def testIsRead(self):
conf.use_test_db(False)
# Simple read cases
gitaccess = GITAccessControl(DummyReq("cartman", "cartmans_pw", "GET", "/git/storageauthtest", ""))
self.assertTrue(gitaccess.is_read())
gitaccess = GITAccessControl(DummyReq("cartman", "cartmans_pw", "GET", "/git/storageauthtest.git", ""))
self.assertTrue(gitaccess.is_read())
# Simple write cases
gitaccess = GITAccessControl(
DummyReq("cartman", "cartmans_pw", "GET", "/git/storageauthtest.git", "service=git-receive-pack&some=other")
)
self.assertFalse(gitaccess.is_read())
gitaccess = GITAccessControl(
DummyReq("cartman", "cartmans_pw", "GET", "/git/storageauthtest.git", "some=other&service=git-receive-pack")
)
self.assertFalse(gitaccess.is_read())
gitaccess = GITAccessControl(
DummyReq("cartman", "cartmans_pw", "GET", "/git/storageauthtest.git/refs/jotain/git-receive-pack", "")
)
self.assertFalse(gitaccess.is_read())
def headerparserhandler(req):
from mod_python.apache import HTTP_UNAUTHORIZED, HTTP_FORBIDDEN, OK
control = GITAccessControl(req)
if not control.is_authentic():
req.err_headers_out['WWW-Authenticate'] = 'Basic realm="%s"' % control.options['realm']
return HTTP_UNAUTHORIZED
# Check if blocked or expired
if control.is_blocked():
return HTTP_FORBIDDEN
if not control.has_permission():
if 'Authorization' not in req.headers_in:
req.err_headers_out['WWW-Authenticate'] = 'Basic realm="%s"' % control.options['realm']
return HTTP_UNAUTHORIZED
return HTTP_FORBIDDEN
if not control.is_allowed_scheme('git'):
return HTTP_FORBIDDEN
return OK
def testProjectIdentifier(self):
conf.use_test_db(False)
# Without .git
gitaccess = GITAccessControl(DummyReq("cartman", "cartmans_pw", "GET", "/git/storageauthtest", ""))
self.assertEquals(gitaccess.environment_identifier(), "storageauthtest")
gitaccess = GITAccessControl(DummyReq("kenny", "ohmygod", "GET", "/git/iahedfba/dsfgas", ""))
self.assertEquals(gitaccess.environment_identifier(), "iahedfba")
# With .git
gitaccess = GITAccessControl(DummyReq("cartman", "cartmans_pw", "GET", "/git/storageauthtest.git", ""))
self.assertEquals(gitaccess.environment_identifier(), "storageauthtest")
gitaccess = GITAccessControl(DummyReq("kenny", "ohmygod", "GET", "/git/iahedfba.git/refs/HEAD", ""))
self.assertEquals(gitaccess.environment_identifier(), "iahedfba")
def testProjectIdentifier(self):
conf.use_test_db(False)
# Without .git
gitaccess = GITAccessControl(DummyReq('cartman', 'cartmans_pw', 'GET', '/git/storageauthtest', ''))
self.assertEquals(gitaccess.environment_identifier(), 'storageauthtest')
gitaccess = GITAccessControl(DummyReq('kenny', 'ohmygod', 'GET', '/git/iahedfba/dsfgas', ''))
self.assertEquals(gitaccess.environment_identifier(), 'iahedfba')
# With .git
gitaccess = GITAccessControl(DummyReq('cartman', 'cartmans_pw', 'GET', '/git/storageauthtest.git', ''))
self.assertEquals(gitaccess.environment_identifier(), 'storageauthtest')
gitaccess = GITAccessControl(DummyReq('kenny', 'ohmygod', 'GET', '/git/iahedfba.git/refs/HEAD', ''))
self.assertEquals(gitaccess.environment_identifier(), 'iahedfba')
def testAccess(self):
conf.use_test_db(True)
self.load_fixtures()
# Cartman has read access to storageauthtest
# Simple read cases when having read access
gitaccess = GITAccessControl(DummyReq('cartman', 'cartmans_pw', 'GET', '/git/storageauthtest', ''))
self.assertTrue(gitaccess.is_authentic())
self.assertTrue(gitaccess.has_permission())
gitaccess = GITAccessControl(DummyReq('cartman', 'cartmans_pw', 'GET', '/git/storageauthtest.git', ''))
self.assertTrue(gitaccess.is_authentic())
self.assertTrue(gitaccess.has_permission())
# Simple write cases when having read access
gitaccess = GITAccessControl(DummyReq('cartman', 'cartmans_pw', 'GET', '/git/storageauthtest.git', 'service=git-receive-pack&some=other'))
self.assertTrue(gitaccess.is_authentic())
self.assertFalse(gitaccess.has_permission())
gitaccess = GITAccessControl(DummyReq('cartman', 'cartmans_pw', 'GET', '/git/storageauthtest.git', 'some=other&service=git-receive-pack'))
self.assertTrue(gitaccess.is_authentic())
self.assertFalse(gitaccess.has_permission())
gitaccess = GITAccessControl(DummyReq('cartman', 'cartmans_pw', 'GET', '/git/storageauthtest.git/refs/jotain/git-receive-pack', ''))
self.assertTrue(gitaccess.is_authentic())
self.assertFalse(gitaccess.has_permission())
# Kenny has write access to storageauthtest
# Simple read cases when having write access
gitaccess = GITAccessControl(DummyReq('kenny', 'ohmygod', 'GET', '/git/storageauthtest', ''))
self.assertTrue(gitaccess.is_authentic())
self.assertTrue(gitaccess.has_permission())
gitaccess = GITAccessControl(DummyReq('kenny', 'ohmygod', 'GET', '/git/storageauthtest.git', ''))
self.assertTrue(gitaccess.is_authentic())
self.assertTrue(gitaccess.has_permission())
# Simple write cases when having write access
gitaccess = GITAccessControl(DummyReq('kenny', 'ohmygod', 'GET', '/git/storageauthtest.git', 'service=git-receive-pack&some=other'))
self.assertTrue(gitaccess.is_authentic())
self.assertTrue(gitaccess.has_permission())
gitaccess = GITAccessControl(DummyReq('kenny', 'ohmygod', 'GET', '/git/storageauthtest.git', 'some=other&service=git-receive-pack'))
self.assertTrue(gitaccess.is_authentic())
self.assertTrue(gitaccess.has_permission())
gitaccess = GITAccessControl(DummyReq('kenny', 'ohmygod', 'GET', '/git/storageauthtest.git/refs/jotain/git-receive-pack', ''))
self.assertTrue(gitaccess.is_authentic())
self.assertTrue(gitaccess.has_permission())
def testIsRead(self):
conf.use_test_db(False)
# Simple read cases
gitaccess = GITAccessControl(DummyReq('cartman', 'cartmans_pw', 'GET', '/git/storageauthtest', ''))
self.assertTrue(gitaccess.is_read())
gitaccess = GITAccessControl(DummyReq('cartman', 'cartmans_pw', 'GET', '/git/storageauthtest.git', ''))
self.assertTrue(gitaccess.is_read())
# Simple write cases
gitaccess = GITAccessControl(DummyReq('cartman', 'cartmans_pw', 'GET', '/git/storageauthtest.git', 'service=git-receive-pack&some=other'))
self.assertFalse(gitaccess.is_read())
gitaccess = GITAccessControl(DummyReq('cartman', 'cartmans_pw', 'GET', '/git/storageauthtest.git', 'some=other&service=git-receive-pack'))
self.assertFalse(gitaccess.is_read())
gitaccess = GITAccessControl(DummyReq('cartman', 'cartmans_pw', 'GET', '/git/storageauthtest.git/refs/jotain/git-receive-pack', ''))
self.assertFalse(gitaccess.is_read())
def testAccess(self):
conf.use_test_db(True)
self.load_fixtures()
# Cartman has read access to storageauthtest
# Simple read cases when having read access
gitaccess = GITAccessControl(DummyReq("cartman", "cartmans_pw", "GET", "/git/storageauthtest", ""))
self.assertTrue(gitaccess.is_authentic())
self.assertTrue(gitaccess.has_permission())
gitaccess = GITAccessControl(DummyReq("cartman", "cartmans_pw", "GET", "/git/storageauthtest.git", ""))
self.assertTrue(gitaccess.is_authentic())
self.assertTrue(gitaccess.has_permission())
# Simple write cases when having read access
gitaccess = GITAccessControl(
DummyReq("cartman", "cartmans_pw", "GET", "/git/storageauthtest.git", "service=git-receive-pack&some=other")
)
self.assertTrue(gitaccess.is_authentic())
self.assertFalse(gitaccess.has_permission())
gitaccess = GITAccessControl(
DummyReq("cartman", "cartmans_pw", "GET", "/git/storageauthtest.git", "some=other&service=git-receive-pack")
)
self.assertTrue(gitaccess.is_authentic())
self.assertFalse(gitaccess.has_permission())
gitaccess = GITAccessControl(
DummyReq("cartman", "cartmans_pw", "GET", "/git/storageauthtest.git/refs/jotain/git-receive-pack", "")
)
self.assertTrue(gitaccess.is_authentic())
self.assertFalse(gitaccess.has_permission())
# Kenny has write access to storageauthtest
# Simple read cases when having write access
gitaccess = GITAccessControl(DummyReq("kenny", "ohmygod", "GET", "/git/storageauthtest", ""))
self.assertTrue(gitaccess.is_authentic())
self.assertTrue(gitaccess.has_permission())
gitaccess = GITAccessControl(DummyReq("kenny", "ohmygod", "GET", "/git/storageauthtest.git", ""))
self.assertTrue(gitaccess.is_authentic())
self.assertTrue(gitaccess.has_permission())
# Simple write cases when having write access
gitaccess = GITAccessControl(
DummyReq("kenny", "ohmygod", "GET", "/git/storageauthtest.git", "service=git-receive-pack&some=other")
)
self.assertTrue(gitaccess.is_authentic())
self.assertTrue(gitaccess.has_permission())
gitaccess = GITAccessControl(
DummyReq("kenny", "ohmygod", "GET", "/git/storageauthtest.git", "some=other&service=git-receive-pack")
)
self.assertTrue(gitaccess.is_authentic())
self.assertTrue(gitaccess.has_permission())
gitaccess = GITAccessControl(
DummyReq("kenny", "ohmygod", "GET", "/git/storageauthtest.git/refs/jotain/git-receive-pack", "")
)
self.assertTrue(gitaccess.is_authentic())
self.assertTrue(gitaccess.has_permission())
