def log(self, request, response, time): query = dict(request.query) body = request.get("body", dict()) if 'password' in query: query['password'] = '******' if 'password' in body: body['password'] = '******' if 'key' in body and '/agents' in request.path: body['key'] = '****' # With permanent redirect, not found responses or any response with no token information, # decode the JWT token to get the username user = request.get('user', '') if not user: try: user = decode_token( request.headers["authorization"][7:])["sub"] except Unauthorized: user = UNKNOWN_USER_STRING self.logger.info( f'{user} ' f'{request.remote} ' f'"{request.method} {request.path}" ' f'with parameters {json.dumps(query)} and body {json.dumps(body)} ' f'done in {time:.3f}s: {response.status}')
def test_decode_token(mock_raise_if_exc, mock_distribute_function, mock_dapi, mock_generate_secret, mock_decode): mock_decode.return_value = payload mock_raise_if_exc.side_effect = [WazuhResult({'valid': True}), WazuhResult(security_conf)] result = authentication.decode_token('test_token') assert result == payload # Check all functions are called with expected params calls = [call(f=ANY, f_kwargs={'username': payload['sub'], 'token_iat_time': payload['iat']}, request_type='local_master', is_async=False, wait_for_complete=True, logger=ANY), call(f=ANY, request_type='local_master', is_async=False, wait_for_complete=True, logger=ANY)] mock_dapi.assert_has_calls(calls) mock_generate_secret.assert_called_once() mock_decode.assert_called_once_with('test_token', 'test_secret_token', algorithms=['HS256']) assert mock_distribute_function.call_count == 2 assert mock_raise_if_exc.call_count == 2
def test_decode_token(mock_raise_if_exc, mock_submit, mock_distribute_function, mock_dapi, mock_generate_secret, mock_decode): mock_decode.return_value = deepcopy(original_payload) mock_raise_if_exc.side_effect = [ WazuhResult({ 'valid': True, 'policies': { 'value': 'test' } }), WazuhResult(security_conf) ] result = authentication.decode_token('test_token') assert result == decoded_payload # Check all functions are called with expected params calls = [ call(f=ANY, f_kwargs={ 'username': original_payload['sub'], 'token_nbf_time': original_payload['nbf'], 'run_as': False, 'roles': tuple(original_payload['rbac_roles']), 'origin_node_type': 'master' }, request_type='local_master', is_async=False, wait_for_complete=False, logger=ANY), call(f=ANY, request_type='local_master', is_async=False, wait_for_complete=False, logger=ANY) ] mock_dapi.assert_has_calls(calls) mock_generate_secret.assert_called_once() mock_decode.assert_called_once_with('test_token', 'test_secret_token', algorithms=['HS256'], audience='Wazuh API REST') assert mock_distribute_function.call_count == 2 assert mock_raise_if_exc.call_count == 2
def test_decode_token_ko(mock_generate_secret, mock_raise_if_exc, mock_submit, mock_distribute_function): """Assert exceptions are handled as expected inside decode_token()""" with pytest.raises(Unauthorized): authentication.decode_token(token='test_token') with patch('api.authentication.jwt.decode') as mock_decode: with patch('api.authentication.generate_secret', return_value='test_secret_token'): with patch('wazuh.core.cluster.dapi.dapi.DistributedAPI.__init__', return_value=None): with patch('wazuh.core.cluster.dapi.dapi.DistributedAPI.distribute_function'): with patch('api.authentication.raise_if_exc') as mock_raise_if_exc: mock_decode.return_value = deepcopy(original_payload) with pytest.raises(Unauthorized): mock_raise_if_exc.side_effect = [WazuhResult({'valid': False})] authentication.decode_token(token='test_token') with pytest.raises(Unauthorized): mock_raise_if_exc.side_effect = [WazuhResult({'valid': True, 'policies': {'value': 'test'}}), WazuhResult({'auth_token_exp_timeout': 3600, 'rbac_mode': 'white'})] authentication.decode_token(token='test_token')