Exemplo n.º 1
0
    def test_unauthenticated_userid_returns_userid_from_token(self, fake_token, pyramid_request):
        policy = TokenAuthenticationPolicy()
        pyramid_request.auth_token = fake_token

        result = policy.unauthenticated_userid(pyramid_request)

        assert result == "acct:[email protected]"
Exemplo n.º 2
0
    def test_unauthenticated_userid_returns_userid_from_token(self, pyramid_request):
        policy = TokenAuthenticationPolicy()
        pyramid_request.auth_token = 'valid123'

        result = policy.unauthenticated_userid(pyramid_request)

        assert result == 'acct:[email protected]'
Exemplo n.º 3
0
    def test_unauthenticated_userid_returns_none_if_token_invalid(self, pyramid_request, token_service):
        policy = TokenAuthenticationPolicy()
        token_service.validate.return_value = None
        pyramid_request.auth_token = 'abcd123'

        result = policy.unauthenticated_userid(pyramid_request)

        assert result is None
Exemplo n.º 4
0
    def test_unauthenticated_userid_returns_none_if_token_invalid(self, pyramid_request):
        policy = TokenAuthenticationPolicy()
        token = DummyToken(valid=False)
        pyramid_request.auth_token = token

        result = policy.unauthenticated_userid(pyramid_request)

        assert result is None
Exemplo n.º 5
0
    def test_unauthenticated_userid_returns_none_if_token_invalid(
            self, pyramid_request):
        policy = TokenAuthenticationPolicy()
        token = DummyToken(valid=False)
        pyramid_request.auth_token = token

        result = policy.unauthenticated_userid(pyramid_request)

        assert result is None
Exemplo n.º 6
0
    def test_authenticated_userid_uses_callback(self, pyramid_request):
        def callback(userid, request):
            return None
        policy = TokenAuthenticationPolicy(callback=callback)
        pyramid_request.auth_token = 'valid123'

        result = policy.authenticated_userid(pyramid_request)

        assert result is None
Exemplo n.º 7
0
    def test_unauthenticated_userid_returns_none_if_neither_token_valid(self, jwt, api_token):
        policy = TokenAuthenticationPolicy()
        api_token.return_value = None
        jwt.return_value = None
        request = DummyRequest(headers={'Authorization': 'Bearer f00ba12'})

        result = policy.unauthenticated_userid(request)

        assert result is None
Exemplo n.º 8
0
    def test_unauthenticated_userid_returns_userid_from_jwt_as_fallback(self, jwt, api_token):
        policy = TokenAuthenticationPolicy()
        api_token.return_value = None
        jwt.return_value = 'acct:[email protected]'
        request = DummyRequest(headers={'Authorization': 'Bearer f00ba12'})

        result = policy.unauthenticated_userid(request)

        assert result == 'acct:[email protected]'
Exemplo n.º 9
0
    def test_unauthenticated_userid_returns_userid_from_api_token_if_present(self, jwt, api_token, pyramid_request):
        policy = TokenAuthenticationPolicy()
        api_token.return_value = 'acct:[email protected]'
        jwt.return_value = 'acct:[email protected]'
        pyramid_request.headers = {'Authorization': 'Bearer f00ba12'}

        result = policy.unauthenticated_userid(pyramid_request)

        assert result == 'acct:[email protected]'
Exemplo n.º 10
0
    def test_unauthenticated_userid_returns_none_for_invalid_query_param_token(self, pyramid_request):
        """When the path is `/ws` but the token is invalid, it should still return None."""

        policy = TokenAuthenticationPolicy()
        pyramid_request.GET['access_token'] = 'expired'
        pyramid_request.path = '/ws'

        result = policy.unauthenticated_userid(pyramid_request)

        assert result is None
Exemplo n.º 11
0
    def test_effective_principals_uses_callback(self, fake_token, pyramid_request):
        def callback(userid, request):
            return [userid + ".foo", "group:donkeys"]

        policy = TokenAuthenticationPolicy(callback=callback)
        pyramid_request.auth_token = fake_token

        result = policy.effective_principals(pyramid_request)

        assert set(result) > set(["acct:[email protected]", "acct:[email protected]", "group:donkeys"])
Exemplo n.º 12
0
    def test_unauthenticated_userid_returns_userid_from_jwt_as_fallback(
            self, jwt, api_token):
        policy = TokenAuthenticationPolicy()
        api_token.return_value = None
        jwt.return_value = 'acct:[email protected]'
        request = DummyRequest(headers={'Authorization': 'Bearer f00ba12'})

        result = policy.unauthenticated_userid(request)

        assert result == 'acct:[email protected]'
Exemplo n.º 13
0
    def test_unauthenticated_userid_passes_token_to_extractor_functions(self, jwt, api_token):
        policy = TokenAuthenticationPolicy()
        api_token.return_value = None
        jwt.return_value = None
        request = DummyRequest(headers={'Authorization': 'Bearer f00ba12'})

        policy.unauthenticated_userid(request)

        api_token.assert_called_once_with('f00ba12')
        jwt.assert_called_once_with('f00ba12', request)
Exemplo n.º 14
0
    def test_unauthenticated_userid_returns_none_if_neither_token_valid(
            self, jwt, api_token):
        policy = TokenAuthenticationPolicy()
        api_token.return_value = None
        jwt.return_value = None
        request = DummyRequest(headers={'Authorization': 'Bearer f00ba12'})

        result = policy.unauthenticated_userid(request)

        assert result is None
Exemplo n.º 15
0
    def test_unauthenticated_userid_returns_userid_from_query_params_token(self, pyramid_request):
        """When the path is `/ws` then we look into the query string parameters as well."""

        policy = TokenAuthenticationPolicy()
        pyramid_request.GET['access_token'] = 'valid123'
        pyramid_request.path = '/ws'

        result = policy.unauthenticated_userid(pyramid_request)

        assert result == 'acct:[email protected]'
Exemplo n.º 16
0
    def test_authenticated_userid_uses_callback(self, jwt, api_token):
        def callback(userid, request):
            return None
        policy = TokenAuthenticationPolicy(callback=callback)
        api_token.return_value = 'acct:[email protected]'
        jwt.return_value = None
        request = DummyRequest(headers={'Authorization': 'Bearer f00ba12'})

        result = policy.authenticated_userid(request)

        assert result is None
Exemplo n.º 17
0
    def test_effective_principals_uses_callback(self, pyramid_request):
        def callback(userid, request):
            return [userid + '.foo', 'group:donkeys']
        policy = TokenAuthenticationPolicy(callback=callback)
        pyramid_request.auth_token = 'valid123'

        result = policy.effective_principals(pyramid_request)

        assert set(result) > set(['acct:[email protected]',
                                  'acct:[email protected]',
                                  'group:donkeys'])
Exemplo n.º 18
0
    def test_unauthenticated_userid_passes_token_to_extractor_functions(
            self, jwt, api_token):
        policy = TokenAuthenticationPolicy()
        api_token.return_value = None
        jwt.return_value = None
        request = DummyRequest(headers={'Authorization': 'Bearer f00ba12'})

        policy.unauthenticated_userid(request)

        api_token.assert_called_once_with('f00ba12')
        jwt.assert_called_once_with('f00ba12', request)
Exemplo n.º 19
0
    def test_authenticated_userid_uses_callback(self, jwt, api_token):
        def callback(userid, request):
            return None

        policy = TokenAuthenticationPolicy(callback=callback)
        api_token.return_value = 'acct:[email protected]'
        jwt.return_value = None
        request = DummyRequest(headers={'Authorization': 'Bearer f00ba12'})

        result = policy.authenticated_userid(request)

        assert result is None
Exemplo n.º 20
0
    def test_unauthenticated_userid_skips_query_param_for_non_ws_requests(self, pyramid_request):
        """
        When we have a valid token in the `access_token` query param, but it's
        not a request to /ws, then we should ignore this access token.
        """

        policy = TokenAuthenticationPolicy()
        pyramid_request.GET['access_token'] = 'valid123'
        pyramid_request.path = '/api'

        result = policy.unauthenticated_userid(pyramid_request)

        assert result is None
Exemplo n.º 21
0
    def test_effective_principals_uses_callback(self, jwt, api_token):
        def callback(userid, request):
            return [userid + '.foo', 'group:donkeys']
        policy = TokenAuthenticationPolicy(callback=callback)
        api_token.return_value = 'acct:[email protected]'
        jwt.return_value = None
        request = DummyRequest(headers={'Authorization': 'Bearer f00ba12'})

        result = policy.effective_principals(request)

        assert set(result) > set(['acct:[email protected]',
                                  'acct:[email protected]',
                                  'group:donkeys'])
Exemplo n.º 22
0
    def test_effective_principals_uses_callback(self, pyramid_request):
        def callback(userid, request):
            return [userid + ".foo", "group:donkeys"]

        policy = TokenAuthenticationPolicy(callback=callback)
        pyramid_request.auth_token = "valid123"

        result = policy.effective_principals(pyramid_request)

        assert set(result) > {
            "acct:[email protected]",
            "acct:[email protected]",
            "group:donkeys",
        }
Exemplo n.º 23
0
    def test_effective_principals_uses_callback(self, jwt, api_token):
        def callback(userid, request):
            return [userid + '.foo', 'group:donkeys']

        policy = TokenAuthenticationPolicy(callback=callback)
        api_token.return_value = 'acct:[email protected]'
        jwt.return_value = None
        request = DummyRequest(headers={'Authorization': 'Bearer f00ba12'})

        result = policy.effective_principals(request)

        assert set(result) > set([
            'acct:[email protected]', 'acct:[email protected]', 'group:donkeys'
        ])
Exemplo n.º 24
0
def create_app(global_config, **settings):
    config = configure(settings=settings)

    config.add_request_method(features.Client, name='feature', reify=True)

    config.set_authorization_policy(ACLAuthorizationPolicy())

    policy = MultiAuthenticationPolicy([
        TokenAuthenticationPolicy(callback=groupfinder),
        SessionAuthenticationPolicy(callback=groupfinder),
    ])
    config.set_authentication_policy(policy)

    config.include('h.auth')
    config.include('h.sentry')
    config.include('h.stats')

    # We have to include models and db to set up sqlalchemy metadata.
    config.include('h.models')
    config.include('h.db')
    config.include('h.api.db')

    # We have to include search to set up the `request.es` property.
    config.include('h.api.search')

    config.include('h.streamer')

    return config.make_wsgi_app()
Exemplo n.º 25
0
    def test_unauthenticated_userid_is_none_if_no_token(self, pyramid_request):
        policy = TokenAuthenticationPolicy()

        assert policy.unauthenticated_userid(pyramid_request) is None
Exemplo n.º 26
0
    def test_remember_does_nothing(self, pyramid_request):
        policy = TokenAuthenticationPolicy()

        assert policy.remember(pyramid_request, "foo") == []
Exemplo n.º 27
0
    def test_remember_does_nothing(self, pyramid_request):
        policy = TokenAuthenticationPolicy()

        assert policy.remember(pyramid_request, "foo") == []
Exemplo n.º 28
0
    def test_forget_does_nothing(self, pyramid_request):
        policy = TokenAuthenticationPolicy()

        assert policy.forget(pyramid_request) == []
Exemplo n.º 29
0
    def test_remember_does_nothing(self):
        policy = TokenAuthenticationPolicy()
        request = DummyRequest()

        assert policy.remember(request, 'foo') == []
Exemplo n.º 30
0
 def policy(self):
     self.session_policy = mock.Mock(spec_set=SessionAuthenticationPolicy())
     self.token_policy = mock.Mock(spec_set=TokenAuthenticationPolicy())
     self.policy = AuthenticationPolicy()
     self.policy.session_policy = self.session_policy
     self.policy.token_policy = self.token_policy
Exemplo n.º 31
0
    def test_forget_does_nothing(self, pyramid_request):
        policy = TokenAuthenticationPolicy()

        assert policy.forget(pyramid_request) == []
Exemplo n.º 32
0
    def test_unauthenticated_userid_is_none_if_header_incorrectly_formatted(self, value):
        policy = TokenAuthenticationPolicy()
        request = DummyRequest(headers={'Authorization': value})

        assert policy.unauthenticated_userid(request) is None
Exemplo n.º 33
0
    def test_unauthenticated_userid_is_none_if_header_missing(self):
        policy = TokenAuthenticationPolicy()
        request = DummyRequest()

        assert policy.unauthenticated_userid(request) is None
Exemplo n.º 34
0
    def test_unauthenticated_userid_is_none_if_header_missing(self):
        policy = TokenAuthenticationPolicy()
        request = DummyRequest()

        assert policy.unauthenticated_userid(request) is None
Exemplo n.º 35
0
    def test_unauthenticated_userid_is_none_if_header_incorrectly_formatted(
            self, value):
        policy = TokenAuthenticationPolicy()
        request = DummyRequest(headers={'Authorization': value})

        assert policy.unauthenticated_userid(request) is None
Exemplo n.º 36
0
    def test_unauthenticated_userid_is_none_if_no_token(self, pyramid_request):
        policy = TokenAuthenticationPolicy()

        assert policy.unauthenticated_userid(pyramid_request) is None
Exemplo n.º 37
0
    def test_remember_does_nothing(self):
        policy = TokenAuthenticationPolicy()
        request = DummyRequest()

        assert policy.remember(request, 'foo') == []
Exemplo n.º 38
0
    def test_forget_does_nothing(self):
        policy = TokenAuthenticationPolicy()
        request = DummyRequest()

        assert policy.forget(request) == []
Exemplo n.º 39
0
    def test_forget_does_nothing(self):
        policy = TokenAuthenticationPolicy()
        request = DummyRequest()

        assert policy.forget(request) == []
Exemplo n.º 40
0
from h.auth.policy import TokenAuthenticationPolicy
from h.auth.util import default_authority, groupfinder
from h.security import derive_key

__all__ = (
    'DEFAULT_POLICY',
    'WEBSOCKET_POLICY',
)

log = logging.getLogger(__name__)

PROXY_POLICY = RemoteUserAuthenticationPolicy(
    environ_key='HTTP_X_FORWARDED_USER', callback=groupfinder)
TICKET_POLICY = pyramid_authsanity.AuthServicePolicy()

TOKEN_POLICY = TokenAuthenticationPolicy(callback=groupfinder)
AUTH_CLIENT_POLICY = AuthClientPolicy()

API_POLICY = APIAuthenticationPolicy(user_policy=TOKEN_POLICY,
                                     client_policy=AUTH_CLIENT_POLICY)

DEFAULT_POLICY = AuthenticationPolicy(api_policy=API_POLICY,
                                      fallback_policy=TICKET_POLICY)
WEBSOCKET_POLICY = TOKEN_POLICY


def includeme(config):
    global DEFAULT_POLICY
    global WEBSOCKET_POLICY

    # Set up authsanity
Exemplo n.º 41
0
    def test_unauthenticated_userid_is_none_if_header_incorrectly_formatted(self, pyramid_request, value):
        policy = TokenAuthenticationPolicy()
        pyramid_request.headers = {'Authorization': value}

        assert policy.unauthenticated_userid(pyramid_request) is None