예제 #1
0
    def test_authentication_failures(self):
        # sending a request without any authentication header should result in
        # a 401 Unauthorized response.
        self.app.get(TOKEN_URI, status=401)

        # sending a request with a broken authentication header should return a
        # 401 as well
        headers = {'Authorization': 'VELOCIRAPTOR'}
        self.app.get(TOKEN_URI, headers=headers, status=401)

        # the authentication should be browserid
        headers = {'Authorization': 'Basic-Auth alexis:alexis'}
        res = self.app.get(TOKEN_URI, headers=headers, status=401)
        self.assertTrue('WWW-Authenticate' in res.headers)
        self.assertEqual(res.headers['WWW-Authenticate'], 'BrowserID ')

        # if the headers are good but the given assertion is not valid, a 401
        # should be raised as well.
        wrong_assertion = get_assertion(DEFAULT_EMAIL, bad_issuer_cert=True)
        headers = {'Authorization': 'BrowserID %s' % wrong_assertion}
        res = self.app.get(TOKEN_URI, headers=headers, status=401)

        # test the different cases of bad assertions.
        assertion = get_assertion('*****@*****.**',
                                  bad_issuer_cert=True)
        headers = {'Authorization': 'BrowserID %s' % assertion}
        res = self.app.get(TOKEN_URI, headers=headers, status=401)

        assertion = get_assertion('*****@*****.**',
                                  issuer='loadtest.local')
        res = self.app.get(TOKEN_URI, headers=headers, status=401)

        assertion = get_assertion('*****@*****.**',
                                  exp=int(time.time() - 60) * 1000)
        res = self.app.get(TOKEN_URI, headers=headers, status=401)
예제 #2
0
    def test_assertion_verification(self):
        # giving a valid assertion should return True
        worker = get_crypto_worker(MockCryptoWorker, memory_ttl=100)
        verifier = PowerHoseVerifier(runner=PurePythonRunner(worker),
                                     audiences=('*', ))
        self.assertTrue(verifier.verify(get_assertion(DEFAULT_EMAIL)))

        # An assertion not signed with the root issuer certificate should
        # fail.

        with self.assertRaises(InvalidSignatureError):
            verifier.verify(get_assertion(DEFAULT_EMAIL, bad_issuer_cert=True))
예제 #3
0
    def test_assertion_verification(self):
        # giving a valid assertion should return True
        worker = get_crypto_worker(MockCryptoWorker, memory_ttl=100)
        verifier = PowerHoseVerifier(runner=PurePythonRunner(worker),
                                     audiences=('*',))
        self.assertTrue(verifier.verify(get_assertion(DEFAULT_EMAIL)))

        # An assertion not signed with the root issuer certificate should
        # fail.

        self.assertRaises(InvalidSignatureError, verifier.verify,
                get_assertion(DEFAULT_EMAIL, bad_issuer_cert=True))
예제 #4
0
def generate_assertions():
    in_one_day = int(time.time() + 60 * 60 * 24) * 1000
    stream = 'VALID_ASSERTION = "%s"\n' % \
            get_assertion('*****@*****.**', issuer='loadtest.local',
                          exp=in_one_day)
    stream += 'WRONG_ISSUER_ASSERTION = "%s"\n' % \
            get_assertion('*****@*****.**', exp=in_one_day)

    stream += 'WRONG_EMAIL_HOST_ASSERTION = "%s"\n' % \
            get_assertion('*****@*****.**', issuer='loadtest.local',
                          exp=in_one_day)
    stream += 'EXPIRED_TOKEN = "%s"\n' % \
            get_assertion('*****@*****.**', issuer='loadtest.local',
                          exp=int(time.time() - 60) * 1000)

    return stream
예제 #5
0
 def test_loadtest_mode(self):
     worker = get_crypto_worker(CryptoWorker, loadtest_mode=True,
                                memory_ttl=100)
     verifier = PowerHoseVerifier(runner=PurePythonRunner(worker),
                                  audiences=('*',))
     result = verifier.verify(get_assertion('*****@*****.**',
                                            issuer='loadtest.local'))
     self.assertTrue(result)
예제 #6
0
 def test_loadtest_mode(self):
     worker = get_crypto_worker(CryptoWorker,
                                loadtest_mode=True,
                                memory_ttl=100)
     verifier = PowerHoseVerifier(runner=PurePythonRunner(worker),
                                  audiences=('*', ))
     result = verifier.verify(
         get_assertion('*****@*****.**', issuer='loadtest.local'))
     self.assertTrue(result)
예제 #7
0
    def test_assertion_verification(self):
        # giving a valid assertion should return True
        worker = CryptoWorker(CERTS_LOCATION)
        verifier = PowerHoseVerifier(runner=PurePythonRunner(worker),
                                     audiences=('*',))
        self.assertTrue(verifier.verify(get_assertion(DEFAULT_EMAIL)))

        # giving a wrong assertion (invalid bundled certificate) raise an
        # exception

        self.assertRaises(InvalidSignatureError, verifier.verify,
                get_assertion(DEFAULT_EMAIL, bad_issuer_cert=True))

        self.assertRaises(InvalidSignatureError, verifier.verify,
                get_assertion(DEFAULT_EMAIL, bad_email_cert=True))

        self.assertRaises(InvalidSignatureError, verifier.verify,
                get_assertion(DEFAULT_EMAIL, bad_email_cert=True,
                              bad_issuer_cert=True))
예제 #8
0
    def test_authentication_failures(self):
        # sending a request without any authentication header should result in
        # a 401 Unauthorized response.
        self.app.get(TOKEN_URI, status=401)

        # sending a request with a broken authentication header should return a
        # 401 as well
        headers = {'Authorization': 'VELOCIRAPTOR'}
        self.app.get(TOKEN_URI, headers=headers, status=401)

        # the authentication should be browserid
        headers = {'Authorization': 'Basic-Auth alexis:alexis'}
        res = self.app.get(TOKEN_URI, headers=headers, status=401)
        self.assertTrue('WWW-Authenticate' in res.headers)
        self.assertEqual(res.headers['WWW-Authenticate'], 'Browser-ID ')

        # if the headers are good but the given assertion is not valid, a 401
        # should be raised as well.
        wrong_assertion = get_assertion(DEFAULT_EMAIL,
                                        bad_issuer_cert=True)
        headers = {'Authorization': 'Browser-ID %s' % wrong_assertion}
        res = self.app.get(TOKEN_URI, headers=headers, status=401)

        # test the different cases of bad assertions.
        assertion = get_assertion('*****@*****.**',
                                  bad_issuer_cert=True)
        headers = {'Authorization': 'Browser-ID %s' % assertion}
        res = self.app.get(TOKEN_URI, headers=headers, status=401)

        assertion = get_assertion('*****@*****.**',
                                   issuer='loadtest.local')
        res = self.app.get(TOKEN_URI, headers=headers, status=401)

        assertion = get_assertion('*****@*****.**',
                                exp=int(time.time() - 60) * 1000)
        res = self.app.get(TOKEN_URI, headers=headers, status=401)
예제 #9
0
 def _test_valid_app(self):
     assertion = get_assertion(DEFAULT_EMAIL)
     headers = {'Authorization': 'Browser-ID %s' % assertion}
     res = self.app.get(TOKEN_URI, headers=headers)
     self.assertEqual(res.json['api_endpoint'], DEFAULT_NODE + '/1.0/0')
예제 #10
0
 def _test_valid_app(self):
     assertion = get_assertion(DEFAULT_EMAIL)
     headers = {'Authorization': 'BrowserID %s' % assertion}
     res = self.app.get(TOKEN_URI, headers=headers)
     self.assertEqual(res.json['api_endpoint'], DEFAULT_NODE + '/1.0/0')
예제 #11
0
파일: simple.py 프로젝트: jrgm/tokenserver
 def _getassertion(self):
     email = '*****@*****.**'
     return get_assertion(email)