def test_issueMacaroon_not_via_authserver(self):
build = self.factory.makeBinaryPackageBuild(
archive=self.factory.makeArchive(private=True))
private_root = getUtility(IPrivateApplication)
authserver = AuthServerAPIView(private_root.authserver, TestRequest())
self.assertEqual(
faults.PermissionDenied(),
authserver.issueMacaroon(
"binary-package-build", "BinaryPackageBuild", build))
def test_issueMacaroon_via_authserver(self):
build = self.factory.makeSnapBuild(snap=self.factory.makeSnap(
private=True))
private_root = getUtility(IPrivateApplication)
authserver = AuthServerAPIView(private_root.authserver, TestRequest())
macaroon = Macaroon.deserialize(
authserver.issueMacaroon("snap-build", "SnapBuild", build.id))
self.assertThat(
macaroon,
MatchesStructure(location=Equals("launchpad.dev"),
identifier=Equals("snap-build"),
caveats=MatchesListwise([
MatchesStructure.byEquality(
caveat_id="lp.snap-build %s" % build.id),
])))
class MacaroonTests(TestCaseWithFactory):
layer = ZopelessDatabaseLayer
def setUp(self):
super(MacaroonTests, self).setUp()
self.issuer = DummyMacaroonIssuer()
self.useFixture(
ZopeUtilityFixture(self.issuer, IMacaroonIssuer, name='test'))
private_root = getUtility(IPrivateApplication)
self.authserver = AuthServerAPIView(private_root.authserver,
TestRequest())
def test_issue_unknown_issuer(self):
self.assertEqual(
faults.PermissionDenied(),
self.authserver.issueMacaroon('unknown-issuer', 'LibraryFileAlias',
1))
def test_issue_wrong_context_type(self):
self.assertEqual(
faults.PermissionDenied(),
self.authserver.issueMacaroon('unknown-issuer', 'nonsense', 1))
def test_issue_not_issuable_via_authserver(self):
self.issuer.issuable_via_authserver = False
self.assertEqual(
faults.PermissionDenied(),
self.authserver.issueMacaroon('test', 'LibraryFileAlias', 1))
def test_issue_bad_context(self):
build = self.factory.makeSnapBuild()
self.assertEqual(
faults.PermissionDenied(),
self.authserver.issueMacaroon('test', 'SnapBuild', build.id))
def test_issue_success(self):
macaroon = Macaroon.deserialize(
self.authserver.issueMacaroon('test', 'LibraryFileAlias', 1))
self.assertThat(
macaroon,
MatchesStructure(
location=Equals(config.vhost.mainsite.hostname),
identifier=Equals('test'),
caveats=MatchesListwise([
MatchesStructure.byEquality(caveat_id='lp.test 1'),
])))
def test_verify_nonsense_macaroon(self):
self.assertEqual(
faults.Unauthorized(),
self.authserver.verifyMacaroon('nonsense', 'LibraryFileAlias', 1))
def test_verify_unknown_issuer(self):
macaroon = Macaroon(location=config.vhost.mainsite.hostname,
identifier='unknown-issuer',
key='test')
self.assertEqual(
faults.Unauthorized(),
self.authserver.verifyMacaroon(macaroon.serialize(),
'LibraryFileAlias', 1))
def test_verify_wrong_context_type(self):
lfa = getUtility(ILibraryFileAliasSet)[1]
macaroon = self.issuer.issueMacaroon(lfa)
self.assertEqual(
faults.Unauthorized(),
self.authserver.verifyMacaroon(macaroon.serialize(), 'nonsense',
lfa.id))
def test_verify_wrong_context(self):
lfa = getUtility(ILibraryFileAliasSet)[1]
macaroon = self.issuer.issueMacaroon(lfa)
self.assertEqual(
faults.Unauthorized(),
self.authserver.verifyMacaroon(macaroon.serialize(),
'LibraryFileAlias', 2))
def test_verify_nonexistent_lfa(self):
macaroon = self.issuer.issueMacaroon(
getUtility(ILibraryFileAliasSet)[1])
# Pick a large ID that doesn't exist in sampledata.
lfa_id = 1000000
self.assertRaises(SQLObjectNotFound,
getUtility(ILibraryFileAliasSet).__getitem__, lfa_id)
self.assertEqual(
faults.Unauthorized(),
self.authserver.verifyMacaroon(macaroon.serialize(),
'LibraryFileAlias', lfa_id))
def test_verify_success(self):
lfa = getUtility(ILibraryFileAliasSet)[1]
macaroon = self.issuer.issueMacaroon(lfa)
self.assertThat(
self.authserver.verifyMacaroon(macaroon.serialize(),
'LibraryFileAlias', lfa.id),
Is(True))
