def test_forget_gives_a_challenge_header(self):
policy = MACAuthenticationPolicy()
req = self._make_signed_request("*****@*****.**", "/")
headers = policy.forget(req)
self.assertEquals(len(headers), 1)
self.assertEquals(headers[0][0], "WWW-Authenticate")
self.assertTrue(headers[0][1] == "MAC")
def test_forget_gives_a_challenge_header(self):
policy = MACAuthenticationPolicy()
req = self._make_signed_request("*****@*****.**", "/")
headers = policy.forget(req)
self.assertEquals(len(headers), 1)
self.assertEquals(headers[0][0], "WWW-Authenticate")
self.assertTrue(headers[0][1] == "MAC")
def test_from_settings_produces_sensible_defaults(self):
policy = MACAuthenticationPolicy.from_settings({})
self.assertEquals(policy.find_groups.im_func,
MACAuthenticationPolicy.find_groups.im_func)
self.assertEquals(policy.decode_mac_id.im_func,
MACAuthenticationPolicy.decode_mac_id.im_func)
self.assertTrue(isinstance(policy.nonce_cache, macauthlib.NonceCache))
def test_from_settings_produces_sensible_defaults(self):
policy = MACAuthenticationPolicy.from_settings({})
self.assertEquals(policy.find_groups.im_func,
MACAuthenticationPolicy.find_groups.im_func)
self.assertEquals(policy.decode_mac_id.im_func,
MACAuthenticationPolicy.decode_mac_id.im_func)
self.assertTrue(isinstance(policy.nonce_cache, macauthlib.NonceCache))
def test_from_settings_curries_args_to_encode_mac_id(self):
policy = MACAuthenticationPolicy.from_settings({
"macauth.encode_mac_id":
"pyramid_macauth.tests:stub_encode_mac_id",
"macauth.encode_mac_id_suffix":
"-TEST",
})
self.assertEquals(policy.encode_mac_id(None, "id"), ("id", "id-TEST"))
def test_from_settings_produces_sensible_defaults(self):
policy = MACAuthenticationPolicy.from_settings({})
# Using __code__ here is a Py2/Py3 compatible way of checking
# that a bound and unbound method point to the same function object.
self.assertEquals(policy.find_groups.__code__,
MACAuthenticationPolicy.find_groups.__code__)
self.assertEquals(policy.decode_mac_id.__code__,
MACAuthenticationPolicy.decode_mac_id.__code__)
self.assertTrue(isinstance(policy.nonce_cache, macauthlib.NonceCache))
def test_from_settings_produces_sensible_defaults(self):
policy = MACAuthenticationPolicy.from_settings({})
# Using __code__ here is a Py2/Py3 compatible way of checking
# that a bound and unbound method point to the same function object.
self.assertEquals(policy.find_groups.__code__,
MACAuthenticationPolicy.find_groups.__code__)
self.assertEquals(policy.decode_mac_id.__code__,
MACAuthenticationPolicy.decode_mac_id.__code__)
self.assertTrue(isinstance(policy.nonce_cache, macauthlib.NonceCache))
def test_from_settings_can_explicitly_set_all_properties(self):
policy = MACAuthenticationPolicy.from_settings({
"macauth.find_groups": "pyramid_macauth.tests:stub_find_groups",
"macauth.decode_mac_id": "pyramid_macauth.tests:stub_decode_mac_id",
"macauth.nonce_cache": "macauthlib:NonceCache",
})
self.assertEquals(policy.find_groups, stub_find_groups)
self.assertEquals(policy.decode_mac_id, stub_decode_mac_id)
self.assertTrue(isinstance(policy.nonce_cache, macauthlib.NonceCache))
def test_from_settings_passes_on_args_to_nonce_cache(self):
policy = MACAuthenticationPolicy.from_settings({
"macauth.nonce_cache": "macauthlib:NonceCache",
"macauth.nonce_cache_nonce_ttl": 42,
})
self.assertTrue(isinstance(policy.nonce_cache, macauthlib.NonceCache))
self.assertEquals(policy.nonce_cache.nonce_ttl, 42)
self.assertRaises(TypeError, MACAuthenticationPolicy.from_settings, {
"macauth.nonce_cache": "macauthlib:NonceCache",
"macauth.nonce_cache_invalid_arg": "WHAWHAWHAWHA",
})
def test_from_settings_can_explicitly_set_all_properties(self):
policy = MACAuthenticationPolicy.from_settings({
"macauth.find_groups":
"pyramid_macauth.tests:stub_find_groups",
"macauth.decode_mac_id":
"pyramid_macauth.tests:stub_decode_mac_id",
"macauth.nonce_cache":
"macauthlib:NonceCache",
})
self.assertEquals(policy.find_groups, stub_find_groups)
self.assertEquals(policy.decode_mac_id, stub_decode_mac_id)
self.assertTrue(isinstance(policy.nonce_cache, macauthlib.NonceCache))
def test_from_settings_passes_on_args_to_nonce_cache(self):
policy = MACAuthenticationPolicy.from_settings({
"macauth.nonce_cache":
"macauthlib:NonceCache",
"macauth.nonce_cache_nonce_ttl":
42,
})
self.assertTrue(isinstance(policy.nonce_cache, macauthlib.NonceCache))
self.assertEquals(policy.nonce_cache.nonce_ttl, 42)
self.assertRaises(
TypeError, MACAuthenticationPolicy.from_settings, {
"macauth.nonce_cache": "macauthlib:NonceCache",
"macauth.nonce_cache_invalid_arg": "WHAWHAWHAWHA",
})
def configure(config):
"""Configures the MAGMa web app.
`config` is a instance of :class:Configurator.
"""
settings = config.get_settings()
config.include('pyramid_tm')
# for human users
authn_policy1 = AuthTktAuthenticationPolicy(
secret=settings['cookie.secret'],
path=settings['cookie.path'],
hashalg='sha512',
callback=groupfinder,
cookie_name=settings.get('cookie.name', 'auth_tkt'),
wild_domain=False,
http_only=True,
)
# for service consumers
# See http://www.rfk.id.au/blog/entry/securing-pyramid-persona-macauth/
authn_policy2 = MACAuthenticationPolicy.from_settings(settings)
authn_policy2.find_groups = groupfinder
auth_policies = [authn_policy1, authn_policy2, ]
authn_policy = MultiAuthenticationPolicy(auth_policies)
config.set_authentication_policy(authn_policy)
config.set_authorization_policy(ACLAuthorizationPolicy())
config.set_root_factory(RootFactory)
config.add_renderer('jsonhtml', jsonhtml_renderer_factory)
config.add_static_view('static', 'magmaweb:static', cache_max_age=3600)
# for everyone
config.add_route('home', '/')
config.add_route('help', '/help')
config.add_route('login', '/login')
# for authenticated users
config.add_route('defaults.json', '/defaults.json')
config.add_route('startjob', '/start')
config.add_route('jobfromscratch', '/results/')
config.add_route('uploaddb', '/uploaddb')
config.add_route('workspace', '/workspace')
config.add_route('access_token', '/access_token.json')
config.add_route('logout', '/logout')
# JobFactory + traverse
def add_job_route(name, pattern):
""""Add route with :class:Job as context"""
config.add_route(name, pattern, traverse='/{jobid}',
factory=JobIdFactory)
# for job owner
add_job_route('status.json', '/status/{jobid}.json')
add_job_route('status', '/status/{jobid}')
# for authenticated users
add_job_route('results', '/results/{jobid}')
add_job_route('molecules.json', '/results/{jobid}/molecules.json')
add_job_route('molecules.csv', '/results/{jobid}/molecules.csv')
add_job_route('molecules.sdf', '/results/{jobid}/molecules.sdf')
add_job_route('fragments.json',
'/results/{jobid}/fragments/{scanid}/{molid}.json')
add_job_route('chromatogram.json', '/results/{jobid}/chromatogram.json')
add_job_route('mspectra.json', '/results/{jobid}/mspectra/{scanid}.json')
add_job_route('extractedionchromatogram.json',
'/results/{jobid}/extractedionchromatogram/{molid}.json')
add_job_route('stderr.txt', '/results/{jobid}/stderr.txt')
add_job_route('stdout.txt', '/results/{jobid}/stdout.txt')
add_job_route('runinfo.json', '/results/{jobid}/runinfo.json')
# for job owner
add_job_route('rpc.add_structures', '/rpc/{jobid}/add_structures')
add_job_route('rpc.add_ms_data', '/rpc/{jobid}/add_ms_data')
add_job_route('rpc.metabolize', '/rpc/{jobid}/metabolize')
add_job_route('rpc.metabolize_one', '/rpc/{jobid}/metabolize_one')
add_job_route('rpc.annotate', '/rpc/{jobid}/annotate')
add_job_route('rpc.assign', '/rpc/{jobid}/assign')
add_job_route('rpc.unassign', '/rpc/{jobid}/unassign')
# find view_config decorations
config.scan('magmaweb', ignore='magmaweb.tests')
# add config defaults and
# cast config parameter to boolean
auto_register = asbool(settings.get('auto_register', False))
config.add_settings(auto_register=auto_register)
restricted = asbool(settings.get('restricted', False))
config.add_settings(restricted=restricted)
# Setup connection to user database
engine = engine_from_config(settings)
init_user_db(engine)
def configure(config):
"""Configures the MAGMa web app.
`config` is a instance of :class:Configurator.
"""
settings = config.get_settings()
config.include('pyramid_mako')
config.include('pyramid_tm')
# for human users
authn_policy1 = AuthTktAuthenticationPolicy(
secret=settings['cookie.secret'],
path=settings['cookie.path'],
hashalg='sha512',
callback=groupfinder,
cookie_name=settings.get('cookie.name', 'auth_tkt'),
wild_domain=False,
http_only=True,
)
# for service consumers
# See http://www.rfk.id.au/blog/entry/securing-pyramid-persona-macauth/
authn_policy2 = MACAuthenticationPolicy.from_settings(settings)
authn_policy2.find_groups = groupfinder
auth_policies = [
authn_policy1,
authn_policy2,
]
authn_policy = MultiAuthenticationPolicy(auth_policies)
config.set_authentication_policy(authn_policy)
config.set_authorization_policy(ACLAuthorizationPolicy())
config.set_root_factory(RootFactory)
config.add_renderer('jsonhtml', jsonhtml_renderer_factory)
config.add_static_view('static', 'magmaweb:static', cache_max_age=3600)
# for everyone
config.add_route('home', '/')
config.add_route('help', '/help')
config.add_route('login', '/login')
# for authenticated users
config.add_route('defaults.json', '/defaults.json')
config.add_route('startjob', '/start')
config.add_route('jobfromscratch', '/results/')
config.add_route('uploaddb', '/uploaddb')
config.add_route('workspace', '/workspace')
config.add_route('access_token', '/access_token.json')
config.add_route('logout', '/logout')
# JobFactory + traverse
def add_job_route(name, pattern):
""""Add route with :class:Job as context"""
config.add_route(name,
pattern,
traverse='/{jobid}',
factory=JobIdFactory)
# for job owner
add_job_route('status.json', '/status/{jobid}.json')
add_job_route('status', '/status/{jobid}')
# for authenticated users
add_job_route('results', '/results/{jobid}')
add_job_route('molecules.json', '/results/{jobid}/molecules.json')
add_job_route('molecules.csv', '/results/{jobid}/molecules.csv')
add_job_route('molecules.sdf', '/results/{jobid}/molecules.sdf')
add_job_route('fragments.json',
'/results/{jobid}/fragments/{scanid}/{molid}.json')
add_job_route('chromatogram.json', '/results/{jobid}/chromatogram.json')
add_job_route('mspectra.json', '/results/{jobid}/mspectra/{scanid}.json')
add_job_route('extractedionchromatogram.json',
'/results/{jobid}/extractedionchromatogram/{molid}.json')
add_job_route('stderr.txt', '/results/{jobid}/stderr.txt')
add_job_route('stdout.txt', '/results/{jobid}/stdout.txt')
add_job_route('runinfo.json', '/results/{jobid}/runinfo.json')
# for job owner
add_job_route('rpc.add_structures', '/rpc/{jobid}/add_structures')
add_job_route('rpc.add_ms_data', '/rpc/{jobid}/add_ms_data')
add_job_route('rpc.metabolize', '/rpc/{jobid}/metabolize')
add_job_route('rpc.metabolize_one', '/rpc/{jobid}/metabolize_one')
add_job_route('rpc.annotate', '/rpc/{jobid}/annotate')
add_job_route('rpc.assign', '/rpc/{jobid}/assign')
add_job_route('rpc.unassign', '/rpc/{jobid}/unassign')
# find view_config decorations
config.scan('magmaweb', ignore='magmaweb.tests')
# add config defaults and
# cast config parameter to boolean
auto_register = asbool(settings.get('auto_register', False))
config.add_settings(auto_register=auto_register)
restricted = asbool(settings.get('restricted', False))
config.add_settings(restricted=restricted)
ncpus = settings.get('ncpus', 1)
config.add_settings(ncpus=ncpus)
# Setup connection to user database
engine = engine_from_config(settings)
init_user_db(engine)
def test_default_groupfinder_returns_empty_list(self):
policy = MACAuthenticationPolicy()
req = self._make_request("/auth")
self.assertEquals(policy.find_groups("test", req), [])
def test_remember_does_nothing(self):
policy = MACAuthenticationPolicy()
req = self._make_signed_request("*****@*****.**", "/")
self.assertEquals(policy.remember(req, "*****@*****.**"), [])
def test_from_settings_curries_args_to_decode_mac_id(self):
policy = MACAuthenticationPolicy.from_settings({
"macauth.decode_mac_id": "pyramid_macauth.tests:stub_decode_mac_id",
"macauth.decode_mac_id_suffix": "-TEST",
})
self.assertEquals(policy.decode_mac_id(None, "id"), ("id", "id-TEST"))
def test_default_groupfinder_returns_empty_list(self):
policy = MACAuthenticationPolicy()
req = self._make_request("/auth")
self.assertEquals(policy.find_groups("test", req), [])
def test_remember_does_nothing(self):
policy = MACAuthenticationPolicy()
req = self._make_signed_request("*****@*****.**", "/")
self.assertEquals(policy.remember(req, "*****@*****.**"), [])
