def test_negative_auth_post_saml_invalid_saml(self):
"""
Check exception raised while posting saml with invalid saml, and verify the exception contains correct error messages.
"""
# get auth first
head, content = utils.auth_get_auth()
# get cookie
cookie = head['set-cookie']
logging.info("The retrieved cookie from Auth server is '%s'" % str(cookie))
header = utils.headers
header['cookie'] = cookie
logging.debug("The requested headers are '%s'" % str(header))
http = httplib2.Http()
# construct invalid responses
invalid_saml = [utils.random_str()]
for isa in invalid_saml:
logging.info("The invalid saml to be tested is '%s'" % str(isa))
url = 'http://' + utils.auth_server + '/' + utils.auth_partner + '/saml'
logging.info("The requested url is '%s'" % url)
saml = {'SAMLResponse': isa}
h, c = http.request(url, 'POST', headers = header, body = urlencode(saml))
# assert response head status is 400
self.assertEqual(int(h['status']), 400)
# assert error msg is correct
utils.verify_rest_requetfailed_exception(c, utils.get_exception("InvalidSAML", "AuthPostSamlGrantExceptions"), self)
def test_negative_get_auth_horizon_partner_not_exist(self):
"""
Check exception raised while getting auth for not existent partner, and verify the exception contains correct error messages.
"""
nosub = utils.random_str()
logging.info("The not existent subdomain to be tested is '%s'" % nosub)
with self.assertRaises(rest.RequestFailed) as e:
self.res.get('/auth/config/' + (nosub), headers=utils.headers)
self.assertEqual(self.res.response.status, 400)
# verify the exception is expected
utils.verify_rest_requetfailed_exception(e,utils.get_exception('UnknownSubdomain', 'GetAuthExceptions'), self)
def test_negative_delete_tokens_parameter_missing(self):
"""
Check exception raised while deleting tokens without giving parameter, and verify the exception contains correct error messages.
"""
malpayloads = ['']
for mp in malpayloads:
logging.info("The malpayload acting unauthorized client is '%s'" % mp)
with self.assertRaises(rest.RequestFailed) as e:
self.res.delete('/tokens/'+mp, headers=utils.headers)
self.assertEqual(self.res.response.status, 400)
# verify the retrieved exception is expected
utils.verify_rest_requetfailed_exception(e, utils.get_exception('ParameterMissing', 'DeleteTokensExceptions'), self)
def test_negative_get_tokens_invalid_token(self):
"""
Check exception raised while getting tokens information with invalid tokens, and verify the exception contains correct error messages.
"""
malpayloads = [utils.random_str()]
for mp in malpayloads:
logging.info("The malpayload acting unauthorized client is '%s'" % mp)
with self.assertRaises(Exception) as e:
self.res.get('/tokens/'+mp, headers=utils.headers)
self.assertEqual(self.res.response.status, 404)
# verify the retrieved exception is expected
utils.verify_rest_requetfailed_exception(e, utils.get_exception('InvalidToken', 'GetTokensExceptions'), self)
def test_negative_auth_get_auth_missing_URI(self):
"""
Check exception raised while getting auth for missing uri, and verify the exception contains correct error messages.
"""
http = httplib2.Http()
# construct invalid client id
url = 'http://' + utils.auth_server + '/' + utils.auth_partner + '/authorize?' + 'response_type=token' + '&client_id=' + utils.auth_client_id_no_uri
logging.info("The requested url is '%s'" % url)
h,c = http.request(url, 'GET', headers = utils.headers)
logging.debug("The retrieved header is '%s'" % str(h))
logging.debug("The retrieved content is '%s'" % str(c))
# assert it's a bad request
self.assertEqual(int(h['status']), 400)
# assert the exception content is correct
utils.verify_rest_requetfailed_exception(c, utils.get_exception('MissingURI', 'AuthGetAuthExceptions'), self)
def test_negative_auth_get_auth_invalid_response_type(self):
"""
Check exception raised while getting auth for invalid respone type other than 'token', and verify the exception contains correct error messages.
"""
http = httplib2.Http()
# construct invalid responses
invalid_response = ['', utils.random_str()]
for ir in invalid_response:
logging.info("The invalid response type to be tested is '%s'" % str(ir))
url = 'http://' + utils.auth_server + '/' + utils.auth_partner + '/authorize?' + 'response_type=' + ir + '&client_id=' + utils.auth_client_id
logging.info("The requested url is '%s'" % url)
h,c = http.request(url, 'GET', headers = utils.headers)
# assert it's a bad request
self.assertEqual(int(h['status']), 400)
# assert the exception content is correct
utils.verify_rest_requetfailed_exception(c, utils.get_exception('UnknownResponseType', 'AuthGetAuthExceptions'), self, ir)
def test_negative_auth_get_auth_empty_partner(self):
"""
Check exception raised while getting auth with empty partner, and verify the exception contains correct error messages.
"""
http = httplib2.Http()
# construct invalid invalid partner
invalid_partners= [' ']
for ip in invalid_partners:
logging.info("The invalid partner to be tested is '%s'" % str(ip))
url = urllib.quote('http://' + utils.auth_server + '/' + ip + '/authorize?' + 'response_type=token' + '&client_id=' + utils.auth_client_id, ':/&=')
logging.info("The requested url is '%s'" % url)
h,c = http.request(url, 'GET', headers = utils.headers)
logging.debug("The retrieved header is '%s'" % str(h))
logging.debug("The retrieved content is '%s'" % str(c))
# assert it's a bad request
self.assertEqual(int(h['status']), 500)
# assert the exception content is correct
utils.verify_rest_requetfailed_exception(c, utils.get_exception('EmptySubdomain', 'AuthGetAuthExceptions'), self)
def test_negative_auth_get_auth_invalid_URI(self):
"""
Check exception raised while getting auth for uri, and verify the exception contains correct error messages.
"""
http = httplib2.Http()
# construct invalid client id
invalid_request = [utils.random_str()]
for ir in invalid_request:
logging.info("The invalid uri to be tested is '%s'" % str(ir))
url = urllib.quote('http://' + utils.auth_server + '/' + utils.auth_partner + '/authorize?' + 'response_type=token' + '&client_id=' + utils.auth_client_id + '&redirect_uri=' + ir, ':/&=?')
logging.info("The requested url is '%s'" % url)
h,c = http.request(url, 'GET', headers = utils.headers)
logging.debug("The retrieved header is '%s'" % str(h))
logging.debug("The retrieved content is '%s'" % str(c))
# assert it's a bad request
self.assertEqual(int(h['status']), 400)
# assert the exception content is correct
utils.verify_rest_requetfailed_exception(c, utils.get_exception('UnmatchedURI', 'AuthGetAuthExceptions'), self)
def test_negative_auth_get_config_invalid_client(self):
"""
Check exception raised while getting auth for invalid client, and verify the exception contains correct error messages.
"""
# get config
headers = utils.headers
# compose basic auth
invalid_auth = ["Basic %s" % base64.encodestring('%s:%s' % (utils.auth_client_id, utils.random_str()))[:-1], "Basic %s" % base64.encodestring('%s:%s' % (utils.random_str(), utils.auth_client_secret))[:-1], "", " "]
for ia in invalid_auth:
headers['Authorization'] = ia
logging.debug("The requested url is '%s'" % str(self.url))
logging.info("The invalid authentication head is '%s'" % ia)
h, c = self.http.request(self.url, 'GET', headers = utils.headers)
logging.debug("The response head is '%s'" % str(h))
logging.debug("The response body is '%s'" % str(c))
# assert status code is '400'
self.assertEqual(int(h['status']), 400)
# verify exception content is correct
utils.verify_rest_requetfailed_exception(c, utils.get_exception("UnknownClient", "AuthGetConfigExceptions"), self)
def test_negative_auth_post_token_empty_SAML(self):
"""
Check exception raised while posting token with empty SAML, and verify the exception contains correct error messages.
"""
headers = utils.headers
# compose basic auth
headers['Authorization'] = "Basic %s" % base64.encodestring('%s:%s' % (utils.auth_client_id, utils.auth_client_secret))[:-1]
logging.debug("The requested header is '%s'" % str(headers))
# construct invalid responses
invalid_SAML= [' ', '']
for ism in invalid_SAML:
logging.info("The invalid SAML to be tested is '%s'" % str(ism))
logging.info("The requested url is '%s'" % self.url)
# post token
body = {'grant_type': 'http://oauth.net/grant_type/assertion/saml/2.0/bearer', 'assertion': ism}
h, c = self.http.request(self.url, 'POST', headers = headers, body = urllib.urlencode(body))
# assert response head status is 400
self.assertEqual(int(h['status']), 400)
# assert error msg is correct
utils.verify_rest_requetfailed_exception(c, utils.get_exception("EmptySAML", "AuthPostTokenExceptions"), self)
def test_negative_auth_post_token_invalid_grant_type(self):
"""
Check exception raised while posting token with invalid grant_type, and verify the exception contains correct error messages.
"""
headers = utils.headers
# compose basic auth
headers['Authorization'] = "Basic %s" % base64.encodestring('%s:%s' % (utils.auth_client_id, utils.auth_client_secret))[:-1]
logging.debug("The requested header is '%s'" % str(headers))
# construct invalid responses
invalid_grant_type= [utils.random_str(), ' ', '']
for ig in invalid_grant_type:
logging.info("The invalid grant_type to be tested is '%s'" % str(ig))
logging.info("The requested url is '%s'" % self.url)
# post token
body = {'grant_type': ig, 'assertion': utils.SAMLResponse}
h, c = self.http.request(self.url, 'POST', headers = headers, body = urllib.urlencode(body))
# assert response head status is 400
self.assertEqual(int(h['status']), 400)
# assert error msg is correct
utils.verify_rest_requetfailed_exception(c, utils.get_exception("UnsupportedGrantType", "AuthPostTokenExceptions"), self)
def test_negative_auth_get_config_empty_partner(self):
"""
Check exception raised while getting auth for empty partner, and verify the exception contains correct error messages.
"""
# get config
headers = utils.headers
# compose basic auth
headers['Authorization'] = "Basic %s" % base64.encodestring('%s:%s' % (utils.auth_client_id, utils.auth_client_secret))[:-1]
invalid_partners = [' ']
for ip in invalid_partners:
logging.info("The invalid partner is '%s'" % ip)
url = urllib.quote('http://' + utils.auth_server + '/' + ip + '/config', ':/&=')
logging.debug("The requested url is '%s'" % str(url))
h, c = self.http.request(url, 'GET', headers = utils.headers)
logging.debug("The response head is '%s'" % str(h))
logging.debug("The response body is '%s'" % str(c))
# assert status code is '500'
self.assertEqual(int(h['status']), 500)
# verify exception content is correct
utils.verify_rest_requetfailed_exception(c, utils.get_exception("EmptySubdomain", "AuthGetConfigExceptions"), self)
def test_negative_auth_post_token_empty_partner(self):
"""
Check exception raised while getting auth for empty partner, and verify the exception contains correct error messages.
"""
# get config
headers = utils.headers
# compose basic auth
headers['Authorization'] = "Basic %s" % base64.encodestring('%s:%s' % (utils.auth_client_id, utils.auth_client_secret))[:-1]
body = {'grant_type': 'http://oauth.net/grant_type/assertion/saml/2.0/bearer', 'assertion': utils.SAMLResponse}
invalid_partners = [' ']
for ip in invalid_partners:
logging.info("The invalid partner is '%s'" % ip)
url = urllib.quote('http://' + utils.auth_server + '/' + ip + '/token', ':/&=')
logging.debug("The requested url is '%s'" % str(url))
h, c = self.http.request(url, 'POST', headers = utils.headers, body = urllib.urlencode(body))
logging.debug("The response head is '%s'" % str(h))
logging.debug("The response body is '%s'" % str(c))
# assert status code is '400'
self.assertEqual(int(h['status']), 400)
# verify exception content is correct
utils.verify_rest_requetfailed_exception(c, utils.get_exception("InvalidSubdomain", "AuthPostTokenExceptions"), self)
