def test_validate(self): expiry = datetime.datetime.utcnow() + datetime.timedelta(seconds=5) expiry = int(time.mktime(expiry.timetuple())) cert_url = 'http://tester.com/cert1' expires = datetime.datetime.utcnow() + datetime.timedelta(minutes=5) unsigned_token = "un=test|client_id=test|expiry={0}|SigningSubject={1}|expiry={2}".format( expiry, cert_url, time.mktime(expires.timetuple())) unsigned_token = unsigned_token pub_key, priv_key = key.newkeys(1024) sig = rsa.sign(unsigned_token, priv_key, 'SHA-256') tmp_dir = tempfile.mkdtemp() os.environ['NEXUS_CACHE_PATH'] = tmp_dir encoded_sig = binascii.hexlify(sig) signed_token = "{0}|sig={1}".format(unsigned_token, encoded_sig) response = requests.Response() response._content = json.dumps({'pubkey': pub_key.save_pkcs1()}) def get_cert(*args, **kwargs): return namedtuple('Request', ['content', 'status_code'])( json.dumps({'pubkey': pub_key.save_pkcs1()}), 200) self.replacer.replace('requests.get', get_cert) token_utils.validate_token(signed_token) shutil.rmtree(tmp_dir)
def goauth_validate_token(self, token): """ Validate that a token was issued for the specified user and client by the server in the SigningSubject. :param token: An authentication token provided by the client. :return: username, client id and the server that issued the token. :raises ValueError: If the signature is invalid, the token is expired or the public key could not be gotten. """ return token_utils.validate_token(token, self.cache, self.verify_ssl)
def validate_token(self, token): """ Validate that a token was issued for the specified user and client by the server in the SigningSubject. :param token: An authentication token provided by the client. :return: username, client id and the server that issued the token. :raises ValueError: If the signature is invalid, the token is expired or the public key could not be gotten. """ return token_utils.validate_token(token, self.cache, self.verify_ssl)
def test_validate(self): expiry = datetime.datetime.utcnow() + datetime.timedelta(seconds=5) expiry = int(time.mktime(expiry.timetuple())) cert_url = 'http://tester.com/cert1' expires = datetime.datetime.utcnow() + datetime.timedelta(minutes=5) unsigned_token = "un=test|expiry={0}|SigningSubject={1}|expiry={2}".format(expiry, cert_url, time.mktime(expires.timetuple())) unsigned_token = unsigned_token pub_key, priv_key = key.newkeys(1024) sig = rsa.sign(unsigned_token, priv_key, 'SHA-256') tmp_dir = tempfile.mkdtemp() os.environ['NEXUS_CACHE_PATH'] = tmp_dir encoded_sig = binascii.hexlify(sig) signed_token = "{0}|sig={1}".format(unsigned_token, encoded_sig) response = requests.Response() response._content = json.dumps({'pubkey':pub_key.save_pkcs1()}) self.replacer.replace('requests.get', lambda *args, **kwargs: response) token_utils.validate_token(signed_token) shutil.rmtree(tmp_dir)
def authenticate_user(self, token): """ Authenticate a user based on the token they provide. :param token: An authentication token provided by the client. :return: True if the authentication is valid, else False """ try: return token_utils.validate_token(token, self.cache, self.verify_ssl) except ValueError: log.exception("ValueError") return None