async def test_middleware_doesnt_reissue_on_bad_response(loop, app, client): async def handler_bad_response(request): user_id = await auth.get_auth(request) assert user_id == 'some_user' return web.Response(status=400, text='bad_response') secret = b'01234567890abcdef' policy = auth.CookieTktAuthentication(secret, 15, 0, cookie_name='auth') auth.setup(app, policy) app.router.add_get('/bad_response', handler_bad_response) cli = await client(app) response = await cli.get('/remember') text = await response.text() data = response.cookies[policy.cookie_name] assert text == 'remember' # wait a second that the ticket value has changed await asyncio.sleep(1.0, loop=loop) response = await assert_response(cli.get('/auth'), 'auth') assert data != response.cookies[policy.cookie_name] data = response.cookies[policy.cookie_name] await asyncio.sleep(1.0, loop=loop) response = await assert_response(cli.get('/bad_response'), 'bad_response') assert response.status == 400 assert policy.cookie_name not in response.cookies
async def test_middleware_stores_auth_in_cookie(self): secret = b'01234567890abcdef' auth_ = auth.CookieTktAuthentication(secret, 15, cookie_name='auth') middlewares = [auth_middleware(auth_)] request = await make_request('GET', '/', middlewares) await auth.remember(request, 'some_user') response = await make_response(request, middlewares) self.assertTrue(auth_.cookie_name in response.cookies)
async def test_middleware_setup(app): secret = b'01234567890abcdef' policy = auth.CookieTktAuthentication(secret, 15, cookie_name='auth') auth.setup(app, policy) middleware = auth.auth_middleware(policy) assert app.middlewares[-1].__name__ == middleware.__name__
def main(): loop = asyncio.get_event_loop() policy = auth.CookieTktAuthentication(os.urandom(32), 60000, include_ip=True) middlewares = [auth.auth_middleware(policy)] if os.environ['NODE_ENV'] == 'production': middlewares.append(index_middleware) app = aiohttp.web.Application(loop=loop, middlewares=middlewares) # print(loop.run_until_complete(db.users.find({}, {'_id': 1}))) # app['ws_clients'] = {r['_id']: None for r in loop.run_until_complete(db.users.find({}, {'_id': 1}))} app['admin_subscribed_bid'] = '' app.on_startup.append(prepare_ws_clients) app.on_shutdown.append(shutdown_websockets) app.router.add_get('/index/', indx) r1 = app.router.add_route('GET', '/test_auth/', test_auth) r2 = app.router.add_route('POST', '/login/', login) r3 = app.router.add_route('GET', '/ws', websocket_handler) app.router.add_get('/rest/bids/', bids) r4 = app.router.add_get('/rest/bid_report/', bid_report) r5 = app.router.add_get('/rest/sdd_report/', sdd_report) r6 = app.router.add_get('/rest/sdd_section_limits/', sdd_section_limits) r7 = app.router.add_post('/rest/upload_file/', upload_file) r8 = app.router.add_get('/rest/sleep/', sleep) if os.environ['NODE_ENV'] == 'production': app.router.add_route('GET', '/', index) app.router.add_static('/', '../client/dist') else: cors = aiohttp_cors.setup(app, defaults={ '*': aiohttp_cors.ResourceOptions( expose_headers='*', allow_headers='*', allow_credentials=True), }) cors.add(r1) cors.add(r2) cors.add(r3) cors.add(r4) cors.add(r5) cors.add(r6) cors.add(r7) cors.add(r8) aiohttp.web.run_app(app, host=HOST, port=PORT)
async def test_middleware_stores_auth_in_cookie(app, client): secret = b'01234567890abcdef' policy = auth.CookieTktAuthentication(secret, 15, cookie_name='auth') auth.setup(app, policy) cli = await client(app) response = await cli.get('/remember') text = await response.text() assert text == 'remember' assert policy.cookie_name in response.cookies
async def test_middleware_gets_auth_from_cookie(self): secret = b'01234567890abcdef' auth_ = auth.CookieTktAuthentication(secret, 15, 2, cookie_name='auth') middlewares = [auth_middleware(auth_)] session_data = TicketFactory(secret).new('some_user') request = await make_request('GET', '/', middlewares, \ [(auth_.cookie_name, session_data)]) user_id = await auth.get_auth(request) self.assertEqual(user_id, 'some_user') response = await make_response(request, middlewares) self.assertFalse(auth_.cookie_name in response.cookies)
async def test_middleware_reissues_ticket_auth(self): secret = b'01234567890abcdef' auth_ = auth.CookieTktAuthentication(secret, 15, 0, cookie_name='auth') middlewares = [auth_middleware(auth_)] valid_until = time.time() + 15 session_data = TicketFactory(secret).new('some_user', valid_until=valid_until) request = await make_request('GET', '/', middlewares, \ [(auth_.cookie_name, session_data)]) user_id = await auth.get_auth(request) self.assertEqual(user_id, 'some_user') response = await make_response(request, middlewares) self.assertTrue(auth_.cookie_name in response.cookies) self.assertNotEqual(response.cookies[auth_.cookie_name], session_data)
async def test_middleware_cannot_store_auth_in_cookie_when_response_prepared( app, client): async def handler_test(request): await auth.remember(request, 'some_user') response = web.Response(text='test') await response.prepare(request) return response secret = b'01234567890abcdef' policy = auth.CookieTktAuthentication(secret, 15, cookie_name='auth') auth.setup(app, policy) app.router.add_get('/test', handler_test) cli = await client(app) with pytest.raises(Exception): await assert_response(cli.get('/test'), 'test')
async def test_middleware_forget_with_cookies(app, client): secret = b'01234567890abcdef' policy = auth.CookieTktAuthentication(secret, 120, cookie_name='auth') auth.setup(app, policy) cli = await client(app) response = await assert_response(cli.get('/remember'), 'remember') assert policy.cookie_name in response.cookies response = await assert_response(cli.get('/forget'), 'forget') # aiohttp set cookie_name with empty string when del_cookie # assert policy.cookie_name not in response.cookies assert response.cookies[policy.cookie_name].value == '' with pytest.raises(AssertionError): await assert_response(cli.get('/auth'), 'auth')
async def test_middleware_auth_required_decorator(app, client): @auth.auth_required async def handler_test(request): return web.Response(text='test') secret = b'01234567890abcdef' policy = auth.CookieTktAuthentication(secret, 120, cookie_name='auth') auth.setup(app, policy) app.router.add_get('/test', handler_test) cli = await client(app) response = await assert_response(cli.get('/test'), '401: Unauthorized') assert response.status == 401 response = await assert_response(cli.get('/remember'), 'remember') response = await assert_response(cli.get('/test'), 'test') assert response.status == 200
async def test_middleware_reissues_ticket_auth(loop, app, client): secret = b'01234567890abcdef' policy = auth.CookieTktAuthentication(secret, 15, 0, cookie_name='auth') auth.setup(app, policy) cli = await client(app) response = await cli.get('/remember') text = await response.text() assert text == 'remember' data = response.cookies[policy.cookie_name] # wait a second that the ticket value has changed await asyncio.sleep(1.0, loop=loop) response = await assert_response(cli.get('/auth'), 'auth') assert data != response.cookies[policy.cookie_name]
def init(): policy = auth.CookieTktAuthentication(urandom(32), 600, include_ip=True) middlewares = [auth.auth_middleware(policy)] app = web.Application(middlewares=middlewares) utils.connect_to_mysql() app.router.add_route('GET', '/', hello) app.router.add_route('POST', '/', createTable) app.router.add_route('GET', '/check', checkIfLoggedIn) app.router.add_route('POST', '/login', login) app.router.add_route('POST', '/logout', logout) # Players app.router.add_route('GET', '/allplayers', dbutils.get_players) app.router.add_route('POST', '/addplayer', dbutils.add_player) app.router.add_route('POST', '/stats/player', dbutils.update_player_stats) # Referee app.router.add_route('GET', '/stats/referees', dbutils.get_referees_stats) app.router.add_route('POST', '/addreferee', dbutils.add_referee) # Clubs app.router.add_route('GET', '/stats/clubs', dbutils.get_clubs_stats) app.router.add_route('GET', '/club/{club}', dbutils.get_single_club_info) app.router.add_route('POST', '/add/club', dbutils.add_new_club) # Matches app.router.add_route('GET', '/matches', dbutils.get_matches) app.router.add_route('POST', '/matches/add', dbutils.add_match) # League app.router.add_route('GET', '/league/{league}', dbutils.get_league_stats) # Stadiums app.router.add_route('GET', '/stadiums', dbutils.get_stadiums_stats) logging.info("Backend server started") web.run_app(app) logging.info("Closing connection")
response.set_cookie(self.cookie_name, cookie) auth.cookie_ticket_auth.CookieTktAuthentication.process_response = process_response import jinja2 from motor import motor_asyncio as motor import xlsxwriter import aiofiles from multidict import MultiDict import rest import settings as S auth_policy = auth.CookieTktAuthentication(os.urandom(32), 6000000, include_ip=True) auth_middleware = auth.auth_middleware(auth_policy) @aiohttp_jinja2.template('sign-up.html') async def ask_for_password(request): msg = '' if request.query.get('msg') == 'unequal-pwds': msg = 'пароль подтвержден неправильно!' return { 'id': request.query.get('id', ''), 'msg': msg, }
async def on_start(app): config = app["config"] app["db"] = await asyncpgsa.create_pool(dsn=config["database"]) auth_policy = auth.CookieTktAuthentication(urandom(32), 60, include_ip=True) autz_policy = ACLAutzPolicy(app["db"]) aiohttp_auth.setup(app, auth_policy, autz_policy)