def testReportsErrorOnNonHomepagesWhenAuthorizationHeaderIsMissing(self):
environ = werkzeug_test.EnvironBuilder(path="/foo").get_environ()
request = wsgiapp.HttpRequest(environ)
response = self.manager.SecurityCheck(self.HandlerStub, request)
self.assertEqual(response.get_data(as_text=True),
"JWT token validation failed: JWT token is missing.")
def testProcessesRequestWithUsernameFromTrustedIp(self):
environ = werkzeug_test.EnvironBuilder(environ_base={
"REMOTE_ADDR": "127.0.0.1",
"HTTP_X_REMOTE_USER": "******"
}).get_environ()
request = wsgiapp.HttpRequest(environ)
response = self.manager.SecurityCheck(self.HandlerStub, request)
self.assertEqual(response, self.success_response)
def testRejectsRequestWithoutRemoteUserHeader(self):
environ = werkzeug_test.EnvironBuilder(environ_base={
"REMOTE_ADDR": "127.0.0.1"
}).get_environ()
request = wsgiapp.HttpRequest(environ)
response = self.manager.SecurityCheck(self.HandlerStub, request)
self.assertEqual(
response.get_data(as_text=True), "No username header found.")
def testRejectsRequestWithEmptyUsername(self):
environ = werkzeug_test.EnvironBuilder(environ_base={
"REMOTE_ADDR": "127.0.0.1",
"HTTP_X_REMOTE_USER": ""
}).get_environ()
request = wsgiapp.HttpRequest(environ)
response = self.manager.SecurityCheck(self.HandlerStub, request)
self.assertEqual(
response.get_data(as_text=True), "Empty username is not allowed.")
def testRejectsRequestFromUntrustedIp(self):
environ = werkzeug_test.EnvironBuilder(environ_base={
"REMOTE_ADDR": "127.0.0.2"
}).get_environ()
request = wsgiapp.HttpRequest(environ)
response = self.manager.SecurityCheck(self.HandlerStub, request)
self.assertEqual(
response.get_data(as_text=True),
"Request sent from an IP not in AdminUI.remote_user_trusted_ips.")
def testVerifiesTokenWithProjectIdFromDomain(self, mock_method):
environ = werkzeug_test.EnvironBuilder(headers={
"Authorization": "Bearer blah"
}).get_environ()
request = wsgiapp.HttpRequest(environ)
self.manager.SecurityCheck(self.HandlerStub, request)
self.assertEqual(mock_method.call_count, 1)
self.assertEqual(mock_method.call_args_list[0][0], ("blah", request))
self.assertEqual(mock_method.call_args_list[0][1], dict(audience="foo-bar"))
def testPassesThroughHomepageOnVerificationFailure(self, mock_method):
_ = mock_method
environ = werkzeug_test.EnvironBuilder(headers={
"Authorization": "Bearer blah"
}).get_environ()
request = wsgiapp.HttpRequest(environ)
response = self.manager.SecurityCheck(self.HandlerStub, request)
self.assertEqual(response, self.success_response)
def testReportsErrorWhenBearerPrefixIsMissing(self):
environ = werkzeug_test.EnvironBuilder(path="/foo",
headers={
"Authorization": "blah"
}).get_environ()
request = wsgiapp.HttpRequest(environ)
response = self.manager.SecurityCheck(self.HandlerStub, request)
self.assertEqual(response.get_data(as_text=True),
"JWT token validation failed: JWT token is missing.")
def testFillsRequestUserFromTokenEmailOnSuccess(self, mock_method):
_ = mock_method
environ = werkzeug_test.EnvironBuilder(headers={
"Authorization": "Bearer blah"
}).get_environ()
request = wsgiapp.HttpRequest(environ)
self.manager.SecurityCheck(self.HandlerStub, request)
self.assertTrue(self.checked_request)
self.assertEqual(self.checked_request.user, "*****@*****.**")
def testReportsErrorIfIssuerIsWrong(self, mock_method):
_ = mock_method
environ = werkzeug_test.EnvironBuilder(
path="/foo", headers={
"Authorization": "Bearer blah"
}).get_environ()
request = wsgiapp.HttpRequest(environ)
response = self.manager.SecurityCheck(self.HandlerStub, request)
self.assertEqual(
response.get_data(as_text=True),
"JWT token validation failed: Wrong issuer.")
def testLogHttpAdminUIAccess(self):
stats.STATS.RegisterCounterMetric("grr_gin_request_count")
request = wsgiapp.HttpRequest({
"wsgi.url_scheme": "http",
"SERVER_NAME": "foo.bar",
"SERVER_PORT": "1234"
})
request.user = "******"
response = werkzeug_wrappers.Response(status=202,
headers={
"X-GRR-Reason":
"foo/test1234",
"X-API-Method": "TestMethod"
})
self.l.LogHttpAdminUIAccess(request, response)
self.assertIn("foo/test1234", self.log)
def testPassesThroughHomepageWhenAuthorizationHeaderIsMissing(self):
environ = werkzeug_test.EnvironBuilder().get_environ()
request = wsgiapp.HttpRequest(environ)
response = self.manager.SecurityCheck(self.HandlerStub, request)
self.assertEqual(response, self.success_response)