def test_identify_with_required_https(self):
plugin = BrowserIDPlugin(["localhost"],
check_https=True,
check_referer=False)
assertion = make_fake_assertion("*****@*****.**")
body = "assertion=%s&csrf_token=123456" % (assertion, )
# This one fails due to not being over https.
environ = make_environ(REQUEST_METHOD="POST",
HTTP_COOKIE="browserid_csrf_token=123456",
CONTENT_LENGTH=len(body),
PATH_INFO=plugin.postback_url)
environ["wsgi.input"] = StringIO(body)
identity = plugin.identify(environ)
self.assertEquals(identity, None)
self.assertEquals(environ[_ENVKEY_ERROR_MESSAGE],
"Login requests must use a secure connection")
# This one still works OK.
environ = make_environ(REQUEST_METHOD="POST",
HTTP_COOKIE="browserid_csrf_token=123456",
CONTENT_LENGTH=len(body),
PATH_INFO=plugin.postback_url)
environ["wsgi.input"] = StringIO(body)
environ["wsgi.url_scheme"] = "https"
identity = plugin.identify(environ)
self.assertEquals(identity["browserid.assertion"], assertion)
def test_auth_with_good_assertion(self):
plugin = BrowserIDPlugin(["localhost"], verifier=DummyVerifierValid())
environ = make_environ()
assertion = make_fake_assertion("*****@*****.**")
identity = {"browserid.assertion": assertion}
userid = plugin.authenticate(environ, identity)
self.assertEquals(userid, "*****@*****.**")
def test_auth_with_good_assertion(self):
plugin = BrowserIDPlugin(["localhost"], verifier=DummyVerifierValid())
environ = make_environ()
assertion = make_fake_assertion("*****@*****.**")
identity = {"browserid.assertion": assertion}
userid = plugin.authenticate(environ, identity)
self.assertEquals(userid, "*****@*****.**")
def test_auth_with_malformed_assertion(self):
plugin = BrowserIDPlugin(["localhost"], verifier=DummyVerifierValid())
environ = make_environ()
identity = {"browserid.assertion": "JUNK"}
userid = plugin.authenticate(environ, identity)
self.assertEquals(userid, None)
self.assertEquals(environ[_ENVKEY_ERROR_MESSAGE],
"Malformed BrowserID assertion")
def test_auth_with_no_assertion(self):
plugin = BrowserIDPlugin(None, verifier=DummyVerifierValid())
environ = make_environ()
identity = {"some other thing": "not browserid"}
userid = plugin.authenticate(environ, identity)
self.assertEquals(userid, None)
self.assertEquals(environ[_ENVKEY_ERROR_MESSAGE],
"No BrowserID assertion found")
def test_auth_with_no_assertion(self):
plugin = BrowserIDPlugin(None, verifier=DummyVerifierValid())
environ = make_environ()
identity = {"some other thing": "not browserid"}
userid = plugin.authenticate(environ, identity)
self.assertEquals(userid, None)
self.assertEquals(environ[_ENVKEY_ERROR_MESSAGE],
"No BrowserID assertion found")
def test_auth_with_malformed_assertion(self):
plugin = BrowserIDPlugin(["localhost"], verifier=DummyVerifierValid())
environ = make_environ()
identity = {"browserid.assertion": "JUNK"}
userid = plugin.authenticate(environ, identity)
self.assertEquals(userid, None)
self.assertEquals(environ[_ENVKEY_ERROR_MESSAGE],
"Malformed BrowserID assertion")
def test_auth_with_unrecognised_audience(self):
plugin = BrowserIDPlugin(["GOOD"], verifier=DummyVerifierValid())
environ = make_environ(HTTP_HOST="BAD")
assertion = make_fake_assertion("*****@*****.**", "BAD")
identity = {"browserid.assertion": assertion}
userid = plugin.authenticate(environ, identity)
self.assertEquals(userid, None)
self.assertEquals(environ[_ENVKEY_ERROR_MESSAGE],
"Invalid BrowserID assertion")
def test_auth_with_unrecognised_audience(self):
plugin = BrowserIDPlugin(["GOOD"], verifier=DummyVerifierValid())
environ = make_environ(HTTP_HOST="BAD")
assertion = make_fake_assertion("*****@*****.**", "BAD")
identity = {"browserid.assertion": assertion}
userid = plugin.authenticate(environ, identity)
self.assertEquals(userid, None)
self.assertEquals(environ[_ENVKEY_ERROR_MESSAGE],
"Invalid BrowserID assertion")
def test_auth_with_invalid_assertion(self):
plugin = BrowserIDPlugin(["localhost"],
verifier=DummyVerifierInvalid())
environ = make_environ()
assertion = make_fake_assertion("*****@*****.**")
identity = {"browserid.assertion": assertion}
userid = plugin.authenticate(environ, identity)
self.assertEquals(userid, None)
self.assertEquals(environ[_ENVKEY_ERROR_MESSAGE],
"Invalid BrowserID assertion")
def test_identify_with_GET_vars(self):
plugin = BrowserIDPlugin(["localhost"])
assertion = make_fake_assertion("*****@*****.**")
query_string = "/?assertion=%s&csrf_token=123456" % (assertion,)
environ = make_environ(REQUEST_METHOD="GET",
HTTP_COOKIE="browserid_csrf_token=123456",
PATH_INFO=plugin.postback_url,
QUERY_STRING=query_string)
identity = plugin.identify(environ)
self.assertEquals(identity, None)
def test_identify_with_GET_vars(self):
plugin = BrowserIDPlugin(["localhost"])
assertion = make_fake_assertion("*****@*****.**")
query_string = "/?assertion=%s&csrf_token=123456" % (assertion, )
environ = make_environ(REQUEST_METHOD="GET",
HTTP_COOKIE="browserid_csrf_token=123456",
PATH_INFO=plugin.postback_url,
QUERY_STRING=query_string)
identity = plugin.identify(environ)
self.assertEquals(identity, None)
def test_auth_with_invalid_assertion(self):
plugin = BrowserIDPlugin(["localhost"],
verifier=DummyVerifierInvalid())
environ = make_environ()
assertion = make_fake_assertion("*****@*****.**")
identity = {"browserid.assertion": assertion}
userid = plugin.authenticate(environ, identity)
self.assertEquals(userid, None)
self.assertEquals(environ[_ENVKEY_ERROR_MESSAGE],
"Invalid BrowserID assertion")
def test_identify_with_missing_csrf(self):
plugin = BrowserIDPlugin(None)
assertion = make_fake_assertion("*****@*****.**")
body = "assertion=%s&csrf_token=987654" % (assertion,)
environ = make_environ(REQUEST_METHOD="POST",
HTTP_COOKIE="browserid_csrf_token=",
CONTENT_LENGTH=len(body),
PATH_INFO=plugin.postback_url)
environ["wsgi.input"] = StringIO(body)
identity = plugin.identify(environ)
self.assertEquals(identity, None)
def test_identify_with_missing_csrf(self):
plugin = BrowserIDPlugin(None)
assertion = make_fake_assertion("*****@*****.**")
body = "assertion=%s&csrf_token=987654" % (assertion, )
environ = make_environ(REQUEST_METHOD="POST",
HTTP_COOKIE="browserid_csrf_token=",
CONTENT_LENGTH=len(body),
PATH_INFO=plugin.postback_url)
environ["wsgi.input"] = StringIO(body)
identity = plugin.identify(environ)
self.assertEquals(identity, None)
def test_identify_with_malformed_assertion(self):
plugin = BrowserIDPlugin(["localhost"])
body = "assertion=%s&csrf_token=123456" % ("JUNK", )
environ = make_environ(REQUEST_METHOD="POST",
HTTP_COOKIE="browserid_csrf_token=123456",
CONTENT_LENGTH=len(body),
PATH_INFO=plugin.postback_url)
environ["wsgi.input"] = StringIO(body)
identity = plugin.identify(environ)
self.assertEquals(identity, None)
self.assertEquals(environ[_ENVKEY_ERROR_MESSAGE],
"Malformed BrowserID assertion")
def test_identify_with_malformed_assertion(self):
plugin = BrowserIDPlugin(["localhost"])
body = "assertion=%s&csrf_token=123456" % ("JUNK",)
environ = make_environ(REQUEST_METHOD="POST",
HTTP_COOKIE="browserid_csrf_token=123456",
CONTENT_LENGTH=len(body),
PATH_INFO=plugin.postback_url)
environ["wsgi.input"] = StringIO(body)
identity = plugin.identify(environ)
self.assertEquals(identity, None)
self.assertEquals(environ[_ENVKEY_ERROR_MESSAGE],
"Malformed BrowserID assertion")
def test_identify_with_POST_vars(self):
plugin = BrowserIDPlugin()
body = "[email protected]"
environ = make_environ(REQUEST_METHOD="POST", CONTENT_LENGTH=len(body))
environ["wsgi.input"] = StringIO(body)
identity = plugin.identify(environ)
# This fails since we're not at the postback url.
self.assertEquals(identity, None)
# This works since we're at the postback url.
environ = make_environ(REQUEST_METHOD="POST", CONTENT_LENGTH=len(body), PATH_INFO=plugin.postback_url)
environ["wsgi.input"] = StringIO(body)
identity = plugin.identify(environ)
self.assertEquals(identity["browserid.assertion"], "*****@*****.**")
def test_identify_with_missing_referer(self):
plugin = BrowserIDPlugin(["localhost"])
assertion = make_fake_assertion("*****@*****.**")
body = "assertion=%s&csrf_token=123456" % (assertion, )
environ = make_environ(REQUEST_METHOD="POST",
HTTP_COOKIE="browserid_csrf_token=123456",
CONTENT_LENGTH=len(body),
PATH_INFO=plugin.postback_url)
environ["wsgi.input"] = StringIO(body)
# By default we don't check referer for http connections.
environ["wsgi.url_scheme"] = "http"
identity = plugin.identify(environ)
self.assertEquals(identity["browserid.assertion"], assertion)
# But we do check them for https connections.
environ["wsgi.url_scheme"] = "https"
identity = plugin.identify(environ)
self.assertEquals(identity, None)
def test_identify_with_missing_referer(self):
plugin = BrowserIDPlugin(["localhost"])
assertion = make_fake_assertion("*****@*****.**")
body = "assertion=%s&csrf_token=123456" % (assertion,)
environ = make_environ(REQUEST_METHOD="POST",
HTTP_COOKIE="browserid_csrf_token=123456",
CONTENT_LENGTH=len(body),
PATH_INFO=plugin.postback_url)
environ["wsgi.input"] = StringIO(body)
# By default we don't check referer for http connections.
environ["wsgi.url_scheme"] = "http"
identity = plugin.identify(environ)
self.assertEquals(identity["browserid.assertion"], assertion)
# But we do check them for https connections.
environ["wsgi.url_scheme"] = "https"
identity = plugin.identify(environ)
self.assertEquals(identity, None)
def test_identify_with_POST_vars(self):
plugin = BrowserIDPlugin(["localhost"])
assertion = make_fake_assertion("*****@*****.**")
body = "assertion=%s&csrf_token=123456" % (assertion,)
environ = make_environ(REQUEST_METHOD="POST",
HTTP_COOKIE="browserid_csrf_token=123456",
CONTENT_LENGTH=len(body))
environ["wsgi.input"] = StringIO(body)
identity = plugin.identify(environ)
# This fails since we're not at the postback url.
self.assertEquals(identity, None)
# This works since we're at the postback url.
environ = make_environ(REQUEST_METHOD="POST",
HTTP_COOKIE="browserid_csrf_token=123456",
CONTENT_LENGTH=len(body),
PATH_INFO=plugin.postback_url)
environ["wsgi.input"] = StringIO(body)
identity = plugin.identify(environ)
self.assertEquals(identity["browserid.assertion"], assertion)
def test_identify_with_POST_vars(self):
plugin = BrowserIDPlugin(["localhost"])
assertion = make_fake_assertion("*****@*****.**")
body = "assertion=%s&csrf_token=123456" % (assertion, )
environ = make_environ(REQUEST_METHOD="POST",
HTTP_COOKIE="browserid_csrf_token=123456",
CONTENT_LENGTH=len(body))
environ["wsgi.input"] = StringIO(body)
identity = plugin.identify(environ)
# This fails since we're not at the postback url.
self.assertEquals(identity, None)
# This works since we're at the postback url.
environ = make_environ(REQUEST_METHOD="POST",
HTTP_COOKIE="browserid_csrf_token=123456",
CONTENT_LENGTH=len(body),
PATH_INFO=plugin.postback_url)
environ["wsgi.input"] = StringIO(body)
identity = plugin.identify(environ)
self.assertEquals(identity["browserid.assertion"], assertion)
def test_identify_with_required_https(self):
plugin = BrowserIDPlugin(["localhost"], check_https=True,
check_referer=False)
assertion = make_fake_assertion("*****@*****.**")
body = "assertion=%s&csrf_token=123456" % (assertion,)
# This one fails due to not being over https.
environ = make_environ(REQUEST_METHOD="POST",
HTTP_COOKIE="browserid_csrf_token=123456",
CONTENT_LENGTH=len(body),
PATH_INFO=plugin.postback_url)
environ["wsgi.input"] = StringIO(body)
identity = plugin.identify(environ)
self.assertEquals(identity, None)
self.assertEquals(environ[_ENVKEY_ERROR_MESSAGE],
"Login requests must use a secure connection")
# This one still works OK.
environ = make_environ(REQUEST_METHOD="POST",
HTTP_COOKIE="browserid_csrf_token=123456",
CONTENT_LENGTH=len(body),
PATH_INFO=plugin.postback_url)
environ["wsgi.input"] = StringIO(body)
environ["wsgi.url_scheme"] = "https"
identity = plugin.identify(environ)
self.assertEquals(identity["browserid.assertion"], assertion)
def test_auth_with_no_assertion(self):
plugin = BrowserIDPlugin(urlopen=urlopen_valid)
environ = make_environ(HTTP_HOST="localhost")
identity = {"some other thing": "not browserid"}
userid = plugin.authenticate(environ, identity)
self.assertEquals(userid, None)
def test_identify_with_no_credentials(self):
plugin = BrowserIDPlugin(None)
environ = make_environ()
identity = plugin.identify(environ)
self.assertEquals(identity, None)
def test_identify_with_invalid_authz_header(self):
plugin = BrowserIDPlugin()
authz = "SomeOtherScheme [email protected]"
environ = make_environ(HTTP_AUTHORIZATION=authz)
identity = plugin.identify(environ)
self.assertEquals(identity, None)
def test_auth_with_bad_assertion(self):
plugin = BrowserIDPlugin(urlopen=urlopen_invalid)
environ = make_environ(HTTP_HOST="localhost")
identity = {"browserid.assertion": "*****@*****.**"}
userid = plugin.authenticate(environ, identity)
self.assertEquals(userid, None)
def test_identify_with_GET_vars(self):
plugin = BrowserIDPlugin()
qs = "[email protected]"
environ = make_environ(QUERY_STRING=qs)
identity = plugin.identify(environ)
self.assertEquals(identity["browserid.assertion"], "*****@*****.**")
def test_auth_with_no_audience(self):
plugin = BrowserIDPlugin(urlopen=urlopen_valid)
environ = make_environ()
identity = {"browserid.assertion": "*****@*****.**"}
userid = plugin.authenticate(environ, identity)
self.assertEquals(userid, None)
def test_identify_with_authz_header(self):
plugin = BrowserIDPlugin()
authz = "BrowserID [email protected]"
environ = make_environ(HTTP_AUTHORIZATION=authz)
identity = plugin.identify(environ)
self.assertEquals(identity["browserid.assertion"], "*****@*****.**")
def test_identify_with_no_credentials(self):
plugin = BrowserIDPlugin(None)
environ = make_environ()
identity = plugin.identify(environ)
self.assertEquals(identity, None)
