def test_update_keychain_add_multi(self):
logger.info(self.getTestHeader('test update keychain add multi'))
keychain_file = ospj(self.test_config_dir, 'test-keychain-8.json')
added_entries = [{
"uri": "https://foo.bar.com/",
"auth_type": "http-basic",
"auth_params": {
"auth_method": "get",
"username": "******",
"password": "******"
}
}, {
"uri": "https://foo.bar.com/",
"auth_type": "bearer-token",
"auth_params": {
"token": "bar",
"allow_redirects_with_token": "True",
"additional_request_headers": {
"X-Requested-With": "XMLHttpRequest"
}
}
}]
try:
keychain = read_keychain(keychain_file, create_default=False)
entries = get_auth_entries("https://foo.bar.com/", keychain)
self.assertFalse(entries)
updated_keychain = update_keychain(added_entries,
keychain_file=keychain_file)
logger.info("Updated keychain: %s" % json.dumps(updated_keychain))
entries = get_auth_entries("https://foo.bar.com/",
updated_keychain)
self.assertTrue(len(entries) == 2)
except Exception as e:
self.fail(bdbag.get_typed_exception(e))
def test_update_keychain_single(self):
logger.info(self.getTestHeader('test update keychain single'))
keychain_file = ospj(self.test_config_dir, 'test-keychain-8.json')
updated_entry = {
"uri": "https://raw.githubusercontent.com/",
"auth_type": "http-basic",
"auth_params": {
"auth_method": "get",
"username": "******",
"password": "******"
}
}
try:
updated_keychain = update_keychain(updated_entry,
keychain_file=keychain_file)
logger.info("Updated keychain: %s" % json.dumps(updated_keychain))
entries = get_auth_entries("https://raw.githubusercontent.com/",
updated_keychain)
found = False
for entry in entries:
if entry["auth_type"] == "http-basic":
if entry["auth_params"]["username"] == "foo" and entry[
"auth_params"]["password"] == "bar!":
found = True
break
self.assertTrue(found)
except Exception as e:
self.fail(bdbag.get_typed_exception(e))
def test_update_keychain_del_by_tag(self):
logger.info(self.getTestHeader('test update keychain del by tag'))
keychain_file = ospj(self.test_config_dir, 'test-keychain-8.json')
deleted_entries = {"tag": "unit test"}
try:
keychain = read_keychain(keychain_file, create_default=False)
entries = get_auth_entries("https://raw.githubusercontent.com/",
keychain)
self.assertTrue(entries)
updated_keychain = update_keychain(deleted_entries,
keychain_file=keychain_file,
delete=True)
logger.info("Updated keychain: %s" % json.dumps(updated_keychain))
entries = get_auth_entries("https://raw.githubusercontent.com/",
updated_keychain)
self.assertFalse(entries)
except Exception as e:
self.fail(bdbag.get_typed_exception(e))
def test_update_keychain_del_single(self):
logger.info(self.getTestHeader('test update keychain del single'))
keychain_file = ospj(self.test_config_dir, 'test-keychain-8.json')
deleted_entry = {
"uri": "ftp://ftp.nist.gov/",
"auth_type": "ftp-basic"
}
try:
keychain = read_keychain(keychain_file, create_default=False)
entries = get_auth_entries("ftp://ftp.nist.gov/", keychain)
self.assertTrue(len(entries) == 1)
updated_keychain = update_keychain(deleted_entry,
keychain_file=keychain_file,
delete=True)
logger.info("Updated keychain: %s" % json.dumps(updated_keychain))
entries = get_auth_entries("ftp://ftp.nist.gov/", updated_keychain)
self.assertFalse(entries)
except Exception as e:
self.fail(bdbag.get_typed_exception(e))
def test_update_keychain_del_multi(self):
logger.info(self.getTestHeader('test update keychain del multi'))
keychain_file = ospj(self.test_config_dir, 'test-keychain-8.json')
deleted_entries = [{
"uri": "https://raw.githubusercontent.com/",
"auth_type": "http-basic"
}, {
"uri": "https://raw.githubusercontent.com/",
"auth_type": "bearer-token"
}]
try:
keychain = read_keychain(keychain_file, create_default=False)
entries = get_auth_entries("https://raw.githubusercontent.com/",
keychain)
self.assertTrue(entries)
updated_keychain = update_keychain(deleted_entries,
keychain_file=keychain_file,
delete=True)
logger.info("Updated keychain: %s" % json.dumps(updated_keychain))
entries = get_auth_entries("https://raw.githubusercontent.com/",
updated_keychain)
self.assertFalse(entries)
except Exception as e:
self.fail(bdbag.get_typed_exception(e))
def test_update_keychain_add_single(self):
logger.info(self.getTestHeader('test update keychain add single'))
keychain_file = ospj(self.test_config_dir, 'test-keychain-8.json')
added_entry = {
"uri": "https://foo.bar.com/",
"auth_type": "http-basic",
"auth_params": {
"auth_method": "get",
"username": "******",
"password": "******"
}
}
try:
keychain = read_keychain(keychain_file, create_default=False)
entries = get_auth_entries("https://foo.bar.com/", keychain)
self.assertFalse(entries)
updated_keychain = update_keychain(added_entry,
keychain_file=keychain_file)
logger.info("Updated keychain: %s" % json.dumps(updated_keychain))
entries = get_auth_entries("https://foo.bar.com/",
updated_keychain)
self.assertTrue(len(entries) == 1)
except Exception as e:
self.fail(bdbag.get_typed_exception(e))
def get_credentials(url, auth_config):
credentials = None
for auth in keychain.get_auth_entries(url, auth_config):
if not validate_auth_config(auth):
continue
auth_type = auth.get("auth_type")
auth_params = auth.get("auth_params")
if auth_type == 'aws-credentials':
credentials = auth_params
break
return credentials
def get_credentials(url, auth_config):
credentials = (None, None)
for auth in keychain.get_auth_entries(url, auth_config):
if not validate_auth_config(auth):
continue
auth_type = auth.get("auth_type")
auth_params = auth.get("auth_params", {})
if auth_type == 'globus_transfer':
transfer_token = auth_params.get("transfer_token")
local_endpoint = auth_params.get("local_endpoint")
credentials = (transfer_token, local_endpoint)
break
return credentials
def get_credentials(url, auth_config):
credentials = (None, None)
for auth in keychain.get_auth_entries(url, auth_config):
if not validate_auth_config(auth):
continue
auth_type = auth.get("auth_type")
auth_params = auth.get("auth_params", {})
username = auth_params.get("username")
password = auth_params.get("password")
if auth_type == 'ftp-basic':
credentials = (username, password)
break
return credentials
def test_update_keychain_multi(self):
logger.info(self.getTestHeader('test update keychain multi'))
keychain_file = ospj(self.test_config_dir, 'test-keychain-8.json')
updated_entries = [{
"uri": "https://raw.githubusercontent.com/",
"auth_type": "http-basic",
"auth_params": {
"auth_method": "get",
"username": "******",
"password": "******"
}
}, {
"uri": "https://raw.githubusercontent.com/",
"auth_type": "bearer-token",
"auth_params": {
"token": "bar",
"allow_redirects_with_token": "True",
"additional_request_headers": {
"X-Requested-With": "XMLHttpRequest"
}
}
}]
try:
updated_keychain = update_keychain(updated_entries,
keychain_file=keychain_file)
logger.info("Updated keychain: %s" % json.dumps(updated_keychain))
entries = get_auth_entries("https://raw.githubusercontent.com/",
updated_keychain)
found1 = found2 = False
for entry in entries:
if entry["auth_type"] == "http-basic":
if entry["auth_params"]["password"] == "bar!":
found1 = True
if entry["auth_type"] == "bearer-token":
if entry["auth_params"][
"allow_redirects_with_token"] == "True":
found2 = True
self.assertTrue(found1 and found2)
except Exception as e:
self.fail(bdbag.get_typed_exception(e))
def test_update_keychain_invalid_params(self):
logger.info(self.getTestHeader('test update keychain invalid params'))
keychain_file = ospj(self.test_config_dir, 'test-keychain-8.json')
deleted_entries = [{
"uri": "https://raw.githubusercontent.com/",
}, {
"auth_type": "bearer-token"
}, {
"uri": "ftp://ftp.nist.gov/",
"tag": "invalid"
}]
try:
keychain = read_keychain(keychain_file, create_default=False)
entries = get_auth_entries("https://raw.githubusercontent.com/",
keychain)
self.assertTrue(entries)
updated_keychain = update_keychain(deleted_entries,
keychain_file=keychain_file,
delete=True)
logger.info("Updated keychain: %s" % json.dumps(updated_keychain))
self.assertTrue(len(updated_keychain) == 3)
except Exception as e:
self.fail(bdbag.get_typed_exception(e))
def get_session(url, auth_config, config):
session = None
response = None
for auth in keychain.get_auth_entries(url, auth_config):
try:
if not validate_auth_config(auth):
continue
uri = auth.get("uri")
if uri in SESSIONS:
session = SESSIONS[uri]
break
else:
session = init_new_session(config["session_config"])
auth_type = auth.get("auth_type")
auth_params = auth.get("auth_params", {})
if auth_type == 'cookie':
if auth_params:
cookies = auth_params.get("cookies", [])
if cookies:
for cookie in cookies:
name, value = cookie.split('=', 1)
session.cookies.set(name,
value,
domain=urlsplit(uri).hostname,
path='/')
session.headers.update(
auth_params.get("additional_request_headers", {}))
SESSIONS[uri] = session
break
if auth_type == 'bearer-token':
token = auth_params.get("token")
if token:
session.headers.update(
{"Authorization": "Bearer " + token})
session.headers.update(
auth_params.get("additional_request_headers", {}))
SESSIONS[uri] = session
break
else:
logging.warning(
"Missing required parameters [token] for auth_type [%s] for keychain entry [%s]"
% (auth_type, uri))
# if we get here the assumption is that the auth_type is either http-basic or http-form and that an
# actual session "login" request is necessary
auth_uri = auth.get("auth_uri", uri)
username = auth_params.get("username")
password = auth_params.get("password")
if not (username and password):
logging.warning(
"Missing required parameters [username, password] for auth_type [%s] for keychain entry [%s]"
% (auth_type, uri))
continue
session.headers.update(
auth_params.get("additional_request_headers", {}))
auth_method = auth_params.get("auth_method", "post")
if auth_type == 'http-basic':
session.auth = (username, password)
if auth_method:
auth_method = auth_method.lower()
if auth_method == 'post':
response = session.post(auth_uri, auth=session.auth)
elif auth_method == 'get':
response = session.get(auth_uri, auth=session.auth)
else:
logging.warning(
"Unsupported auth_method [%s] for auth_type [%s] for keychain entry [%s]"
% (auth_method, auth_type, uri))
elif auth_type == 'http-form':
username_field = auth_params.get("username_field", "username")
password_field = auth_params.get("password_field", "password")
response = session.post(auth_uri, {
username_field: username,
password_field: password
})
if response.status_code > 203:
logger.warning(
'Authentication failed with Status Code: %s %s\n' %
(response.status_code, response.text))
else:
logger.info("Session established: %s", uri)
SESSIONS[uri] = session
break
except Exception as e:
logger.warning(
"Unhandled exception during HTTP(S) authentication: %s" %
get_typed_exception(e))
if not session:
url_parts = urlsplit(url)
base_url = str("%s://%s" % (url_parts.scheme, url_parts.netloc))
session = SESSIONS.get(base_url, None)
if not session:
session = init_new_session(config["session_config"])
SESSIONS[base_url] = session
return session
def get_auth(url, auth_config):
for auth in keychain.get_auth_entries(url, auth_config):
if validate_auth_config(auth):
return auth
return None