コード例 #1
0
ファイル: test_rbac.py プロジェクト: RubenvdBerg/SatToolAG
    def test_credentials(self):
        logging.debug('')
        logging.debug('test_credentials')

        # Basic form.
        owner = Credentials()
        if sys.platform == 'win32' and not HAVE_PYWIN32:
            self.assertEqual('%s' % owner, owner.user + ' (transient)')
        else:
            self.assertEqual('%s' % owner, owner.user)

        # Comparison.
        user = Credentials()
        self.assertEqual(user, owner)
        user.user = '******'
        self.assertNotEqual(user, owner)
        self.assertNotEqual(user, 'xyzzy')

        # Thread storage.
        try:
            del threading.current_thread().credentials  # Ensure empty.
        except AttributeError:
            pass
        self.assertEqual(get_credentials(), owner)

        # Sign/verify.
        encoded = owner.encode()
        Credentials.verify(encoded, allowed_users=None)  # 'First sighting'.
        Credentials.verify(encoded, allowed_users=None)  # Cached verification.
        data, signature, client_creds = encoded

        encoded = (data[:1], signature, client_creds)
        assert_raises(self, 'Credentials.verify(encoded, None)', globals(),
                      locals(), CredentialsError, 'Invalid data')

        encoded = (data[:-1], signature, client_creds)
        assert_raises(self, 'Credentials.verify(encoded, None)', globals(),
                      locals(), CredentialsError, 'Invalid signature')

        encoded = (data, signature[:-1], client_creds)
        assert_raises(self, 'Credentials.verify(encoded, None)', globals(),
                      locals(), CredentialsError, 'Invalid signature')

        newline = data.find('\n')  # .user
        newline = data.find('\n', newline + 1)  # .transient
        # Expecting '-'
        mangled = data[:newline + 1] + '*' + data[newline + 2:]
        encoded = (mangled, signature, client_creds)
        assert_raises(self, 'Credentials.verify(encoded, None)', globals(),
                      locals(), CredentialsError, 'Invalid key')

        # Detect mismatched key.
        get_key_pair(owner.user, overwrite_cache=True)
        spook = Credentials()
        encoded = spook.encode()
        assert_raises(self, 'Credentials.verify(encoded, None)', globals(),
                      locals(), CredentialsError, 'Public key mismatch')

        # Check if remote access.
        self.assertFalse(remote_access())
コード例 #2
0
    def post(self):
        server_creds = Credentials()
        print 'server creds:\n', server_creds

        # single user... only allow same user@host as the server to log in
        allowed_users = {server_creds.user: server_creds.public_key}
        encoded = self.get_argument('encoded')
        client_creds = Credentials.verify(encoded, allowed_users)
        print 'client creds:\n', client_creds

        if client_creds:
            self.set_secure_cookie('user', client_creds.user)
        self.redirect('/')
コード例 #3
0
    def post(self):
        server_creds = Credentials()
        print 'server creds:\n', server_creds

        # single user... only allow same user@host as the server to log in
        allowed_users = {server_creds.user: server_creds.public_key}
        encoded = self.get_argument('encoded')
        client_creds = Credentials.verify(encoded, allowed_users)
        print 'client creds:\n', client_creds

        if client_creds:
            self.set_secure_cookie('user', client_creds.user)
        self.redirect('/')
コード例 #4
0
    def test_credentials(self):
        logging.debug('')
        logging.debug('test_credentials')

        # Basic form.
        owner = Credentials()
        if sys.platform == 'win32' and not HAVE_PYWIN32:
            self.assertEqual('%s' % owner, owner.user+' (transient)')
        else:
            self.assertEqual('%s' % owner, owner.user)

        # Comparison.
        user = Credentials()
        self.assertEqual(user, owner)
        user.user = '******'
        self.assertNotEqual(user, owner)
        self.assertNotEqual(user, 'xyzzy')

        # Thread storage.
        try:
            del threading.current_thread().credentials  # Ensure empty.
        except AttributeError:
            pass
        self.assertEqual(get_credentials(), owner)

        # Sign/verify.
        encoded = owner.encode()
        Credentials.verify(encoded, allowed_users=None)  # 'First sighting'.
        Credentials.verify(encoded, allowed_users=None)  # Cached verification.
        data, signature, client_creds = encoded

        encoded = (data[:1], signature, client_creds)
        assert_raises(self, 'Credentials.verify(encoded, None)',
                      globals(), locals(), CredentialsError, 'Invalid data')

        encoded = (data[:-1], signature, client_creds)
        assert_raises(self, 'Credentials.verify(encoded, None)',
                      globals(), locals(), CredentialsError, 'Invalid signature')

        encoded = (data, signature[:-1], client_creds)
        assert_raises(self, 'Credentials.verify(encoded, None)',
                      globals(), locals(), CredentialsError, 'Invalid signature')

        newline = data.find('\n')  # .user
        newline = data.find('\n', newline+1)  # .transient
        # Expecting '-'
        mangled = data[:newline+1] + '*' + data[newline+2:]
        encoded = (mangled, signature, client_creds)
        assert_raises(self, 'Credentials.verify(encoded, None)',
                      globals(), locals(), CredentialsError, 'Invalid key')

        # Detect mismatched key.
        get_key_pair(owner.user, overwrite_cache=True)
        spook = Credentials()
        encoded = spook.encode()
        assert_raises(self, 'Credentials.verify(encoded, None)',
                      globals(), locals(), CredentialsError,
                      'Public key mismatch')

        # Check if remote access.
        self.assertFalse(remote_access())