def test_identify_with_required_https(self): plugin = BrowserIDPlugin(["localhost"], check_https=True, check_referer=False) assertion = make_fake_assertion("*****@*****.**") body = "assertion=%s&csrf_token=123456" % (assertion, ) # This one fails due to not being over https. environ = make_environ(REQUEST_METHOD="POST", HTTP_COOKIE="browserid_csrf_token=123456", CONTENT_LENGTH=len(body), PATH_INFO=plugin.postback_url) environ["wsgi.input"] = StringIO(body) identity = plugin.identify(environ) self.assertEquals(identity, None) self.assertEquals(environ[_ENVKEY_ERROR_MESSAGE], "Login requests must use a secure connection") # This one still works OK. environ = make_environ(REQUEST_METHOD="POST", HTTP_COOKIE="browserid_csrf_token=123456", CONTENT_LENGTH=len(body), PATH_INFO=plugin.postback_url) environ["wsgi.input"] = StringIO(body) environ["wsgi.url_scheme"] = "https" identity = plugin.identify(environ) self.assertEquals(identity["browserid.assertion"], assertion)
def test_auth_with_good_assertion(self): plugin = BrowserIDPlugin(["localhost"], verifier=DummyVerifierValid()) environ = make_environ() assertion = make_fake_assertion("*****@*****.**") identity = {"browserid.assertion": assertion} userid = plugin.authenticate(environ, identity) self.assertEquals(userid, "*****@*****.**")
def test_auth_with_malformed_assertion(self): plugin = BrowserIDPlugin(["localhost"], verifier=DummyVerifierValid()) environ = make_environ() identity = {"browserid.assertion": "JUNK"} userid = plugin.authenticate(environ, identity) self.assertEquals(userid, None) self.assertEquals(environ[_ENVKEY_ERROR_MESSAGE], "Malformed BrowserID assertion")
def test_auth_with_no_assertion(self): plugin = BrowserIDPlugin(None, verifier=DummyVerifierValid()) environ = make_environ() identity = {"some other thing": "not browserid"} userid = plugin.authenticate(environ, identity) self.assertEquals(userid, None) self.assertEquals(environ[_ENVKEY_ERROR_MESSAGE], "No BrowserID assertion found")
def test_auth_with_unrecognised_audience(self): plugin = BrowserIDPlugin(["GOOD"], verifier=DummyVerifierValid()) environ = make_environ(HTTP_HOST="BAD") assertion = make_fake_assertion("*****@*****.**", "BAD") identity = {"browserid.assertion": assertion} userid = plugin.authenticate(environ, identity) self.assertEquals(userid, None) self.assertEquals(environ[_ENVKEY_ERROR_MESSAGE], "Invalid BrowserID assertion")
def test_auth_with_invalid_assertion(self): plugin = BrowserIDPlugin(["localhost"], verifier=DummyVerifierInvalid()) environ = make_environ() assertion = make_fake_assertion("*****@*****.**") identity = {"browserid.assertion": assertion} userid = plugin.authenticate(environ, identity) self.assertEquals(userid, None) self.assertEquals(environ[_ENVKEY_ERROR_MESSAGE], "Invalid BrowserID assertion")
def test_identify_with_GET_vars(self): plugin = BrowserIDPlugin(["localhost"]) assertion = make_fake_assertion("*****@*****.**") query_string = "/?assertion=%s&csrf_token=123456" % (assertion,) environ = make_environ(REQUEST_METHOD="GET", HTTP_COOKIE="browserid_csrf_token=123456", PATH_INFO=plugin.postback_url, QUERY_STRING=query_string) identity = plugin.identify(environ) self.assertEquals(identity, None)
def test_identify_with_GET_vars(self): plugin = BrowserIDPlugin(["localhost"]) assertion = make_fake_assertion("*****@*****.**") query_string = "/?assertion=%s&csrf_token=123456" % (assertion, ) environ = make_environ(REQUEST_METHOD="GET", HTTP_COOKIE="browserid_csrf_token=123456", PATH_INFO=plugin.postback_url, QUERY_STRING=query_string) identity = plugin.identify(environ) self.assertEquals(identity, None)
def test_identify_with_missing_csrf(self): plugin = BrowserIDPlugin(None) assertion = make_fake_assertion("*****@*****.**") body = "assertion=%s&csrf_token=987654" % (assertion,) environ = make_environ(REQUEST_METHOD="POST", HTTP_COOKIE="browserid_csrf_token=", CONTENT_LENGTH=len(body), PATH_INFO=plugin.postback_url) environ["wsgi.input"] = StringIO(body) identity = plugin.identify(environ) self.assertEquals(identity, None)
def test_identify_with_missing_csrf(self): plugin = BrowserIDPlugin(None) assertion = make_fake_assertion("*****@*****.**") body = "assertion=%s&csrf_token=987654" % (assertion, ) environ = make_environ(REQUEST_METHOD="POST", HTTP_COOKIE="browserid_csrf_token=", CONTENT_LENGTH=len(body), PATH_INFO=plugin.postback_url) environ["wsgi.input"] = StringIO(body) identity = plugin.identify(environ) self.assertEquals(identity, None)
def test_identify_with_malformed_assertion(self): plugin = BrowserIDPlugin(["localhost"]) body = "assertion=%s&csrf_token=123456" % ("JUNK", ) environ = make_environ(REQUEST_METHOD="POST", HTTP_COOKIE="browserid_csrf_token=123456", CONTENT_LENGTH=len(body), PATH_INFO=plugin.postback_url) environ["wsgi.input"] = StringIO(body) identity = plugin.identify(environ) self.assertEquals(identity, None) self.assertEquals(environ[_ENVKEY_ERROR_MESSAGE], "Malformed BrowserID assertion")
def test_identify_with_malformed_assertion(self): plugin = BrowserIDPlugin(["localhost"]) body = "assertion=%s&csrf_token=123456" % ("JUNK",) environ = make_environ(REQUEST_METHOD="POST", HTTP_COOKIE="browserid_csrf_token=123456", CONTENT_LENGTH=len(body), PATH_INFO=plugin.postback_url) environ["wsgi.input"] = StringIO(body) identity = plugin.identify(environ) self.assertEquals(identity, None) self.assertEquals(environ[_ENVKEY_ERROR_MESSAGE], "Malformed BrowserID assertion")
def test_identify_with_POST_vars(self): plugin = BrowserIDPlugin() body = "[email protected]" environ = make_environ(REQUEST_METHOD="POST", CONTENT_LENGTH=len(body)) environ["wsgi.input"] = StringIO(body) identity = plugin.identify(environ) # This fails since we're not at the postback url. self.assertEquals(identity, None) # This works since we're at the postback url. environ = make_environ(REQUEST_METHOD="POST", CONTENT_LENGTH=len(body), PATH_INFO=plugin.postback_url) environ["wsgi.input"] = StringIO(body) identity = plugin.identify(environ) self.assertEquals(identity["browserid.assertion"], "*****@*****.**")
def test_identify_with_missing_referer(self): plugin = BrowserIDPlugin(["localhost"]) assertion = make_fake_assertion("*****@*****.**") body = "assertion=%s&csrf_token=123456" % (assertion, ) environ = make_environ(REQUEST_METHOD="POST", HTTP_COOKIE="browserid_csrf_token=123456", CONTENT_LENGTH=len(body), PATH_INFO=plugin.postback_url) environ["wsgi.input"] = StringIO(body) # By default we don't check referer for http connections. environ["wsgi.url_scheme"] = "http" identity = plugin.identify(environ) self.assertEquals(identity["browserid.assertion"], assertion) # But we do check them for https connections. environ["wsgi.url_scheme"] = "https" identity = plugin.identify(environ) self.assertEquals(identity, None)
def test_identify_with_missing_referer(self): plugin = BrowserIDPlugin(["localhost"]) assertion = make_fake_assertion("*****@*****.**") body = "assertion=%s&csrf_token=123456" % (assertion,) environ = make_environ(REQUEST_METHOD="POST", HTTP_COOKIE="browserid_csrf_token=123456", CONTENT_LENGTH=len(body), PATH_INFO=plugin.postback_url) environ["wsgi.input"] = StringIO(body) # By default we don't check referer for http connections. environ["wsgi.url_scheme"] = "http" identity = plugin.identify(environ) self.assertEquals(identity["browserid.assertion"], assertion) # But we do check them for https connections. environ["wsgi.url_scheme"] = "https" identity = plugin.identify(environ) self.assertEquals(identity, None)
def test_identify_with_POST_vars(self): plugin = BrowserIDPlugin(["localhost"]) assertion = make_fake_assertion("*****@*****.**") body = "assertion=%s&csrf_token=123456" % (assertion,) environ = make_environ(REQUEST_METHOD="POST", HTTP_COOKIE="browserid_csrf_token=123456", CONTENT_LENGTH=len(body)) environ["wsgi.input"] = StringIO(body) identity = plugin.identify(environ) # This fails since we're not at the postback url. self.assertEquals(identity, None) # This works since we're at the postback url. environ = make_environ(REQUEST_METHOD="POST", HTTP_COOKIE="browserid_csrf_token=123456", CONTENT_LENGTH=len(body), PATH_INFO=plugin.postback_url) environ["wsgi.input"] = StringIO(body) identity = plugin.identify(environ) self.assertEquals(identity["browserid.assertion"], assertion)
def test_identify_with_POST_vars(self): plugin = BrowserIDPlugin(["localhost"]) assertion = make_fake_assertion("*****@*****.**") body = "assertion=%s&csrf_token=123456" % (assertion, ) environ = make_environ(REQUEST_METHOD="POST", HTTP_COOKIE="browserid_csrf_token=123456", CONTENT_LENGTH=len(body)) environ["wsgi.input"] = StringIO(body) identity = plugin.identify(environ) # This fails since we're not at the postback url. self.assertEquals(identity, None) # This works since we're at the postback url. environ = make_environ(REQUEST_METHOD="POST", HTTP_COOKIE="browserid_csrf_token=123456", CONTENT_LENGTH=len(body), PATH_INFO=plugin.postback_url) environ["wsgi.input"] = StringIO(body) identity = plugin.identify(environ) self.assertEquals(identity["browserid.assertion"], assertion)
def test_identify_with_required_https(self): plugin = BrowserIDPlugin(["localhost"], check_https=True, check_referer=False) assertion = make_fake_assertion("*****@*****.**") body = "assertion=%s&csrf_token=123456" % (assertion,) # This one fails due to not being over https. environ = make_environ(REQUEST_METHOD="POST", HTTP_COOKIE="browserid_csrf_token=123456", CONTENT_LENGTH=len(body), PATH_INFO=plugin.postback_url) environ["wsgi.input"] = StringIO(body) identity = plugin.identify(environ) self.assertEquals(identity, None) self.assertEquals(environ[_ENVKEY_ERROR_MESSAGE], "Login requests must use a secure connection") # This one still works OK. environ = make_environ(REQUEST_METHOD="POST", HTTP_COOKIE="browserid_csrf_token=123456", CONTENT_LENGTH=len(body), PATH_INFO=plugin.postback_url) environ["wsgi.input"] = StringIO(body) environ["wsgi.url_scheme"] = "https" identity = plugin.identify(environ) self.assertEquals(identity["browserid.assertion"], assertion)
def test_auth_with_no_assertion(self): plugin = BrowserIDPlugin(urlopen=urlopen_valid) environ = make_environ(HTTP_HOST="localhost") identity = {"some other thing": "not browserid"} userid = plugin.authenticate(environ, identity) self.assertEquals(userid, None)
def test_identify_with_no_credentials(self): plugin = BrowserIDPlugin(None) environ = make_environ() identity = plugin.identify(environ) self.assertEquals(identity, None)
def test_identify_with_invalid_authz_header(self): plugin = BrowserIDPlugin() authz = "SomeOtherScheme [email protected]" environ = make_environ(HTTP_AUTHORIZATION=authz) identity = plugin.identify(environ) self.assertEquals(identity, None)
def test_auth_with_bad_assertion(self): plugin = BrowserIDPlugin(urlopen=urlopen_invalid) environ = make_environ(HTTP_HOST="localhost") identity = {"browserid.assertion": "*****@*****.**"} userid = plugin.authenticate(environ, identity) self.assertEquals(userid, None)
def test_identify_with_GET_vars(self): plugin = BrowserIDPlugin() qs = "[email protected]" environ = make_environ(QUERY_STRING=qs) identity = plugin.identify(environ) self.assertEquals(identity["browserid.assertion"], "*****@*****.**")
def test_auth_with_no_audience(self): plugin = BrowserIDPlugin(urlopen=urlopen_valid) environ = make_environ() identity = {"browserid.assertion": "*****@*****.**"} userid = plugin.authenticate(environ, identity) self.assertEquals(userid, None)
def test_identify_with_authz_header(self): plugin = BrowserIDPlugin() authz = "BrowserID [email protected]" environ = make_environ(HTTP_AUTHORIZATION=authz) identity = plugin.identify(environ) self.assertEquals(identity["browserid.assertion"], "*****@*****.**")