccess.has_permission()) # Kenny has write access to storageauthtest # Simple read cases when having write access gitaccess = GITAccessControl(DummyReq('kenny', 'ohmygod', 'GET', '/git/storageauthtest', '')) self.assertTrue(gitaccess.is_authentic()) self.assertTrue(gitaccess.has_permission()) gitaccess = GITAccessControl(DummyReq('kenny', 'ohmygod', 'GET', '/git/storageauthtest.git', '')) self.assertTrue(gitaccess.is_authentic()) self.assertTrue(gitaccess.has_permission()) # Simple write cases when having write access gitaccess = GITAccessControl(DummyReq('kenny', 'ohmygod', 'GET', '/git/storageauthtest.git', 'service=git-receive-pack&some=other')) self.assertTrue(gitaccess.is_authentic()) self.assertTrue(gitaccess.has_permission()) gitaccess = GITAccessControl(DummyReq('kenny', 'ohmygod', 'GET', '/git/storageauthtest.git', 'some=other&service=git-receive-pack')) self.assertTrue(gitaccess.is_authentic()) self.assertTrue(gitaccess.has_permission()) gitaccess = GITAccessControl(DummyReq('kenny', 'ohmygod', 'GET', '/git/storageauthtest.git/refs/jotain/git-receive-pack', '')) self.assertTrue(gitaccess.is_authentic()) self.assertTrue(gitaccess.has_permission())
def testIsRead(self): conf.use_test_db(False) # Simple read cases gitaccess = GITAccessControl(DummyReq('cartman', 'cartmans_pw', 'GET', '/git/storageauthtest', '')) self.assertTrue(gitaccess.is_read()) gitaccess = GITAccessControl(DummyReq('cartman', 'cartmans_pw', 'GET', '/git/storageauthtest.git', '')) self.assertTrue(gitaccess.is_read()) # Simple write cases gitaccess = GITAccessControl(DummyReq('cartman', 'cartmans_pw', 'GET', '/git/storageauthtest.git', 'service=git-receive-pack&some=other')) self.assertFalse(gitaccess.is_read()) gitaccess = GITAccessControl(DummyReq('cartman', 'cartmans_pw', 'GET', '/git/storageauthtest.git', 'some=other&service=git-receive-pack')) self.assertFalse(gitaccess.is_read()) gitaccess = GITAccessControl(DummyReq('cartman', 'cartmans_pw', 'GET', '/git/storageauthtest.git/refs/jotain/git-receive-pack', '')) self.assertFalse(gitaccess.is_read())
def testAccess(self): conf.use_test_db(True) self.load_fixtures() # Cartman has read access to storageauthtest # Simple read cases when having read access gitaccess = GITAccessControl(DummyReq("cartman", "cartmans_pw", "GET", "/git/storageauthtest", "")) self.assertTrue(gitaccess.is_authentic()) self.assertTrue(gitaccess.has_permission()) gitaccess = GITAccessControl(DummyReq("cartman", "cartmans_pw", "GET", "/git/storageauthtest.git", "")) self.assertTrue(gitaccess.is_authentic()) self.assertTrue(gitaccess.has_permission()) # Simple write cases when having read access gitaccess = GITAccessControl( DummyReq("cartman", "cartmans_pw", "GET", "/git/storageauthtest.git", "service=git-receive-pack&some=other") ) self.assertTrue(gitaccess.is_authentic()) self.assertFalse(gitaccess.has_permission()) gitaccess = GITAccessControl( DummyReq("cartman", "cartmans_pw", "GET", "/git/storageauthtest.git", "some=other&service=git-receive-pack") ) self.assertTrue(gitaccess.is_authentic()) self.assertFalse(gitaccess.has_permission()) gitaccess = GITAccessControl( DummyReq("cartman", "cartmans_pw", "GET", "/git/storageauthtest.git/refs/jotain/git-receive-pack", "") ) self.assertTrue(gitaccess.is_authentic()) self.assertFalse(gitaccess.has_permission()) # Kenny has write access to storageauthtest # Simple read cases when having write access gitaccess = GITAccessControl(DummyReq("kenny", "ohmygod", "GET", "/git/storageauthtest", "")) self.assertTrue(gitaccess.is_authentic()) self.assertTrue(gitaccess.has_permission()) gitaccess = GITAccessControl(DummyReq("kenny", "ohmygod", "GET", "/git/storageauthtest.git", "")) self.assertTrue(gitaccess.is_authentic()) self.assertTrue(gitaccess.has_permission()) # Simple write cases when having write access gitaccess = GITAccessControl( DummyReq("kenny", "ohmygod", "GET", "/git/storageauthtest.git", "service=git-receive-pack&some=other") ) self.assertTrue(gitaccess.is_authentic()) self.assertTrue(gitaccess.has_permission()) gitaccess = GITAccessControl( DummyReq("kenny", "ohmygod", "GET", "/git/storageauthtest.git", "some=other&service=git-receive-pack") ) self.assertTrue(gitaccess.is_authentic()) self.assertTrue(gitaccess.has_permission()) gitaccess = GITAccessControl( DummyReq("kenny", "ohmygod", "GET", "/git/storageauthtest.git/refs/jotain/git-receive-pack", "") ) self.assertTrue(gitaccess.is_authentic()) self.assertTrue(gitaccess.has_permission())