def test_remote_oid_user_header_auth(build_image, container):
"""
Test that the client is able to.
Once authenticated, pass a correctly formatted Mount Header
"""
test_logger.info("Start of test_remote_oid_user_header_auth")
client = docker.from_env()
service_name = "jupyterhub"
if not wait_for_container(client, service_name, minutes=5):
raise RuntimeError(JUPYTERHUB_START_ERROR)
assert wait_for_site(JHUB_URL, valid_status_code=401) is True
with requests.session() as session:
# Auth requests
remote_user = "******"
auth_header = {"Remote-User": remote_user}
auth_response = session.get(
"".join([JHUB_HUB_URL, "/home"]), headers=auth_header
)
assert auth_response.status_code == 200
auth_response = session.post(
"".join([JHUB_HUB_URL, "/login"]), headers=auth_header
)
assert auth_response.status_code == 200
test_logger.info("End of test_remote_oid_user_header_auth")
def test_basic_cert_user_header_auth(build_image, container):
"""
Test that the client is able to.
Once authenticated, pass a correctly formatted Mount Header
"""
test_logger.info("Start of test_basic_cert_user_header_auth")
client = docker.from_env()
service_name = "jupyterhub"
if not wait_for_container(client, service_name, minutes=5):
raise RuntimeError(JUPYTERHUB_START_ERROR)
assert wait_for_site(JHUB_URL, valid_status_code=401) is True
with requests.session() as session:
# Auth requests
remote_user = (
"/C=DK/ST=NA/L=NA/O=NBI/OU=NA/CN=Name" "/[email protected]"
)
auth_header = {"Remote-User": remote_user}
auth_response = session.get(
"".join([JHUB_HUB_URL, "/home"]), headers=auth_header
)
assert auth_response.status_code == 200
auth_response = session.post(
"".join([JHUB_HUB_URL, "/login"]), headers=auth_header
)
assert auth_response.status_code == 200
# TODO, validate username is actual email regex
test_logger.info("End of test_basic_cert_user_header_auth")
def test_custom_data_header_auth(build_image, container):
"""
Test that the client is able to.
Once authenticated, pass a correctly formatted Mount Header
"""
test_logger.info("Start of test_custom_data_header_auth")
client = docker.from_env()
service_name = "jupyterhub"
if not wait_for_container(client, service_name, minutes=5):
raise RuntimeError(JUPYTERHUB_START_ERROR)
assert wait_for_site(JHUB_URL, valid_status_code=401) is True
with requests.session() as session:
# Auth requests
remote_user = "******"
data_dict = {
"HOST": "hostaddr",
"USERNAME": "******",
"PATH": "@host.localhost:",
}
auth_data_header = {"Remote-User": remote_user, "Mount": json.dumps(data_dict)}
auth_response = session.post(
"".join([JHUB_HUB_URL, "/login"]), headers=auth_data_header
)
assert auth_response.status_code == 200
test_logger.info("End of test_custom_data_header_auth")
def test_default_header_config(build_image, container):
"""
Test that an authenticated client is able to pass
a correctly formatted Mount Header
"""
test_logger.info("Start of test_default_header_config")
client = docker.from_env()
service_name = "jupyterhub"
if not wait_for_container(client, service_name, minutes=5):
raise RuntimeError(JUPYTERHUB_START_ERROR)
assert wait_for_site(JHUB_URL, valid_status_code=401) is True
with requests.session() as session:
# Auth requests
remote_user = "******"
auth_header = {"Remote-User": remote_user}
auth_response = session.get(
"".join([JHUB_HUB_URL, "/home"]), headers=auth_header
)
assert auth_response.status_code == 200
auth_response = session.post(
"".join([JHUB_HUB_URL, "/login"]), headers=auth_header
)
assert auth_response.status_code == 200
test_logger.info("End of test_default_header_config")
def test_auth_hub(build_image, container):
"""
Test that the client is able to,
Not access the home path without being authed
Authenticate with the Remote-User header
"""
test_logger.info("Start of test_auth_hub")
client = docker.from_env()
service_name = "jupyterhub"
if not wait_for_container(client, service_name, minutes=5):
raise RuntimeError(JUPYTERHUB_START_ERROR)
assert wait_for_site(JHUB_URL, valid_status_code=401) is True
with requests.Session() as session:
# Auth requests
user_cert = (
"/C=DK/ST=NA/L=NA/O=NBI/OU=NA/CN=Name" "/[email protected]"
)
other_user = "******"
cert_auth_header = {"Remote-User": user_cert}
other_auth_header = {"Remote-User": other_user}
auth_response = session.post(
"".join([JHUB_HUB_URL, "/login"]), headers=cert_auth_header
)
assert auth_response.status_code == 200
auth_response = session.get(
"".join([JHUB_HUB_URL, "/home"]), headers=other_auth_header
)
assert auth_response.status_code == 200
test_logger.info("End of test_auth_hub")
def test_auth_data_header(build_image, container):
"""
Test that the client is able to.
Once authenticated, pass a correctly formatted custom Data header
"""
# not ideal, wait for the jhub container to start, update with proper check
test_logger.info("Start of test_auth_data_header")
client = docker.from_env()
service_name = "jupyterhub"
if not wait_for_container(client, service_name, minutes=5):
raise RuntimeError(JUPYTERHUB_START_ERROR)
assert wait_for_site(JHUB_URL, valid_status_code=401) is True
with requests.Session() as session:
no_auth_mount = session.post("".join([JHUB_HUB_URL, "/data"]))
assert no_auth_mount.status_code == 403
# Auth requests
user_cert = (
"/C=DK/ST=NA/L=NA/O=NBI/OU=NA/CN=Name" "/[email protected]"
)
cert_auth_header = {"Remote-User": user_cert}
auth_response = session.get(
"".join([JHUB_HUB_URL, "/home"]), headers=cert_auth_header
)
assert auth_response.status_code == 200
auth_response = session.post(
"".join([JHUB_HUB_URL, "/login"]), headers=cert_auth_header
)
assert auth_response.status_code == 200
wrong_header = {"Mount": "SDfssdfsesdfsfdsdfsxv"}
# Random key set
correct_dict = {
"HOST": "hostaddr",
"USERNAME": "******",
"PATH": "@host.localhost:",
}
correct_header = {"Mount": str(correct_dict)}
# Invalid mount header
auth_mount_response = session.post(
"".join([JHUB_HUB_URL, "/data"]), headers=wrong_header
)
assert auth_mount_response.status_code == 403
# Valid mount header
auth_mount_response = session.post(
"".join([JHUB_HUB_URL, "/data"]), headers=correct_header
)
assert auth_mount_response.status_code == 200
test_logger.info("End of test_auth_data_header")
def test_json_data_post(build_image, network, container):
"""
Test that the client is able to submit a json data to the authenticated user.
"""
test_logger.info("Start of test_json_data_post")
client = docker.from_env()
service_name = "jupyterhub"
if not wait_for_container(client, service_name, minutes=5):
raise RuntimeError(JUPYTERHUB_START_ERROR)
assert wait_for_site(JHUB_URL, valid_status_code=401) is True
with requests.session() as session:
# Auth requests
remote_user = "******"
auth_header = {
"Remote-User": remote_user,
}
auth_response = session.post(
"".join([JHUB_HUB_URL, "/login"]), headers=auth_header
)
assert auth_response.status_code == 200
# Post json
data_str = "blablabla"
data_dict = {
"HOST": "hostaddr",
"USERNAME": "******",
"PATH": "@host.localhost:",
}
env_data = {"StringData": data_str, "JsonData": data_dict}
json_data = {"data": env_data}
post_response = session.post(
"".join([JHUB_HUB_URL, "/user-data"]), json=json_data
)
assert post_response.status_code == 200
test_logger.info("End of test_json_data_post")
def test_auth_state_header_auth(build_image, network, container):
"""
Test that the client is able to. Test that auth_state recieves
the specified test data headers.
"""
test_logger.info("Start of test_auth_state_header_auth")
client = docker.from_env()
service_name = "jupyterhub"
if not wait_for_container(client, service_name, minutes=5):
raise RuntimeError(JUPYTERHUB_START_ERROR)
assert wait_for_site(JHUB_URL, valid_status_code=401) is True
with requests.session() as session:
# Auth requests
remote_user = "******"
data_str = "blablabla"
data_dict = {
"HOST": "hostaddr",
"USERNAME": "******",
"PATH": "@host.localhost:",
}
env_data = {"StringData": data_str, "JsonData": data_dict}
auth_data_header = {
"Remote-User": remote_user,
}
# Cast to json data types before submission
auth_data_header.update(
{env_key: json.dumps(env_val) for env_key, env_val in env_data.items()}
)
auth_response = session.post(
"".join([JHUB_HUB_URL, "/login"]), headers=auth_data_header
)
assert auth_response.status_code == 200
# Spawn with auth_state
spawn_response = session.post("".join([JHUB_HUB_URL, "/spawn"]))
assert spawn_response.status_code == 200
test_logger.info("Spawn POST response message: {}".format(spawn_response.text))
assert spawn_response.status_code == 200
target_container_name = "{}-{}".format("jupyter", remote_user)
wait_min = 5
if not wait_for_container(client, target_container_name, minutes=wait_min):
raise RuntimeError(
"No container with name: {} appeared within: {} minutes".format(
service_name, wait_min
)
)
spawned_container = get_container(client, target_container_name)
# Validate that the container has the passed environment values defined
# in env_data
envs = {
env.split("=")[0]: env.split("=")[1]
for env in spawned_container.attrs["Config"]["Env"]
}
for data_key, data_value in env_data.items():
assert data_key in envs
assert envs[data_key] == str(data_value)
# Shutdown the container
# Delete the spawned service
delete_headers = {"Referer": urljoin(JHUB_URL, "/hub/"), "Origin": JHUB_URL}
jhub_user = get_container_user(spawned_container)
assert jhub_user is not None
delete_url = urljoin(JHUB_URL, "/hub/api/users/{}/server".format(jhub_user))
deleted = delete(session, delete_url, headers=delete_headers)
assert deleted
# Remove the stopped container
spawned_container.stop()
spawned_container.wait()
spawned_container.remove()
deleted_container = get_container(client, target_container_name)
assert deleted_container is None
test_logger.info("End of test_auth_state_header_auth")