def test_authentication_failures(self): # sending a request without any authentication header should result in # a 401 Unauthorized response. self.app.get(TOKEN_URI, status=401) # sending a request with a broken authentication header should return a # 401 as well headers = {'Authorization': 'VELOCIRAPTOR'} self.app.get(TOKEN_URI, headers=headers, status=401) # the authentication should be browserid headers = {'Authorization': 'Basic-Auth alexis:alexis'} res = self.app.get(TOKEN_URI, headers=headers, status=401) self.assertTrue('WWW-Authenticate' in res.headers) self.assertEqual(res.headers['WWW-Authenticate'], 'BrowserID ') # if the headers are good but the given assertion is not valid, a 401 # should be raised as well. wrong_assertion = get_assertion(DEFAULT_EMAIL, bad_issuer_cert=True) headers = {'Authorization': 'BrowserID %s' % wrong_assertion} res = self.app.get(TOKEN_URI, headers=headers, status=401) # test the different cases of bad assertions. assertion = get_assertion('*****@*****.**', bad_issuer_cert=True) headers = {'Authorization': 'BrowserID %s' % assertion} res = self.app.get(TOKEN_URI, headers=headers, status=401) assertion = get_assertion('*****@*****.**', issuer='loadtest.local') res = self.app.get(TOKEN_URI, headers=headers, status=401) assertion = get_assertion('*****@*****.**', exp=int(time.time() - 60) * 1000) res = self.app.get(TOKEN_URI, headers=headers, status=401)
def test_assertion_verification(self): # giving a valid assertion should return True worker = get_crypto_worker(MockCryptoWorker, memory_ttl=100) verifier = PowerHoseVerifier(runner=PurePythonRunner(worker), audiences=('*', )) self.assertTrue(verifier.verify(get_assertion(DEFAULT_EMAIL))) # An assertion not signed with the root issuer certificate should # fail. with self.assertRaises(InvalidSignatureError): verifier.verify(get_assertion(DEFAULT_EMAIL, bad_issuer_cert=True))
def test_assertion_verification(self): # giving a valid assertion should return True worker = get_crypto_worker(MockCryptoWorker, memory_ttl=100) verifier = PowerHoseVerifier(runner=PurePythonRunner(worker), audiences=('*',)) self.assertTrue(verifier.verify(get_assertion(DEFAULT_EMAIL))) # An assertion not signed with the root issuer certificate should # fail. self.assertRaises(InvalidSignatureError, verifier.verify, get_assertion(DEFAULT_EMAIL, bad_issuer_cert=True))
def generate_assertions(): in_one_day = int(time.time() + 60 * 60 * 24) * 1000 stream = 'VALID_ASSERTION = "%s"\n' % \ get_assertion('*****@*****.**', issuer='loadtest.local', exp=in_one_day) stream += 'WRONG_ISSUER_ASSERTION = "%s"\n' % \ get_assertion('*****@*****.**', exp=in_one_day) stream += 'WRONG_EMAIL_HOST_ASSERTION = "%s"\n' % \ get_assertion('*****@*****.**', issuer='loadtest.local', exp=in_one_day) stream += 'EXPIRED_TOKEN = "%s"\n' % \ get_assertion('*****@*****.**', issuer='loadtest.local', exp=int(time.time() - 60) * 1000) return stream
def test_loadtest_mode(self): worker = get_crypto_worker(CryptoWorker, loadtest_mode=True, memory_ttl=100) verifier = PowerHoseVerifier(runner=PurePythonRunner(worker), audiences=('*',)) result = verifier.verify(get_assertion('*****@*****.**', issuer='loadtest.local')) self.assertTrue(result)
def test_loadtest_mode(self): worker = get_crypto_worker(CryptoWorker, loadtest_mode=True, memory_ttl=100) verifier = PowerHoseVerifier(runner=PurePythonRunner(worker), audiences=('*', )) result = verifier.verify( get_assertion('*****@*****.**', issuer='loadtest.local')) self.assertTrue(result)
def test_assertion_verification(self): # giving a valid assertion should return True worker = CryptoWorker(CERTS_LOCATION) verifier = PowerHoseVerifier(runner=PurePythonRunner(worker), audiences=('*',)) self.assertTrue(verifier.verify(get_assertion(DEFAULT_EMAIL))) # giving a wrong assertion (invalid bundled certificate) raise an # exception self.assertRaises(InvalidSignatureError, verifier.verify, get_assertion(DEFAULT_EMAIL, bad_issuer_cert=True)) self.assertRaises(InvalidSignatureError, verifier.verify, get_assertion(DEFAULT_EMAIL, bad_email_cert=True)) self.assertRaises(InvalidSignatureError, verifier.verify, get_assertion(DEFAULT_EMAIL, bad_email_cert=True, bad_issuer_cert=True))
def test_authentication_failures(self): # sending a request without any authentication header should result in # a 401 Unauthorized response. self.app.get(TOKEN_URI, status=401) # sending a request with a broken authentication header should return a # 401 as well headers = {'Authorization': 'VELOCIRAPTOR'} self.app.get(TOKEN_URI, headers=headers, status=401) # the authentication should be browserid headers = {'Authorization': 'Basic-Auth alexis:alexis'} res = self.app.get(TOKEN_URI, headers=headers, status=401) self.assertTrue('WWW-Authenticate' in res.headers) self.assertEqual(res.headers['WWW-Authenticate'], 'Browser-ID ') # if the headers are good but the given assertion is not valid, a 401 # should be raised as well. wrong_assertion = get_assertion(DEFAULT_EMAIL, bad_issuer_cert=True) headers = {'Authorization': 'Browser-ID %s' % wrong_assertion} res = self.app.get(TOKEN_URI, headers=headers, status=401) # test the different cases of bad assertions. assertion = get_assertion('*****@*****.**', bad_issuer_cert=True) headers = {'Authorization': 'Browser-ID %s' % assertion} res = self.app.get(TOKEN_URI, headers=headers, status=401) assertion = get_assertion('*****@*****.**', issuer='loadtest.local') res = self.app.get(TOKEN_URI, headers=headers, status=401) assertion = get_assertion('*****@*****.**', exp=int(time.time() - 60) * 1000) res = self.app.get(TOKEN_URI, headers=headers, status=401)
def _test_valid_app(self): assertion = get_assertion(DEFAULT_EMAIL) headers = {'Authorization': 'Browser-ID %s' % assertion} res = self.app.get(TOKEN_URI, headers=headers) self.assertEqual(res.json['api_endpoint'], DEFAULT_NODE + '/1.0/0')
def _test_valid_app(self): assertion = get_assertion(DEFAULT_EMAIL) headers = {'Authorization': 'BrowserID %s' % assertion} res = self.app.get(TOKEN_URI, headers=headers) self.assertEqual(res.json['api_endpoint'], DEFAULT_NODE + '/1.0/0')
def _getassertion(self): email = '*****@*****.**' return get_assertion(email)