def setUp(self):
super(MacaroonTests, self).setUp()
self.issuer = DummyMacaroonIssuer()
self.useFixture(
ZopeUtilityFixture(self.issuer, IMacaroonIssuer, name='test'))
private_root = getUtility(IPrivateApplication)
self.authserver = AuthServerAPIView(private_root.authserver,
TestRequest())
def test_issueMacaroon_not_via_authserver(self):
build = self.factory.makeBinaryPackageBuild(
archive=self.factory.makeArchive(private=True))
private_root = getUtility(IPrivateApplication)
authserver = AuthServerAPIView(private_root.authserver, TestRequest())
self.assertEqual(
faults.PermissionDenied(),
authserver.issueMacaroon(
"binary-package-build", "BinaryPackageBuild", build))
def test_issueMacaroon_via_authserver(self):
build = self.factory.makeSnapBuild(snap=self.factory.makeSnap(
private=True))
private_root = getUtility(IPrivateApplication)
authserver = AuthServerAPIView(private_root.authserver, TestRequest())
macaroon = Macaroon.deserialize(
authserver.issueMacaroon("snap-build", "SnapBuild", build.id))
self.assertThat(
macaroon,
MatchesStructure(location=Equals("launchpad.dev"),
identifier=Equals("snap-build"),
caveats=MatchesListwise([
MatchesStructure.byEquality(
caveat_id="lp.snap-build %s" % build.id),
])))
class GetUserAndSSHKeysTests(TestCaseWithFactory):
"""Tests for the implementation of `IAuthServer.getUserAndSSHKeys`.
"""
layer = DatabaseFunctionalLayer
def setUp(self):
TestCaseWithFactory.setUp(self)
private_root = getUtility(IPrivateApplication)
self.authserver = AuthServerAPIView(
private_root.authserver, TestRequest())
def test_user_not_found(self):
# getUserAndSSHKeys returns the NoSuchPersonWithName fault if there is
# no Person of the given name.
self.assertEqual(
faults.NoSuchPersonWithName('no-one'),
self.authserver.getUserAndSSHKeys('no-one'))
def test_user_no_keys(self):
# getUserAndSSHKeys returns a dict with keys ['id', 'name', 'keys'].
# 'keys' refers to a list of SSH public keys in LP, which is empty for
# a freshly created user.
new_person = self.factory.makePerson()
self.assertEqual(
dict(id=new_person.id, name=new_person.name, keys=[]),
self.authserver.getUserAndSSHKeys(new_person.name))
def test_user_with_keys(self):
# For a user with registered SSH keys, getUserAndSSHKeys returns the
# name of the key type (RSA or DSA) and the text of the keys under
# 'keys' in the dict.
new_person = self.factory.makePerson()
with person_logged_in(new_person):
key = self.factory.makeSSHKey(person=new_person)
self.assertEqual(
dict(id=new_person.id, name=new_person.name,
keys=[(key.keytype.title, key.keytext)]),
self.authserver.getUserAndSSHKeys(new_person.name))
class GetUserAndSSHKeysTests(TestCaseWithFactory):
"""Tests for the implementation of `IAuthServer.getUserAndSSHKeys`.
"""
layer = DatabaseFunctionalLayer
def setUp(self):
TestCaseWithFactory.setUp(self)
private_root = getUtility(IPrivateApplication)
self.authserver = AuthServerAPIView(private_root.authserver,
TestRequest())
def test_user_not_found(self):
# getUserAndSSHKeys returns the NoSuchPersonWithName fault if there is
# no Person of the given name.
self.assertEqual(faults.NoSuchPersonWithName('no-one'),
self.authserver.getUserAndSSHKeys('no-one'))
def test_user_no_keys(self):
# getUserAndSSHKeys returns a dict with keys ['id', 'name', 'keys'].
# 'keys' refers to a list of SSH public keys in LP, which is empty for
# a freshly created user.
new_person = self.factory.makePerson()
self.assertEqual(dict(id=new_person.id, name=new_person.name, keys=[]),
self.authserver.getUserAndSSHKeys(new_person.name))
def test_user_with_keys(self):
# For a user with registered SSH keys, getUserAndSSHKeys returns the
# name of the key type (RSA or DSA) and the text of the keys under
# 'keys' in the dict.
new_person = self.factory.makePerson()
with person_logged_in(new_person):
key = self.factory.makeSSHKey(person=new_person)
self.assertEqual(
dict(id=new_person.id,
name=new_person.name,
keys=[(key.keytype.title, key.keytext)]),
self.authserver.getUserAndSSHKeys(new_person.name))
def __init__(self, *args, **kwargs):
xmlrpc.XMLRPC.__init__(self, *args, **kwargs)
private_root = getUtility(IPrivateApplication)
self.authserver = AuthServerAPIView(private_root.authserver,
TestRequest())
def setUp(self):
TestCaseWithFactory.setUp(self)
private_root = getUtility(IPrivateApplication)
self.authserver = AuthServerAPIView(
private_root.authserver, TestRequest())
def setUp(self):
TestCaseWithFactory.setUp(self)
private_root = getUtility(IPrivateApplication)
self.authserver = AuthServerAPIView(private_root.authserver,
TestRequest())
class MacaroonTests(TestCaseWithFactory):
layer = ZopelessDatabaseLayer
def setUp(self):
super(MacaroonTests, self).setUp()
self.issuer = DummyMacaroonIssuer()
self.useFixture(
ZopeUtilityFixture(self.issuer, IMacaroonIssuer, name='test'))
private_root = getUtility(IPrivateApplication)
self.authserver = AuthServerAPIView(private_root.authserver,
TestRequest())
def test_issue_unknown_issuer(self):
self.assertEqual(
faults.PermissionDenied(),
self.authserver.issueMacaroon('unknown-issuer', 'LibraryFileAlias',
1))
def test_issue_wrong_context_type(self):
self.assertEqual(
faults.PermissionDenied(),
self.authserver.issueMacaroon('unknown-issuer', 'nonsense', 1))
def test_issue_not_issuable_via_authserver(self):
self.issuer.issuable_via_authserver = False
self.assertEqual(
faults.PermissionDenied(),
self.authserver.issueMacaroon('test', 'LibraryFileAlias', 1))
def test_issue_bad_context(self):
build = self.factory.makeSnapBuild()
self.assertEqual(
faults.PermissionDenied(),
self.authserver.issueMacaroon('test', 'SnapBuild', build.id))
def test_issue_success(self):
macaroon = Macaroon.deserialize(
self.authserver.issueMacaroon('test', 'LibraryFileAlias', 1))
self.assertThat(
macaroon,
MatchesStructure(
location=Equals(config.vhost.mainsite.hostname),
identifier=Equals('test'),
caveats=MatchesListwise([
MatchesStructure.byEquality(caveat_id='lp.test 1'),
])))
def test_verify_nonsense_macaroon(self):
self.assertEqual(
faults.Unauthorized(),
self.authserver.verifyMacaroon('nonsense', 'LibraryFileAlias', 1))
def test_verify_unknown_issuer(self):
macaroon = Macaroon(location=config.vhost.mainsite.hostname,
identifier='unknown-issuer',
key='test')
self.assertEqual(
faults.Unauthorized(),
self.authserver.verifyMacaroon(macaroon.serialize(),
'LibraryFileAlias', 1))
def test_verify_wrong_context_type(self):
lfa = getUtility(ILibraryFileAliasSet)[1]
macaroon = self.issuer.issueMacaroon(lfa)
self.assertEqual(
faults.Unauthorized(),
self.authserver.verifyMacaroon(macaroon.serialize(), 'nonsense',
lfa.id))
def test_verify_wrong_context(self):
lfa = getUtility(ILibraryFileAliasSet)[1]
macaroon = self.issuer.issueMacaroon(lfa)
self.assertEqual(
faults.Unauthorized(),
self.authserver.verifyMacaroon(macaroon.serialize(),
'LibraryFileAlias', 2))
def test_verify_nonexistent_lfa(self):
macaroon = self.issuer.issueMacaroon(
getUtility(ILibraryFileAliasSet)[1])
# Pick a large ID that doesn't exist in sampledata.
lfa_id = 1000000
self.assertRaises(SQLObjectNotFound,
getUtility(ILibraryFileAliasSet).__getitem__, lfa_id)
self.assertEqual(
faults.Unauthorized(),
self.authserver.verifyMacaroon(macaroon.serialize(),
'LibraryFileAlias', lfa_id))
def test_verify_success(self):
lfa = getUtility(ILibraryFileAliasSet)[1]
macaroon = self.issuer.issueMacaroon(lfa)
self.assertThat(
self.authserver.verifyMacaroon(macaroon.serialize(),
'LibraryFileAlias', lfa.id),
Is(True))
