コード例 #1
0
ファイル: test_auth.py プロジェクト: OpenPeerPower/core 
async def test_auth_active_access_with_access_token_in_header(
        opp, app, aiohttp_client, opp_access_token):
    """Test access with access token in header."""
    token = opp_access_token
    setup_auth(opp, app)
    client = await aiohttp_client(app)
    refresh_token = await opp.auth.async_validate_access_token(opp_access_token
                                                               )

    req = await client.get("/", headers={"Authorization": f"Bearer {token}"})
    assert req.status == 200
    assert await req.json() == {"user_id": refresh_token.user.id}

    req = await client.get("/", headers={"AUTHORIZATION": f"Bearer {token}"})
    assert req.status == 200
    assert await req.json() == {"user_id": refresh_token.user.id}

    req = await client.get("/", headers={"authorization": f"Bearer {token}"})
    assert req.status == 200
    assert await req.json() == {"user_id": refresh_token.user.id}

    req = await client.get("/", headers={"Authorization": token})
    assert req.status == 401

    req = await client.get("/", headers={"Authorization": f"BEARER {token}"})
    assert req.status == 401

    refresh_token = await opp.auth.async_validate_access_token(opp_access_token
                                                               )
    refresh_token.user.is_active = False
    req = await client.get("/", headers={"Authorization": f"Bearer {token}"})
    assert req.status == 401
コード例 #2
0
ファイル: test_auth.py プロジェクト: OpenPeerPower/core 
async def test_cant_access_with_password_in_header(app, aiohttp_client,
                                                   legacy_auth, opp):
    """Test access with password in header."""
    setup_auth(opp, app)
    client = await aiohttp_client(app)

    req = await client.get("/", headers={HTTP_HEADER_HA_AUTH: API_PASSWORD})
    assert req.status == 401

    req = await client.get("/", headers={HTTP_HEADER_HA_AUTH: "wrong-pass"})
    assert req.status == 401
コード例 #3
0
ファイル: test_auth.py プロジェクト: OpenPeerPower/core 
async def test_auth_legacy_support_api_password_cannot_access(
        app, aiohttp_client, legacy_auth, opp):
    """Test access using api_password if auth.support_legacy."""
    setup_auth(opp, app)
    client = await aiohttp_client(app)

    req = await client.get("/", headers={HTTP_HEADER_HA_AUTH: API_PASSWORD})
    assert req.status == 401

    resp = await client.get("/", params={"api_password": API_PASSWORD})
    assert resp.status == 401

    req = await client.get("/", auth=BasicAuth("openpeerpower", API_PASSWORD))
    assert req.status == 401
コード例 #4
0
ファイル: test_auth.py プロジェクト: OpenPeerPower/core 
async def test_cant_access_with_password_in_query(app, aiohttp_client,
                                                  legacy_auth, opp):
    """Test access with password in URL."""
    setup_auth(opp, app)
    client = await aiohttp_client(app)

    resp = await client.get("/", params={"api_password": API_PASSWORD})
    assert resp.status == 401

    resp = await client.get("/")
    assert resp.status == 401

    resp = await client.get("/", params={"api_password": "******"})
    assert resp.status == 401
コード例 #5
0
ファイル: test_auth.py プロジェクト: OpenPeerPower/core 
async def test_cannot_access_with_trusted_ip(opp, app2, trusted_networks_auth,
                                             aiohttp_client, opp_owner_user):
    """Test access with an untrusted ip address."""
    setup_auth(opp, app2)

    set_mock_ip = mock_real_ip(app2)
    client = await aiohttp_client(app2)

    for remote_addr in UNTRUSTED_ADDRESSES:
        set_mock_ip(remote_addr)
        resp = await client.get("/")
        assert resp.status == 401, f"{remote_addr} shouldn't be trusted"

    for remote_addr in TRUSTED_ADDRESSES:
        set_mock_ip(remote_addr)
        resp = await client.get("/")
        assert resp.status == 401, f"{remote_addr} shouldn't be trusted"
コード例 #6
0
ファイル: test_auth.py プロジェクト: OpenPeerPower/core 
async def test_basic_auth_does_not_work(app, aiohttp_client, opp, legacy_auth):
    """Test access with basic authentication."""
    setup_auth(opp, app)
    client = await aiohttp_client(app)

    req = await client.get("/", auth=BasicAuth("openpeerpower", API_PASSWORD))
    assert req.status == 401

    req = await client.get("/", auth=BasicAuth("wrong_username", API_PASSWORD))
    assert req.status == 401

    req = await client.get("/",
                           auth=BasicAuth("openpeerpower", "wrong password"))
    assert req.status == 401

    req = await client.get("/", headers={"authorization": "NotBasic abcdefg"})
    assert req.status == 401
コード例 #7
0
ファイル: test_auth.py プロジェクト: OpenPeerPower/core 
async def test_auth_access_signed_path(opp, app, aiohttp_client,
                                       opp_access_token):
    """Test access with signed url."""
    app.router.add_post("/", mock_handler)
    app.router.add_get("/another_path", mock_handler)
    setup_auth(opp, app)
    client = await aiohttp_client(app)

    refresh_token = await opp.auth.async_validate_access_token(opp_access_token
                                                               )

    signed_path = async_sign_path(opp, refresh_token.id, "/",
                                  timedelta(seconds=5))

    req = await client.get(signed_path)
    assert req.status == 200
    data = await req.json()
    assert data["user_id"] == refresh_token.user.id

    # Use signature on other path
    req = await client.get("/another_path?{}".format(
        signed_path.split("?")[1]))
    assert req.status == 401

    # We only allow GET
    req = await client.post(signed_path)
    assert req.status == 401

    # Never valid as expired in the past.
    expired_signed_path = async_sign_path(opp, refresh_token.id, "/",
                                          timedelta(seconds=-5))

    req = await client.get(expired_signed_path)
    assert req.status == 401

    # refresh token gone should also invalidate signature
    await opp.auth.async_remove_refresh_token(refresh_token)
    req = await client.get(signed_path)
    assert req.status == 401