Exemplo n.º 1
0
 def setUp(self):
     self.store = FakeSecretsStore({
         "secrets": {
             "secret/authentication/public-key": {
                 "type": "versioned",
                 "current": AUTH_TOKEN_PUBLIC_KEY,
             }
         },
     })
     self.factory = EdgeRequestContextFactory(self.store)
Exemplo n.º 2
0
    def setUp(self):
        configurator = Configurator()
        configurator.add_route("example", "/example", request_method="GET")
        configurator.add_route("trace_context",
                               "/trace_context",
                               request_method="GET")

        configurator.add_view(example_application,
                              route_name="example",
                              renderer="json")

        configurator.add_view(local_tracing_within_context,
                              route_name="trace_context",
                              renderer="json")

        configurator.add_view(render_exception_view,
                              context=ControlFlowException,
                              renderer="json")

        configurator.add_view(render_bad_exception_view,
                              context=ControlFlowException2,
                              renderer="json")

        mock_filewatcher = mock.Mock(spec=FileWatcher)
        mock_filewatcher.get_data.return_value = {
            "secrets": {
                "secret/authentication/public-key": {
                    "type": "versioned",
                    "current": AUTH_TOKEN_PUBLIC_KEY,
                }
            },
            "vault": {
                "token": "test",
                "url": "http://vault.example.com:8200/"
            },
        }
        secrets = SecretsStore("/secrets")
        secrets._filewatcher = mock_filewatcher

        self.observer = mock.Mock(spec=BaseplateObserver)
        self.server_observer = mock.Mock(spec=ServerSpanObserver)

        def _register_mock(context, server_span):
            server_span.register(self.server_observer)

        self.observer.on_server_span_created.side_effect = _register_mock

        self.baseplate = Baseplate()
        self.baseplate.register(self.observer)
        self.baseplate_configurator = BaseplateConfigurator(
            self.baseplate,
            trust_trace_headers=True,
            edge_context_factory=EdgeRequestContextFactory(secrets),
        )
        configurator.include(self.baseplate_configurator.includeme)
        self.context_init_event_subscriber = mock.Mock()
        configurator.add_subscriber(self.context_init_event_subscriber,
                                    ServerSpanInitialized)
        app = configurator.make_wsgi_app()
        self.test_app = webtest.TestApp(app)
Exemplo n.º 3
0
 def setUp(self):
     mock_filewatcher = mock.Mock(spec=FileWatcher)
     mock_filewatcher.get_data.return_value = {
         "secrets": {
             "secret/authentication/public-key": {
                 "type": "versioned",
                 "current": AUTH_TOKEN_PUBLIC_KEY,
             }
         },
         "vault": {
             "token": "test",
             "url": "http://vault.example.com:8200/"
         },
     }
     self.store = SecretsStore("/secrets")
     self.store._filewatcher = mock_filewatcher
     self.factory = EdgeRequestContextFactory(self.store)
Exemplo n.º 4
0
def make_edge_context_factory():
    secrets = FakeSecretsStore(
        {
            "secrets": {
                "secret/authentication/public-key": {
                    "type": "versioned",
                    "current": AUTH_TOKEN_PUBLIC_KEY,
                }
            },
        }
    )
    return EdgeRequestContextFactory(secrets)
Exemplo n.º 5
0
class EdgeRequestContextTests(unittest.TestCase):
    LOID_ID = "t2_deadbeef"
    LOID_CREATED_MS = 100000
    SESSION_ID = "beefdead"
    DEVICE_ID = "becc50f6-ff3d-407a-aa49-fa49531363be"
    ORIGIN_NAME = "baseplate"

    def setUp(self):
        mock_filewatcher = mock.Mock(spec=FileWatcher)
        mock_filewatcher.get_data.return_value = {
            "secrets": {
                "secret/authentication/public-key": {
                    "type": "versioned",
                    "current": AUTH_TOKEN_PUBLIC_KEY,
                }
            },
            "vault": {
                "token": "test",
                "url": "http://vault.example.com:8200/"
            },
        }
        self.store = SecretsStore("/secrets")
        self.store._filewatcher = mock_filewatcher
        self.factory = EdgeRequestContextFactory(self.store)

    def test_create(self):
        request_context = self.factory.new(
            authentication_token=AUTH_TOKEN_VALID,
            loid_id=self.LOID_ID,
            loid_created_ms=self.LOID_CREATED_MS,
            session_id=self.SESSION_ID,
            device_id=self.DEVICE_ID,
            origin_service_name=self.ORIGIN_NAME,
        )
        self.assertIsNot(request_context._t_request, None)
        self.assertEqual(request_context._header,
                         SERIALIZED_EDGECONTEXT_WITH_VALID_AUTH)

    def test_create_validation(self):
        with self.assertRaises(ValueError):
            self.factory.new(
                authentication_token=None,
                loid_id="abc123",
                loid_created_ms=self.LOID_CREATED_MS,
                session_id=self.SESSION_ID,
            )

    def test_create_empty_context(self):
        request_context = self.factory.new()
        self.assertEqual(
            request_context._header,
            b"\x0c\x00\x01\x00\x0c\x00\x02\x00\x0c\x00\x04\x00\x0c\x00\x05\x00\x00",
        )

    def test_logged_out_user(self):
        request_context = self.factory.from_upstream(
            SERIALIZED_EDGECONTEXT_WITH_NO_AUTH)

        with self.assertRaises(NoAuthenticationError):
            request_context.user.id
        with self.assertRaises(NoAuthenticationError):
            request_context.user.roles

        self.assertFalse(request_context.user.is_logged_in)
        self.assertEqual(request_context.user.loid, self.LOID_ID)
        self.assertEqual(request_context.user.cookie_created_ms,
                         self.LOID_CREATED_MS)

        with self.assertRaises(NoAuthenticationError):
            request_context.oauth_client.id
        with self.assertRaises(NoAuthenticationError):
            request_context.oauth_client.is_type("third_party")

        self.assertEqual(request_context.session.id, self.SESSION_ID)
        self.assertEqual(request_context.device.id, self.DEVICE_ID)
        self.assertEqual(
            request_context.event_fields(),
            {
                "user_id": self.LOID_ID,
                "logged_in": False,
                "cookie_created_timestamp": self.LOID_CREATED_MS,
                "session_id": self.SESSION_ID,
                "oauth_client_id": None,
                "device_id": self.DEVICE_ID,
            },
        )

    @unittest.skipIf(not cryptography_installed, "cryptography not installed")
    def test_logged_in_user(self):
        request_context = self.factory.from_upstream(
            SERIALIZED_EDGECONTEXT_WITH_VALID_AUTH)

        self.assertEqual(request_context.user.id, "t2_example")
        self.assertTrue(request_context.user.is_logged_in)
        self.assertEqual(request_context.user.loid, self.LOID_ID)
        self.assertEqual(request_context.user.cookie_created_ms,
                         self.LOID_CREATED_MS)
        self.assertEqual(request_context.user.roles, set())
        self.assertFalse(request_context.user.has_role("test"))
        self.assertIs(request_context.oauth_client.id, None)
        self.assertFalse(request_context.oauth_client.is_type("third_party"))
        self.assertEqual(request_context.session.id, self.SESSION_ID)
        self.assertEqual(request_context.device.id, self.DEVICE_ID)
        self.assertEqual(request_context.origin_service.name, self.ORIGIN_NAME)
        self.assertEqual(
            request_context.event_fields(),
            {
                "user_id": "t2_example",
                "logged_in": True,
                "cookie_created_timestamp": self.LOID_CREATED_MS,
                "session_id": self.SESSION_ID,
                "oauth_client_id": None,
                "device_id": self.DEVICE_ID,
            },
        )

    @unittest.skipIf(not cryptography_installed, "cryptography not installed")
    def test_expired_token(self):
        request_context = self.factory.from_upstream(
            SERIALIZED_EDGECONTEXT_WITH_EXPIRED_AUTH)

        with self.assertRaises(NoAuthenticationError):
            request_context.user.id
        with self.assertRaises(NoAuthenticationError):
            request_context.user.roles
        with self.assertRaises(NoAuthenticationError):
            request_context.oauth_client.id
        with self.assertRaises(NoAuthenticationError):
            request_context.oauth_client.is_type("third_party")

        self.assertFalse(request_context.user.is_logged_in)
        self.assertEqual(request_context.user.loid, self.LOID_ID)
        self.assertEqual(request_context.user.cookie_created_ms,
                         self.LOID_CREATED_MS)
        self.assertEqual(request_context.session.id, self.SESSION_ID)
        self.assertEqual(
            request_context.event_fields(),
            {
                "user_id": self.LOID_ID,
                "logged_in": False,
                "cookie_created_timestamp": self.LOID_CREATED_MS,
                "session_id": self.SESSION_ID,
                "oauth_client_id": None,
            },
        )

    @unittest.skipIf(not cryptography_installed, "cryptography not installed")
    def test_anonymous_token(self):
        request_context = self.factory.from_upstream(
            SERIALIZED_EDGECONTEXT_WITH_ANON_AUTH)

        with self.assertRaises(NoAuthenticationError):
            request_context.user.id
        self.assertFalse(request_context.user.is_logged_in)
        self.assertEqual(request_context.user.loid, self.LOID_ID)
        self.assertEqual(request_context.user.cookie_created_ms,
                         self.LOID_CREATED_MS)
        self.assertEqual(request_context.session.id, self.SESSION_ID)
        self.assertTrue(request_context.user.has_role("anonymous"))