class BrainSecuritiesConfiguration(BaseSectionConfigurationData):
def __init__(self):
BaseSectionConfigurationData.__init__(self, "security")
self._authorisation = None
self._authentication = None
self._account_linker = None
@property
def authorisation(self):
return self._authorisation
@property
def authentication(self):
return self._authentication
@property
def account_linker(self):
return self._account_linker
def load_config_section(self, configuration_file, configuration, bot_root):
securities = configuration_file.get_section(self.section_name, configuration)
if securities is not None:
self._authentication = BrainSecurityAuthenticationConfiguration()
self._authentication.load_config_section(configuration_file, securities, bot_root)
self._authorisation = BrainSecurityAuthorisationConfiguration()
self._authorisation.load_config_section(configuration_file, securities, bot_root)
self._account_linker = BrainSecurityAccountLinkerConfiguration()
self._account_linker.load_config_section(configuration_file, securities, bot_root)
def to_yaml(self, data, defaults=True):
self.config_to_yaml(data, BrainSecurityAuthenticationConfiguration(), defaults)
self.config_to_yaml(data, BrainSecurityAuthorisationConfiguration(), defaults)
self.config_to_yaml(data, BrainSecurityAccountLinkerConfiguration(), defaults)
def load_config_section(self,
configuration_file,
configuration,
bot_root,
subs: Substitutions = None):
securities = configuration_file.get_section(self.section_name,
configuration)
if securities is not None:
self._authentication = BrainSecurityAuthenticationConfiguration()
self._authentication.load_config_section(configuration_file,
securities,
bot_root,
subs=subs)
self._authorisation = BrainSecurityAuthorisationConfiguration()
self._authorisation.load_config_section(configuration_file,
securities,
bot_root,
subs=subs)
self._account_linker = BrainSecurityAccountLinkerConfiguration()
self._account_linker.load_config_section(configuration_file,
securities,
bot_root,
subs=subs)
class BrainSecuritiesConfiguration(BaseSectionConfigurationData):
def __init__(self):
BaseSectionConfigurationData.__init__(self, "security")
self._authorisation = None
self._authentication = None
@property
def authorisation(self):
return self._authorisation
@property
def authentication(self):
return self._authentication
def load_config_section(self, configuration_file, configuration, bot_root):
securities = configuration_file.get_section(self.section_name, configuration)
if securities is not None:
self._authentication = BrainSecurityAuthenticationConfiguration()
self._authentication.load_config_section(configuration_file, securities, bot_root)
self._authorisation = BrainSecurityAuthorisationConfiguration()
self._authorisation.load_config_section(configuration_file, securities, bot_root)
def to_yaml(self, data, defaults=True):
self.config_to_yaml(data, BrainSecurityAuthenticationConfiguration(), defaults)
self.config_to_yaml(data, BrainSecurityAuthorisationConfiguration(), defaults)
def test_authentication_with_data_denied_srai(self):
yaml = YamlConfigurationFile()
self.assertIsNotNone(yaml)
yaml.load_from_text(
"""
brain:
security:
authentication:
classname: programy.security.authenticate.passthrough.PassThroughAuthenticationService
denied_srai: AUTHENTICATION_FAILED
""", ConsoleConfiguration(), ".")
brain_config = yaml.get_section("brain")
self.assertIsNotNone(brain_config)
services_config = yaml.get_section("security", brain_config)
self.assertIsNotNone(services_config)
service_config = BrainSecurityAuthenticationConfiguration()
service_config.load_config_section(yaml, services_config, ".")
self.assertEqual(
"programy.security.authenticate.passthrough.PassThroughAuthenticationService",
service_config.classname)
self.assertEqual("AUTHENTICATION_FAILED", service_config.denied_srai)
self.assertEqual(
BrainSecurityAuthenticationConfiguration.DEFAULT_ACCESS_DENIED,
service_config.denied_text)
def load_config_section(self, configuration_file, configuration, bot_root):
securities = configuration_file.get_section(self.section_name,
configuration)
if securities is not None:
self._authentication = BrainSecurityAuthenticationConfiguration()
self._authentication.load_config_section(configuration_file,
securities, bot_root)
self._authorisation = BrainSecurityAuthorisationConfiguration()
self._authorisation.load_config_section(configuration_file,
securities, bot_root)
def to_yaml(self, data, defaults=True):
self.config_to_yaml(data, BrainSecurityAuthenticationConfiguration(),
defaults)
self.config_to_yaml(data, BrainSecurityAuthorisationConfiguration(),
defaults)
self.config_to_yaml(data, BrainSecurityAccountLinkerConfiguration(),
defaults)
def test_init(self):
service = ClientIdAuthenticationService(BrainSecurityAuthenticationConfiguration())
self.assertIsNotNone(service)
self._client_context._userid = "console"
self.assertTrue(service.authenticate(self._client_context))
self._client_context._userid = "anyone"
self.assertFalse(service.authenticate(self._client_context))
def load_config_section(self, configuration_file, configuration, bot_root):
securities = configuration_file.get_section(self.section_name, configuration)
if securities is not None:
self._authentication = BrainSecurityAuthenticationConfiguration()
self._authentication.load_config_section(configuration_file, securities, bot_root)
self._authorisation = BrainSecurityAuthorisationConfiguration()
self._authorisation.load_config_section(configuration_file, securities, bot_root)
def load_configuration(self, arguments):
super(AuthenticateTestClient, self).load_configuration(arguments)
self.configuration.client_configuration.configurations[0].configurations[
0].security._authentication = BrainSecurityAuthenticationConfiguration(
"authentication")
self.configuration.client_configuration.configurations[0].configurations[
0].security.authentication._classname = "programytest.aiml_tests.authenticate_tests.test_authenticate_aiml.MockAuthenticationService"
self.configuration.client_configuration.configurations[
0].configurations[
0].security.authentication._denied_srai = "AUTHENTICATED_FAILED"
def test_authorise_success(self):
service = MockClientIdAuthenticationService(BrainSecurityAuthenticationConfiguration())
service.should_authorised = True
self.assertTrue("console" in service.authorised)
self._client_context._userid = "console"
self.assertTrue(service.authenticate(self._client_context))
self.assertFalse("unknown" in service.authorised)
self._client_context._userid = "unknown"
self.assertTrue(service.authenticate(self._client_context))
self.assertTrue("unknown" in service.authorised)
def test_defaults(self):
authenticate_config = BrainSecurityAuthenticationConfiguration()
data = {}
authenticate_config.to_yaml(data, True)
BrainSecurityConfigurationTests.assert_authenticate_defaults(
self, data)
authorise_config = BrainSecurityAuthorisationConfiguration()
data = {}
authorise_config.to_yaml(data, True)
BrainSecurityConfigurationTests.assert_authorise_defaults(self, data)
accountlinker_config = BrainSecurityAccountLinkerConfiguration()
data = {}
accountlinker_config.to_yaml(data, True)
BrainSecurityConfigurationTests.assert_accountlinker_defaults(
self, data)
def test_authentication_with_data_neither_denied_srai_or_text(self):
yaml = YamlConfigurationFile()
self.assertIsNotNone(yaml)
yaml.load_from_text("""
brain:
security:
authentication:
classname: programy.security.authenticate.passthrough.PassThroughAuthenticationService
""", ConsoleConfiguration(), ".")
brain_config = yaml.get_section("brain")
self.assertIsNotNone(brain_config)
services_config = yaml.get_section("security", brain_config)
self.assertIsNotNone(services_config)
service_config = BrainSecurityAuthenticationConfiguration()
service_config.load_config_section(yaml, services_config, ".")
self.assertEqual("programy.security.authenticate.passthrough.PassThroughAuthenticationService", service_config.classname)
self.assertEqual(BrainSecurityAuthenticationConfiguration.DEFAULT_ACCESS_DENIED, service_config.denied_text)
self.assertEqual(BrainSecurityAuthenticationConfiguration.DEFAULT_ACCESS_DENIED, service_config.denied_text)
def test_fail_load_authorisation_class(self):
config = BrainSecuritiesConfiguration()
config._authorisation = BrainSecurityAuthorisationConfiguration()
config._authentication = BrainSecurityAuthenticationConfiguration()
config._account_linker = BrainSecurityAccountLinkerConfiguration()
mgr = MockSecurityManager(config, fail_authorise=True)
self.assertIsNotNone(mgr)
client = TestClient()
mgr.load_security_services(client)
self.assertIsNone(mgr.authorisation)
self.assertIsNotNone(mgr.authentication)
self.assertIsNotNone(mgr.account_linker)
def test_service(self):
client = TestClient()
client_context = ClientContext(client, "unknown")
client_context.bot = Bot(BotConfiguration(), client)
client_context.bot.configuration.conversations._max_histories = 3
client_context.brain = client_context.bot.brain
service = BasicPassThroughAuthenticationService(
BrainSecurityAuthenticationConfiguration("authentication"))
self.assertIsNotNone(service)
self.assertIsNotNone(service.configuration)
client_context._userid = "console"
self.assertTrue(service.authenticate(client_context))
client_context._userid = "anyone"
self.assertTrue(service.authenticate(client_context))
def test_fail_load_account_linking_class_missing(self):
config = BrainSecuritiesConfiguration()
config._authorisation = BrainSecurityAuthorisationConfiguration()
config._authentication = BrainSecurityAuthenticationConfiguration()
config._account_linker = BrainSecurityAccountLinkerConfiguration()
config._account_linker._classname = None
mgr = SecurityManager(config)
self.assertIsNotNone(mgr)
client = TestClient()
mgr.load_security_services(client)
self.assertIsNotNone(mgr.authorisation)
self.assertIsNotNone(mgr.authentication)
self.assertIsNone(mgr.account_linker)
def test_authorise_failure(self):
service = MockClientIdAuthenticationService(
BrainSecurityAuthenticationConfiguration())
service.should_authorised = False
self.assertFalse("unknown" in service.authorised)
self.assertFalse(service.authenticate(self._client_context))
def test_authorise_exception(self):
service = MockClientIdAuthenticationService(
BrainSecurityAuthenticationConfiguration())
service.should_authorised = True
service.raise_exception = True
self.assertFalse(service.authenticate(self._client_context._userid))