def test_01_write_update_delete_cache(self):
teststart = datetime.datetime.utcnow()
r = add_to_cache(self.username, self.realm, self.resolver,
self.password)
self.assertTrue(r > 0)
auth = AuthCache.query.filter(AuthCache.id == r).first()
self.assertEqual(auth.username, self.username)
self.assertEqual(auth.authentication, _hash_password(self.password))
self.assertTrue(auth.first_auth > teststart)
self.assertEqual(auth.last_auth, auth.first_auth)
update_cache_last_auth(r)
auth = AuthCache.query.filter(AuthCache.id == r).first()
self.assertTrue(auth.last_auth > teststart)
r_delete = delete_from_cache(self.username, self.realm, self.resolver,
self.password)
self.assertEqual(r, r_delete)
auth = AuthCache.query.filter(
AuthCache.username == self.username).first()
self.assertEqual(auth, None)
def test_01_write_update_delete_cache(self):
teststart = datetime.datetime.utcnow()
r = add_to_cache(self.username, self.realm, self.resolver,
auth_hash=self.pw_hash)
self.assertTrue(r > 0)
auth = AuthCache.query.filter(AuthCache.id == r).first()
self.assertEqual(auth.username, self.username)
self.assertEqual(auth.authentication, self.pw_hash)
self.assertTrue(auth.first_auth > teststart)
self.assertEqual(auth.last_auth, None)
update_cache_last_auth(r)
auth = AuthCache.query.filter(AuthCache.id == r).first()
self.assertTrue(auth.last_auth > teststart)
r_delete = delete_from_cache(self.username, self.realm, self.resolver,
self.pw_hash)
self.assertEqual(r, r_delete)
auth = AuthCache.query.filter(AuthCache.username ==
self.username).first()
self.assertEqual(auth, None)
def test_12_authcache(self):
password = "******"
username = "******"
realm = "myrealm"
resolver = "reso001"
r = save_resolver({"resolver": "reso001",
"type": "passwdresolver",
"fileName": "tests/testdata/passwords"})
(added, failed) = set_realm("myrealm", ["reso001"])
def fake_check_user_pass(user, passw, options=None):
return True, {"message": "Fake Authentication"}
set_policy(name="pol1",
scope=SCOPE.AUTH,
realm=realm,
resolver=resolver,
action="{0!s}={1!s}".format(ACTION.AUTH_CACHE, "4h/5m"))
g = FakeFlaskG()
P = PolicyClass()
g.policy_object = P
g.audit_object = FakeAudit()
options = {"g": g}
# This successfully authenticates against the authcache
# We have an authentication, that is within the policy timeout
AuthCache(username, realm, resolver, _hash_password(password),
first_auth=datetime.datetime.utcnow() - timedelta(hours=3),
last_auth=datetime.datetime.utcnow() - timedelta(minutes=1)).save()
r = auth_cache(fake_check_user_pass, User("cornelius", "myrealm"),
password, options=options)
self.assertTrue(r[0])
self.assertEqual(r[1].get("message"), "Authenticated by AuthCache." )
# We have an authentication, that is not read from the authcache,
# since the authcache first_auth is too old.
delete_from_cache(username, realm, resolver, password)
AuthCache(username, realm, resolver, _hash_password(password),
first_auth=datetime.datetime.utcnow() - timedelta(hours=5),
last_auth=datetime.datetime.utcnow() - timedelta(
minutes=1)).save()
r = auth_cache(fake_check_user_pass, User("cornelius", "myrealm"),
password, options=options)
self.assertTrue(r[0])
self.assertEqual(r[1].get("message"), "Fake Authentication")
# We have an authentication, that is not read from authcache, since
# the last_auth is too old = 10 minutes.
delete_from_cache(username, realm, resolver, password)
AuthCache(username, realm, resolver, _hash_password(password),
first_auth=datetime.datetime.utcnow() - timedelta(hours=1),
last_auth=datetime.datetime.utcnow() - timedelta(
minutes=10)).save()
r = auth_cache(fake_check_user_pass, User("cornelius", "myrealm"),
password, options=options)
self.assertTrue(r[0])
self.assertEqual(r[1].get("message"), "Fake Authentication")
# We have a policy, with no special last_auth
delete_policy("pol1")
set_policy(name="pol1",
scope=SCOPE.AUTH,
realm=realm,
resolver=resolver,
action="{0!s}={1!s}".format(ACTION.AUTH_CACHE, "4h"))
g = FakeFlaskG()
P = PolicyClass()
g.policy_object = P
g.audit_object = FakeAudit()
options = {"g": g}
delete_from_cache(username, realm, resolver, password)
AuthCache(username, realm, resolver, _hash_password(password),
first_auth=datetime.datetime.utcnow() - timedelta(hours=2),
last_auth=datetime.datetime.utcnow() - timedelta(
hours=1)).save()
r = auth_cache(fake_check_user_pass, User("cornelius", "myrealm"),
password, options=options)
self.assertTrue(r[0])
self.assertEqual(r[1].get("message"), "Authenticated by AuthCache.")
# Clean up
delete_policy("pol1")
delete_realm("myrealm")
delete_resolver("reso001")
def test_12_authcache(self):
password = "******"
username = "******"
realm = "myrealm"
resolver = "reso001"
pw_hash = binascii.hexlify(hashlib.sha256(password).digest())
r = save_resolver({"resolver": "reso001",
"type": "passwdresolver",
"fileName": "tests/testdata/passwords"})
(added, failed) = set_realm("myrealm", ["reso001"])
def fake_check_user_pass(user, passw, options=None):
return True, {"message": "Fake Authentication"}
set_policy(name="pol1",
scope=SCOPE.AUTH,
realm=realm,
resolver=resolver,
action="{0!s}={1!s}".format(ACTION.AUTH_CACHE, "4h/5m"))
g = FakeFlaskG()
P = PolicyClass()
g.policy_object = P
g.audit_object = FakeAudit()
options = {"g": g}
# This successfully authenticates against the authcache
# We have an authentication, that is within the policy timeout
AuthCache(username, realm, resolver, pw_hash,
first_auth=datetime.datetime.utcnow() - timedelta(hours=3),
last_auth=datetime.datetime.utcnow() - timedelta(minutes=1)).save()
r = auth_cache(fake_check_user_pass, User("cornelius", "myrealm"),
password, options=options)
self.assertTrue(r[0])
self.assertEqual(r[1].get("message"), "Authenticated by AuthCache." )
# We have an authentication, that is not read from the authcache,
# since the authcache first_auth is too old.
delete_from_cache(username, realm, resolver, pw_hash)
AuthCache(username, realm, resolver, pw_hash,
first_auth=datetime.datetime.utcnow() - timedelta(hours=5),
last_auth=datetime.datetime.utcnow() - timedelta(
minutes=1)).save()
r = auth_cache(fake_check_user_pass, User("cornelius", "myrealm"),
password, options=options)
self.assertTrue(r[0])
self.assertEqual(r[1].get("message"), "Fake Authentication")
# We have an authentication, that is not read from authcache, since
# the last_auth is too old = 10 minutes.
delete_from_cache(username, realm, resolver, pw_hash)
AuthCache(username, realm, resolver, pw_hash,
first_auth=datetime.datetime.utcnow() - timedelta(hours=1),
last_auth=datetime.datetime.utcnow() - timedelta(
minutes=10)).save()
r = auth_cache(fake_check_user_pass, User("cornelius", "myrealm"),
password, options=options)
self.assertTrue(r[0])
self.assertEqual(r[1].get("message"), "Fake Authentication")
# We have a policy, with no special last_auth
delete_policy("pol1")
set_policy(name="pol1",
scope=SCOPE.AUTH,
realm=realm,
resolver=resolver,
action="{0!s}={1!s}".format(ACTION.AUTH_CACHE, "4h"))
g = FakeFlaskG()
P = PolicyClass()
g.policy_object = P
g.audit_object = FakeAudit()
options = {"g": g}
delete_from_cache(username, realm, resolver, pw_hash)
AuthCache(username, realm, resolver, pw_hash,
first_auth=datetime.datetime.utcnow() - timedelta(hours=2),
last_auth=datetime.datetime.utcnow() - timedelta(
hours=1)).save()
r = auth_cache(fake_check_user_pass, User("cornelius", "myrealm"),
password, options=options)
self.assertTrue(r[0])
self.assertEqual(r[1].get("message"), "Authenticated by AuthCache.")
# Clean up
delete_policy("pol1")
delete_realm("myrealm")
delete_resolver("reso001")
def test_06_delete_other_invalid_entries(self):
# Test deletion of expired entries
r1 = add_to_cache(self.username, self.realm, self.resolver,
u"somethingDifferent")
r2 = add_to_cache(self.username, self.realm, self.resolver,
self.password)
auth1 = AuthCache.query.filter(AuthCache.id == r1).first()
auth2 = AuthCache.query.filter(AuthCache.id == r2).first()
last_valid_cache_time = auth1.first_auth
new_valid_cache_time = auth2.first_auth
self.assertFalse(auth1.first_auth == auth2.first_auth)
# delete entries where password matches or first_auth is older than last_valid_cache_time
delete_from_cache(self.username,
self.realm,
self.resolver,
self.password,
last_valid_cache_time=last_valid_cache_time)
auth = AuthCache.query.filter(
AuthCache.username == self.username).first()
# r2 should have been deleted since the password matches,
# r1 is still there since it's first_auth is equal to last_valid_cache_time
self.assertEqual(auth.id, r1)
# by setting the last_valid_cache_time to the first_auth of r2, the
# entry r1 should be deleted as well
delete_from_cache(self.username,
self.realm,
self.resolver,
'unknown_pw',
last_valid_cache_time=new_valid_cache_time)
auth = AuthCache.query.filter(
AuthCache.username == self.username).first()
self.assertEqual(None, auth)
# Test deletion if max_auths is reached
r1 = add_to_cache(self.username, self.realm, self.resolver,
self.password)
r2 = add_to_cache(self.username, self.realm, self.resolver,
u"somethingDifferent")
update_cache(r2)
update_cache(r2)
auth2 = AuthCache.query.filter(AuthCache.id == r2).first()
self.assertEqual(2, auth2.auth_count)
# this deletes the entries matching the password and max_auth
delete_from_cache(self.username,
self.realm,
self.resolver,
self.password,
max_auths=2)
auth = AuthCache.query.filter(
AuthCache.username == self.username).first()
self.assertEqual(auth, None)
