def test_url_query_escape_on__ignore_yes_with_salt(self): query_salt_path = "/salt" ats = EdgeAuth(key=ET_ENCRYPTION_KEY, salt=ET_SALT, window_seconds=DEFAULT_WINDOW_SECONDS, escape_early=True) token = ats.generateToken(url=query_salt_path) url = "http://{0}{1}?{2}={3}".format(ET_HOSTNAME, query_salt_path, ats.token_name, token) response = requests.get(url) self.assertEqual(404, response.status_code)
def test_acl_asta_escape_on__ignoreQuery_yes(self): ata = EdgeAuth(key=ET_ENCRYPTION_KEY, window_seconds=DEFAULT_WINDOW_SECONDS, escape_early=False) token = ata.generate_acl_token('/q_escape_ignore/*') url = "http://{0}{1}?{2}={3}".format(ET_HOSTNAME, '/q_escape_ignore/hello', ata.token_name, token) response = requests.get(url) self.assertEqual(404, response.status_code)
def test_acl_deli_escape_on__ignoreQuery_yes(self): atd = EdgeAuth(key=ET_ENCRYPTION_KEY, window_seconds=DEFAULT_WINDOW_SECONDS, escape_early=False) acl = ['/q_escape_ignore', '/q_escape_ignore/*'] token = atd.generateToken(acl=EdgeAuth.ACL_DELIMITER.join(acl)) url = "http://{0}{1}?{2}={3}".format(ET_HOSTNAME, '/q_escape_ignore', atd.token_name, token) response = requests.get(url) self.assertEqual(404, response.status_code) url = "http://{0}{1}?{2}={3}".format(ET_HOSTNAME, '/q_escape_ignore/world/', atd.token_name, token) response = requests.get(url) self.assertEqual(404, response.status_code)
def setUp(self): # Test for Query String self.at = EdgeAuth(**{'key': ET_ENCRYPTION_KEY, 'window_seconds': DEFAULT_WINDOW_SECONDS}) # Test for Cookie self.cat = EdgeAuth(key=ET_ENCRYPTION_KEY, algorithm='sha1', window_seconds=DEFAULT_WINDOW_SECONDS) # Test for Header self.hat = EdgeAuth(key=ET_ENCRYPTION_KEY, algorithm='md5', window_seconds=DEFAULT_WINDOW_SECONDS)
def test_times(self): if not (sys.version_info[0] == 2 and sys.version_info[1] <= 6): att = EdgeAuth(key=ET_ENCRYPTION_KEY, window_seconds=DEFAULT_WINDOW_SECONDS, escape_early=False) self.assertEqual(None, att.start_time) self.assertEqual(None, att.end_time) # start_time with self.assertRaises(EdgeAuthError): att.start_time = -1 att.generate_url_token("/") with self.assertRaises(EdgeAuthError): att.start_time = "hello" att.generate_url_token("/") # end_time with self.assertRaises(EdgeAuthError): att.end_time = -1 att.generate_url_token("/") with self.assertRaises(EdgeAuthError): att.end_time = "hello" att.generate_url_token("/") # window_seconds with self.assertRaises(EdgeAuthError): att.window_seconds = -1 att.generate_url_token("/") with self.assertRaises(EdgeAuthError): att.window_seconds = "hello" att.generate_url_token("/")
class TestEdgeAuth(unittest.TestCase): def setUp(self): # Test for Query String self.at = EdgeAuth(**{ 'key': ET_ENCRYPTION_KEY, 'window_seconds': DEFAULT_WINDOW_SECONDS }) # Test for Cookie self.cat = EdgeAuth(key=ET_ENCRYPTION_KEY, algorithm='sha1', window_seconds=DEFAULT_WINDOW_SECONDS) # Test for Header self.hat = EdgeAuth(key=ET_ENCRYPTION_KEY, algorithm='md5', window_seconds=DEFAULT_WINDOW_SECONDS) def _token_setting(self, ttype, escape_early, transition, payload, session_id): t = None if ttype == 'q': t = self.at elif ttype == 'c': t = self.cat elif ttype == 'h': t = self.hat if transition: t.key = ET_TRANSITION_KEY t.payload = payload t.session_id = session_id t.escape_early = escape_early def _queryAssertEqual(self, path, auth_path, expacted, escape_early=False, transition=False, payload=None, session_id=None, is_url=True): self._token_setting('q', escape_early, transition, payload, session_id) if is_url: token = self.at.generate_url_token(auth_path) else: token = self.at.generate_acl_token(auth_path) url = "http://{0}{1}{4}{2}={3}".format(ET_HOSTNAME, path, self.at.token_name, token, '&' if '?' in path else '?') response = requests.get(url) self.assertEqual(expacted, response.status_code) def _cookieAssertEqual(self, path, auth_path, expacted, escape_early=False, transition=False, payload=None, session_id=None, is_url=True): self._token_setting('c', escape_early, transition, payload, session_id) if is_url: token = self.cat.generate_url_token(auth_path) else: token = self.cat.generate_acl_token(auth_path) url = "http://{0}{1}".format(ET_HOSTNAME, path) response = requests.get(url, cookies={self.cat.token_name: token}) self.assertEqual(expacted, response.status_code) def _headerAssertEqual(self, path, auth_path, expacted, escape_early=False, transition=False, payload=None, session_id=None, is_url=True): self._token_setting('h', escape_early, transition, payload, session_id) if is_url: token = self.hat.generate_url_token(auth_path) else: token = self.hat.generate_acl_token(auth_path) url = "http://{0}{1}".format(ET_HOSTNAME, path) response = requests.get(url, headers={self.hat.token_name: token}) self.assertEqual(expacted, response.status_code) def _test_case_set(self, query_path, query_auth_path, cookie_path, cookie_auth_path, header_path, header_auth_path, escape_early, is_url): # General Test self._queryAssertEqual(query_path, query_auth_path, 404, escape_early=escape_early, is_url=is_url) self._cookieAssertEqual(cookie_path, cookie_auth_path, 404, escape_early=escape_early, is_url=is_url) self._headerAssertEqual(header_path, header_auth_path, 404, escape_early=escape_early, is_url=is_url) # Transition Key Test self._queryAssertEqual(query_path, query_auth_path, 404, transition=True, escape_early=escape_early, is_url=is_url) self._cookieAssertEqual(cookie_path, cookie_auth_path, 404, transition=True, escape_early=escape_early, is_url=is_url) self._headerAssertEqual(header_path, header_auth_path, 404, transition=True, escape_early=escape_early, is_url=is_url) # Payload Test self._queryAssertEqual(query_path, query_auth_path, 404, payload='SOME_PAYLOAD_DATA', escape_early=escape_early, is_url=is_url) self._cookieAssertEqual(cookie_path, cookie_auth_path, 404, payload='SOME_PAYLOAD_DATA', escape_early=escape_early, is_url=is_url) self._headerAssertEqual(header_path, header_auth_path, 404, payload='SOME_PAYLOAD_DATA', escape_early=escape_early, is_url=is_url) # Session Id Test self._queryAssertEqual(query_path, query_auth_path, 404, session_id='SOME_SESSION_ID_DATA', escape_early=escape_early, is_url=is_url) self._cookieAssertEqual(cookie_path, cookie_auth_path, 404, session_id='SOME_SESSION_ID_DATA', escape_early=escape_early, is_url=is_url) self._headerAssertEqual(header_path, header_auth_path, 404, session_id='SOME_SESSION_ID_DATA', escape_early=escape_early, is_url=is_url) ########## # URL TEST ########## def test_url_escape_on__ignoreQuery_yes(self): self._test_case_set("/q_escape_ignore?hello=world", "/q_escape_ignore", "/c_escape_ignore", "/c_escape_ignore", "/h_escape_ignore", "/h_escape_ignore", escape_early=True, is_url=True) def test_url_escape_off__ignoreQuery_yes(self): self._test_case_set("/q_ignore", "/q_ignore", "/c_ignore?1=2", "/c_ignore", "/h_ignore", "/h_ignore", escape_early=False, is_url=True) def test_url_escape_on__ignoreQuery_no(self): query_path = "/q_escape" cookie_path = "/c_escape" header_path = "/h_escape" self._test_case_set(query_path, query_path, cookie_path, cookie_path, header_path, header_path, escape_early=True, is_url=True) query_path = "/q_escape?" + quote("안녕=세상") cookie_path = "/c_escape?" + quote("hello=world") header_path = "/h_escape?" + quote("1=2") self._test_case_set(query_path, query_path, cookie_path, cookie_path, header_path, header_path, escape_early=True, is_url=True) def test_url_escape_off__ignoreQuery_no(self): query_path = "/q" cookie_path = "/c" header_path = "/h" self._test_case_set(query_path, query_path, cookie_path, cookie_path, header_path, header_path, escape_early=False, is_url=True) query_path = "/q" + quote("1=2") cookie_path = "/c" + quote("안녕=세상") header_path = "/h" + quote("hello=world") self._test_case_set(query_path, query_path, cookie_path, cookie_path, header_path, header_path, escape_early=False, is_url=True) def test_url_query_escape_on__ignore_yes_with_salt(self): query_salt_path = "/salt" ats = EdgeAuth(key=ET_ENCRYPTION_KEY, salt=ET_SALT, window_seconds=DEFAULT_WINDOW_SECONDS, escape_early=True) token = ats.generate_url_token(query_salt_path) url = "http://{0}{1}?{2}={3}".format(ET_HOSTNAME, query_salt_path, ats.token_name, token) response = requests.get(url) self.assertEqual(404, response.status_code) ########## ########## # ACL TEST ########## def test_acl_escape_on__ignoreQuery_yes(self): self._test_case_set("/q_escape_ignore/안녕", "/q_escape_ignore/*", "/c_escape_ignore/", "/c_escape_ignore/*", "/h_escape_ignore/hello", "/h_escape_ignore/*", escape_early=False, is_url=False) def test_acl_escape_off__ignoreQuery_yes(self): self._test_case_set("/q_ignore/world", "/q_ignore/??r??", "/c_ignore/a", "/c_ignore/?", "/h_ignore/112", "/h_ignore/??*", escape_early=False, is_url=False) def test_acl_escape_on__ignoreQuery_no(self): self._test_case_set("/q_escape/" + quote("안"), "/q_escape/?????????", "/c_escape/a/b/c/d", "/c_escape/*", "/h_escape/1/2", "/h_escape/*", escape_early=False, is_url=False) def test_acl_escape_off__ignoreQuery_no(self): self._test_case_set("/q/abc", "/q/???", "/c/세상/안녕", "/c/*", "/h", "/h", escape_early=False, is_url=False) def test_acl_asta_escape_on__ignoreQuery_yes(self): ata = EdgeAuth(key=ET_ENCRYPTION_KEY, window_seconds=DEFAULT_WINDOW_SECONDS, escape_early=False) token = ata.generate_acl_token('/q_escape_ignore/*') url = "http://{0}{1}?{2}={3}".format(ET_HOSTNAME, '/q_escape_ignore/hello', ata.token_name, token) response = requests.get(url) self.assertEqual(404, response.status_code) def test_acl_deli_escape_on__ignoreQuery_yes(self): atd = EdgeAuth(key=ET_ENCRYPTION_KEY, window_seconds=DEFAULT_WINDOW_SECONDS, escape_early=False) acl = ['/q_escape_ignore', '/q_escape_ignore/*'] token = atd.generate_acl_token(acl) url = "http://{0}{1}?{2}={3}".format(ET_HOSTNAME, '/q_escape_ignore', atd.token_name, token) response = requests.get(url) self.assertEqual(404, response.status_code) url = "http://{0}{1}?{2}={3}".format(ET_HOSTNAME, '/q_escape_ignore/world/', atd.token_name, token) response = requests.get(url) self.assertEqual(404, response.status_code) ########## def test_times(self): if not (sys.version_info[0] == 2 and sys.version_info[1] <= 6): att = EdgeAuth(key=ET_ENCRYPTION_KEY, window_seconds=DEFAULT_WINDOW_SECONDS, escape_early=False) self.assertEqual(None, att.start_time) self.assertEqual(None, att.end_time) # start_time with self.assertRaises(EdgeAuthError): att.start_time = -1 att.generate_url_token("/") with self.assertRaises(EdgeAuthError): att.start_time = "hello" att.generate_url_token("/") # end_time with self.assertRaises(EdgeAuthError): att.end_time = -1 att.generate_url_token("/") with self.assertRaises(EdgeAuthError): att.end_time = "hello" att.generate_url_token("/") # window_seconds with self.assertRaises(EdgeAuthError): att.window_seconds = -1 att.generate_url_token("/") with self.assertRaises(EdgeAuthError): att.window_seconds = "hello" att.generate_url_token("/")