def test_1():
import shutil
from pykern import pkconfig, pkunit, pkio
from pykern.pkunit import pkeq
from pykern.pkdebug import pkdp
from sirepo import srunit
srunit.flask_client()
from sirepo import cookie
cookie.init_mock()
cookie.init('x')
with pkunit.pkexcept('Unauthorized'):
cookie.get_user()
with pkunit.pkexcept('Unauthorized'):
cookie.get_user(checked=False)
cookie.set_sentinel()
cookie.set_user('abc')
cookie.set_value('hi', 'hello')
r = _Response(status_code=200)
cookie.save_to_cookie(r)
pkeq('sirepo_dev', r.args[0])
pkeq(False, r.kwargs['secure'])
pkeq('abc', cookie.get_user())
cookie.clear_user()
cookie.unchecked_remove('hi')
pkeq(None, cookie.get_user(checked=False))
cookie.init('sirepo_dev={}'.format(r.args[1]))
pkeq('hello', cookie.get_value('hi'))
pkeq('abc', cookie.get_user())
def api_srUnit():
v = getattr(flask.current_app, SRUNIT_TEST_IN_REQUEST)
if v.want_cookie:
from sirepo import cookie
cookie.set_sentinel()
v.op()
return ''
def test_1():
import shutil
from pykern import pkconfig, pkunit, pkio
from pykern.pkunit import pkeq
from pykern.pkdebug import pkdp
from sirepo import srunit
srunit.flask_client()
from sirepo import cookie
cookie.init_mock()
cookie.init('x')
with pkunit.pkexcept('Unauthorized'):
cookie.get_user()
with pkunit.pkexcept('Unauthorized'):
cookie.get_user(checked=False)
cookie.set_sentinel()
cookie.set_user('abc')
cookie.set_value('hi', 'hello')
r = _Response(status_code=200)
cookie.save_to_cookie(r)
pkeq('sirepo_dev', r.args[0])
pkeq(False, r.kwargs['secure'])
pkeq('abc', cookie.get_user())
cookie.clear_user()
cookie.unchecked_remove('hi')
pkeq(None, cookie.get_user(checked=False))
cookie.init('sirepo_dev={}'.format(r.args[1]))
pkeq('hello', cookie.get_value('hi'))
pkeq('abc', cookie.get_user())
def _auth_hook_from_header(values):
"""Migrate from old cookie values
Always sets _COOKIE_STATE, which is our sentinel.
Args:
values (dict): just parsed values
Returns:
dict: unmodified or migrated values
"""
if values.get(_COOKIE_STATE):
# normal case: we've seen a cookie at least once
# check for cfg.methods changes
m = values.get(_COOKIE_METHOD)
if m and m not in valid_methods:
# invalid method (changed config), reset state
pkdlog(
'possibly misconfigured server: invalid cookie_method={}, clearing values={}',
m,
values,
)
pkcollections.unchecked_del(
values,
_COOKIE_METHOD,
_COOKIE_USER,
_COOKIE_STATE,
)
return values
u = values.get('sru') or values.get('uid')
if not u:
# normal case: new visitor, and no user/state; set logged out
# and return all values
values[_COOKIE_STATE] = _STATE_LOGGED_OUT
return values
# Migrate
o = values.get('sros') or values.get('oauth_login_state')
s = _STATE_COMPLETE_REGISTRATION
if o is None or o in ('anonymous', 'a'):
m = METHOD_GUEST
elif o in ('logged_in', 'li', 'logged_out', 'lo'):
m = 'github'
if 'i' not in o:
s = _STATE_LOGGED_OUT
else:
pkdlog('unknown cookie values, clearing, not migrating: {}', values)
return {}
# Upgrade cookie to current structure. Set the sentinel, too.
values = {
_COOKIE_USER: u,
_COOKIE_METHOD: m,
_COOKIE_STATE: s,
}
cookie.set_sentinel(values)
pkdlog('migrated cookie={}', values)
return values
def require_auth_basic():
m = _METHOD_MODULES['basic']
_validate_method(m)
uid = m.require_user()
if not uid:
raise sirepo.util.Response(
sirepo.util.flask_app().response_class(
status=401,
headers={'WWW-Authenticate': 'Basic realm="*"'},
), )
cookie.set_sentinel()
login(m, uid=uid)
def check_api_call(func):
expect = getattr(func, api_perm.ATTR)
a = api_perm.APIPerm
if expect in (a.REQUIRE_COOKIE_SENTINEL, a.REQUIRE_USER):
if not cookie.has_sentinel():
raise sirepo.util.SRException('missingCookies', None)
if expect == a.REQUIRE_USER:
auth.require_user()
elif expect == a.ALLOW_VISITOR:
pass
elif expect in (a.ALLOW_COOKIELESS_SET_USER, a.ALLOW_COOKIELESS_REQUIRE_USER):
cookie.set_sentinel()
if expect == a.ALLOW_COOKIELESS_REQUIRE_USER:
auth.require_user()
elif expect == a.REQUIRE_AUTH_BASIC:
auth.require_auth_basic()
else:
raise AssertionError('unhandled api_perm={}'.format(expect))
def assert_api_call(func):
p = getattr(func, api_perm.ATTR)
a = api_perm.APIPerm
if p == a.REQUIRE_USER:
if not cookie.has_sentinel():
util.raise_unauthorized(
'cookie does not have a sentinel: perm={} func={}',
p,
func.__name__,
)
elif p == a.ALLOW_VISITOR:
pass
elif p == a.ALLOW_COOKIELESS_USER:
cookie.set_sentinel()
if login_module:
login_module.allow_cookieless_user()
elif p == a.ALLOW_LOGIN:
#TODO(robnagler) need state so that set_user can happen
cookie.set_sentinel()
else:
raise AssertionError('unexpected api_perm={}'.format(p))
def assert_api_call(func):
p = getattr(func, api_perm.ATTR)
a = api_perm.APIPerm
if p == a.REQUIRE_USER:
if not cookie.has_sentinel():
util.raise_unauthorized(
'cookie does not have a sentinel: perm={} func={}',
p,
func.__name__,
)
elif p == a.ALLOW_VISITOR:
pass
elif p == a.ALLOW_COOKIELESS_USER:
cookie.set_sentinel()
if login_module:
login_module.allow_cookieless_user()
elif p == a.ALLOW_LOGIN:
#TODO(robnagler) need state so that set_user can happen
cookie.set_sentinel()
else:
raise AssertionError('unexpected api_perm={}'.format(p))
