def test_acl_asta_escape_on__ignoreQuery_yes(self):
ats = AuthToken(key=AT_ENCRYPTION_KEY,
window_seconds=DEFAULT_WINDOW_SECONDS,
escape_early=False)
token = ats.generateToken(acl='/q_escape_ignore/*')
url = "http://{0}{1}?{2}={3}".format(AT_HOSTNAME,
'/q_escape_ignore/hello',
ats.token_name, token)
response = requests.get(url)
self.assertEqual(404, response.status_code)
def test_url_query_escape_on__ignore_yes_with_salt(self):
query_salt_path = "/salt"
ats = AuthToken(key=AT_ENCRYPTION_KEY,
salt=AT_SALT,
window_seconds=DEFAULT_WINDOW_SECONDS,
escape_early=True)
token = ats.generateToken(url=query_salt_path)
url = "http://{0}{1}?{2}={3}".format(AT_HOSTNAME, query_salt_path,
ats.token_name, token)
response = requests.get(url)
self.assertEqual(404, response.status_code)
def getToken(reqToken):
if not reqToken:
raise BadRequest('Invalid token')
token = AuthToken(token=reqToken)
data = token.verify()
if not data:
raise Unauthorized('No valid token')
user = User(**data)
return user.response()
def test_acl_deli_escape_on__ignoreQuery_yes(self):
ats = AuthToken(key=AT_ENCRYPTION_KEY,
window_seconds=DEFAULT_WINDOW_SECONDS,
escape_early=False)
acl = ['/q_escape_ignore', '/q_escape_ignore/*']
token = ats.generateToken(acl=AuthToken.ACL_DELIMITER.join(acl))
url = "http://{0}{1}?{2}={3}".format(AT_HOSTNAME, '/q_escape_ignore',
ats.token_name, token)
response = requests.get(url)
self.assertEqual(404, response.status_code)
url = "http://{0}{1}?{2}={3}".format(AT_HOSTNAME,
'/q_escape_ignore/world/',
ats.token_name, token)
response = requests.get(url)
self.assertEqual(404, response.status_code)
def createAuthentication():
if not request.headers['Content-Type'] == 'application/json':
raise BadRequest('Invalid request body, must be application/json')
try:
data = request.get_json()
except Exception as e:
raise BadRequest('Invalid json body: {0}'.format(e))
if not data['google_id_token']:
raise BadRequest('Missing google_id_token from body')
idToken = data['google_id_token']
try:
gopen = urllib2.urlopen('https://www.googleapis.com/oauth2/v3/tokeninfo?id_token={0}'.format(idToken))
except urllib2.URLError as e:
etype = APIError
if e.code == 400:
etype = Unauthorized
raise etype(message='Google verification failed: {} {}'.format(e.code, e.reason))
try:
gres = json.loads(gopen.read())
except Exception as e:
raise APIError(message='Google verification failed: {}'.format(e.message))
user = User(**gres)
token = AuthToken()
token.generate()
resp = user.toDict()
token.save(data=resp)
resp['access_token'] = str(token)
return Response(response=json.dumps(resp), content_type='application/json')
def setUp(self):
# Test for Query String
self.at = AuthToken(**{
'key': AT_ENCRYPTION_KEY,
'window_seconds': DEFAULT_WINDOW_SECONDS
})
# Test for Cookie
self.cat = AuthToken(key=AT_ENCRYPTION_KEY,
algorithm='sha1',
window_seconds=DEFAULT_WINDOW_SECONDS)
# Test for Header
self.hat = AuthToken(key=AT_ENCRYPTION_KEY,
algorithm='md5',
window_seconds=DEFAULT_WINDOW_SECONDS)
class TestAuthToken(unittest.TestCase):
def setUp(self):
# Test for Query String
self.at = AuthToken(**{
'key': AT_ENCRYPTION_KEY,
'window_seconds': DEFAULT_WINDOW_SECONDS
})
# Test for Cookie
self.cat = AuthToken(key=AT_ENCRYPTION_KEY,
algorithm='sha1',
window_seconds=DEFAULT_WINDOW_SECONDS)
# Test for Header
self.hat = AuthToken(key=AT_ENCRYPTION_KEY,
algorithm='md5',
window_seconds=DEFAULT_WINDOW_SECONDS)
def _token_setting(self, ttype, escape_early, transition):
t = None
if ttype == 'q':
t = self.at
elif ttype == 'c':
t = self.cat
elif ttype == 'h':
t = self.hat
if transition:
t.key = AT_TRANSITION_KEY
else:
t.key = AT_ENCRYPTION_KEY
t.escape_early = escape_early
def _queryAssertEqual(self,
path,
expacted,
escape_early=False,
transition=False,
payload=None,
session_id=None,
isUrl=True):
self._token_setting('q', escape_early, transition)
if isUrl:
token = self.at.generateToken(url=path,
payload=None,
session_id=None)
else:
token = self.at.generateToken(acl=path,
payload=None,
session_id=None)
url = "http://{0}{1}{4}{2}={3}".format(AT_HOSTNAME, path,
self.at.token_name, token,
'&' if '?' in path else '?')
response = requests.get(url)
self.assertEqual(expacted, response.status_code)
def _cookieAssertEqual(self,
path,
expacted,
escape_early=False,
transition=False,
payload=None,
session_id=None,
isUrl=True):
self._token_setting('c', escape_early, transition)
if isUrl:
token = self.cat.generateToken(url=path,
payload=None,
session_id=None)
else:
token = self.cat.generateToken(acl=path,
payload=None,
session_id=None)
url = "http://{0}{1}".format(AT_HOSTNAME, path)
response = requests.get(url, cookies={self.cat.token_name: token})
self.assertEqual(expacted, response.status_code)
def _headerAssertEqual(self,
path,
expacted,
escape_early=False,
transition=False,
payload=None,
session_id=None,
isUrl=True):
self._token_setting('h', escape_early, transition)
if isUrl:
token = self.hat.generateToken(url=path,
payload=None,
session_id=None)
else:
token = self.hat.generateToken(acl=path,
payload=None,
session_id=None)
url = "http://{0}{1}".format(AT_HOSTNAME, path)
response = requests.get(url, headers={self.hat.token_name: token})
self.assertEqual(expacted, response.status_code)
def _test_case_set(self, query_path, cookie_path, header_path,
escape_early, isUrl):
# General Test
self._queryAssertEqual(query_path,
404,
escape_early=escape_early,
isUrl=isUrl)
self._cookieAssertEqual(cookie_path,
404,
escape_early=escape_early,
isUrl=isUrl)
self._headerAssertEqual(header_path,
404,
escape_early=escape_early,
isUrl=isUrl)
if isUrl:
query_string = "?foo=bar&hello=world"
self._queryAssertEqual(query_path + query_string,
403,
escape_early=(False == escape_early),
isUrl=isUrl)
self._cookieAssertEqual(cookie_path + query_string,
403,
escape_early=(False == escape_early),
isUrl=isUrl)
self._headerAssertEqual(header_path + query_string,
403,
escape_early=(False == escape_early),
isUrl=isUrl)
# Transition Key Test
self._queryAssertEqual(query_path,
404,
transition=True,
escape_early=escape_early,
isUrl=isUrl)
self._cookieAssertEqual(cookie_path,
404,
transition=True,
escape_early=escape_early,
isUrl=isUrl)
self._headerAssertEqual(header_path,
404,
transition=True,
escape_early=escape_early,
isUrl=isUrl)
# Payload Test
self._queryAssertEqual(query_path,
404,
payload='SOME_PAYLOAD_DATA',
escape_early=escape_early,
isUrl=isUrl)
self._cookieAssertEqual(cookie_path,
404,
payload='SOME_PAYLOAD_DATA',
escape_early=escape_early,
isUrl=isUrl)
self._headerAssertEqual(header_path,
404,
payload='SOME_PAYLOAD_DATA',
escape_early=escape_early,
isUrl=isUrl)
# Session Id Test
self._queryAssertEqual(query_path,
404,
session_id='SOME_SESSION_ID_DATA',
escape_early=escape_early,
isUrl=isUrl)
self._cookieAssertEqual(cookie_path,
404,
session_id='SOME_SESSION_ID_DATA',
escape_early=escape_early,
isUrl=isUrl)
self._headerAssertEqual(header_path,
404,
session_id='SOME_SESSION_ID_DATA',
escape_early=escape_early,
isUrl=isUrl)
##########
# URL TEST
##########
def test_url_escape_on__ignoreQuery_yes(self):
self._test_case_set("/q_escape_ignore",
"/c_escape_ignore",
"/h_escape_ignore",
escape_early=True,
isUrl=True)
def test_url_escape_off__ignoreQuery_yes(self):
self._test_case_set("/q_ignore",
"/c_ignore",
"/h_ignore",
escape_early=False,
isUrl=True)
def test_url_escape_on__ignoreQuery_no(self):
query_path = "/q_escape"
cookie_path = "/c_escape"
header_path = "/h_escape"
self._test_case_set(query_path,
cookie_path,
header_path,
escape_early=True,
isUrl=True)
query_string = "?foo=bar&hello=world"
self._queryAssertEqual(query_path + query_string,
404,
escape_early=True,
isUrl=True)
self._cookieAssertEqual(cookie_path + query_string,
404,
escape_early=True,
isUrl=True)
self._headerAssertEqual(header_path + query_string,
404,
escape_early=True,
isUrl=True)
def test_url_escape_off__ignoreQuery_no(self):
query_path = "/q"
cookie_path = "/c"
header_path = "/h"
self._test_case_set(query_path,
cookie_path,
header_path,
escape_early=False,
isUrl=True)
query_string = "?foo=bar&hello=world"
self._queryAssertEqual(query_path + query_string,
404,
escape_early=False,
isUrl=True)
self._cookieAssertEqual(cookie_path + query_string,
404,
escape_early=False,
isUrl=True)
self._headerAssertEqual(header_path + query_string,
404,
escape_early=False,
isUrl=True)
def test_url_query_escape_on__ignore_yes_with_salt(self):
query_salt_path = "/salt"
ats = AuthToken(key=AT_ENCRYPTION_KEY,
salt=AT_SALT,
window_seconds=DEFAULT_WINDOW_SECONDS,
escape_early=True)
token = ats.generateToken(url=query_salt_path)
url = "http://{0}{1}?{2}={3}".format(AT_HOSTNAME, query_salt_path,
ats.token_name, token)
response = requests.get(url)
self.assertEqual(404, response.status_code)
##########
##########
# ACL TEST
##########
def test_acl_escape_on__ignoreQuery_yes(self):
self._test_case_set("/q_escape_ignore",
"/c_escape_ignore",
"/h_escape_ignore",
escape_early=False,
isUrl=False)
def test_acl_escape_off__ignoreQuery_yes(self):
self._test_case_set("/q_ignore",
"/c_ignore",
"/h_ignore",
escape_early=False,
isUrl=False)
def test_acl_escape_on__ignoreQuery_no(self):
self._test_case_set("/q_escape",
"/c_escape",
"/h_escape",
escape_early=False,
isUrl=False)
def test_acl_escape_off__ignoreQuery_no(self):
self._test_case_set("/q", "/c", "/h", escape_early=False, isUrl=False)
def test_acl_asta_escape_on__ignoreQuery_yes(self):
ats = AuthToken(key=AT_ENCRYPTION_KEY,
window_seconds=DEFAULT_WINDOW_SECONDS,
escape_early=False)
token = ats.generateToken(acl='/q_escape_ignore/*')
url = "http://{0}{1}?{2}={3}".format(AT_HOSTNAME,
'/q_escape_ignore/hello',
ats.token_name, token)
response = requests.get(url)
self.assertEqual(404, response.status_code)
def test_acl_deli_escape_on__ignoreQuery_yes(self):
ats = AuthToken(key=AT_ENCRYPTION_KEY,
window_seconds=DEFAULT_WINDOW_SECONDS,
escape_early=False)
acl = ['/q_escape_ignore', '/q_escape_ignore/*']
token = ats.generateToken(acl=AuthToken.ACL_DELIMITER.join(acl))
url = "http://{0}{1}?{2}={3}".format(AT_HOSTNAME, '/q_escape_ignore',
ats.token_name, token)
response = requests.get(url)
self.assertEqual(404, response.status_code)
url = "http://{0}{1}?{2}={3}".format(AT_HOSTNAME,
'/q_escape_ignore/world/',
ats.token_name, token)
response = requests.get(url)
self.assertEqual(404, response.status_code)
print('File chunk #%d received. Size %d' %
(i, len(chunk_data)))
f.write(chunk_data)
if len(chunk_data) < AUDIO_CHUNK_SIZE:
print('Finished in %d secs' %
(time.time() - start_time))
f.close()
break
else:
print(
'Track with format %d was not found or loaded' %
metadata.AudioFile.Format.Value('OGG_VORBIS_160'))
elif tt[0] == 'a':
album = Album(manager, ALBUM_GID)
print(album._album)
elif tt[0] == 'r':
artist = Artist(manager, ARTIST_GID)
elif tt[0] == 'p':
playlists = Playlists(manager, sys.argv[1])
print(playlists._playlists)
elif tt[0] == 'auth':
authToken = AuthToken(manager)
elif tt[0] == 'user':
User(manager, sys.argv[1])
elif tt[0] == 'pp':
# playlist format: user:<user>:playlist:<playlist>
playlist = Playlist(manager, tt[1])
print(playlist._playlist)
elif tt[0] == 'q':
manager.terminate()
za.start()
blob_listener = BlobListener()
za.register_listener(blob_listener)
while True:
sleep(1)
if blob_listener.blob is not None:
break
za.stop()
login = blob_listener.blob.create_login()
connection = Connection()
session = Session().connect(connection)
session.authenticate(login)
manager = MercuryManager(connection)
client_id = '<YOUR_CLIENT_ID>'
authToken = AuthToken(manager, client_id)
manager.terminate()
token = authToken.accessToken
print("AuthToken: ", token)
spt = Spotify(token)
devices = spt.devices()
print(devices)
last_10_played = spt.recently_played_tracks(10)
print(last_10_played)