def verify(self, raw_macaroon, context, principals, permission):
"""
Returns True if the given raw (serialized) macaroon is
valid for the context, principals, and requested permission.
Raises InvalidMacaroon if the macaroon is not valid.
"""
raw_macaroon = self._extract_raw_macaroon(raw_macaroon)
if raw_macaroon is None:
raise InvalidMacaroon("malformed or nonexistent macaroon")
try:
m = pymacaroons.Macaroon.deserialize(raw_macaroon)
except MacaroonDeserializationException:
raise InvalidMacaroon("malformed macaroon")
dm = self.find_macaroon(m.identifier.decode())
if dm is None:
raise InvalidMacaroon("deleted or nonexistent macaroon")
verifier = Verifier(m, context, principals, permission)
if verifier.verify(dm.key):
dm.last_used = datetime.datetime.now()
return True
raise InvalidMacaroon("invalid macaroon")
def check_if_macaroon_exists(self, raw_macaroon):
"""
Returns the database macaroon if the given raw (serialized) macaroon is
an existing valid macaroon, whatever its permissions.
Raises InvalidMacaroon otherwise.
"""
raw_macaroon = self._extract_raw_macaroon(raw_macaroon)
if raw_macaroon is None:
raise InvalidMacaroon("malformed or nonexistent macaroon")
try:
m = pymacaroons.Macaroon.deserialize(raw_macaroon)
except MacaroonDeserializationException:
raise InvalidMacaroon("malformed macaroon")
dm = self.find_macaroon(m.identifier.decode())
if dm is None:
raise InvalidMacaroon("deleted or nonexistent macaroon")
verifier = Verifier(m, context=None, principals=None, permission=None)
verifier.verify_signature(dm.key)
return dm
def test_verify_invalid_signature(self, monkeypatch):
verify = pretend.call_recorder(
pretend.raiser(MacaroonInvalidSignatureException))
macaroon = pretend.stub()
context = pretend.stub()
principals = pretend.stub()
permission = pretend.stub()
key = pretend.stub()
verifier = Verifier(macaroon, context, principals, permission)
monkeypatch.setattr(verifier.verifier, "verify", verify)
assert verifier.verify(key) is False
assert verify.calls == [pretend.call(macaroon, key)]
def verify(self, raw_macaroon, context, principals, permission):
"""
Returns True if the given raw (serialized) macaroon is
valid for the context, principals, and requested permission.
Raises InvalidMacaroonError if the macaroon is not valid.
"""
m = self._deserialize_raw_macaroon(raw_macaroon)
dm = self.find_macaroon(m.identifier.decode())
if dm is None:
raise InvalidMacaroonError("deleted or nonexistent macaroon")
verifier = Verifier(m, context, principals, permission)
if verifier.verify(dm.key):
dm.last_used = datetime.datetime.now()
return True
raise InvalidMacaroonError("invalid macaroon")
def test_creation(self):
macaroon = pretend.stub()
context = pretend.stub()
principals = pretend.stub()
permission = pretend.stub()
verifier = Verifier(macaroon, context, principals, permission)
assert verifier.macaroon is macaroon
assert verifier.context is context
assert verifier.principals is principals
assert verifier.permission is permission
def test_verify(self, monkeypatch, caveats, valid):
key = os.urandom(32)
m = pymacaroons.Macaroon(
location="fakelocation",
identifier="fakeid",
key=key,
version=pymacaroons.MACAROON_V2,
)
for caveat in caveats:
m.add_first_party_caveat(json.dumps(caveat))
# Round-trip through serialization to ensure we're not clinging to any state.
serialized_macaroon = m.serialize()
deserialized_macaroon = pymacaroons.Macaroon.deserialize(
serialized_macaroon)
context = pretend.stub()
principals = pretend.stub()
permission = pretend.stub()
verifier = Verifier(deserialized_macaroon, context, principals,
permission)
assert verifier.verify(key) is valid