def test_forget_gives_a_challenge_header(self):
policy = JWTAuthenticationPolicy()
req = self._make_authenticated_request("*****@*****.**", "/")
headers = policy.forget(req)
self.assertEqual(len(headers), 1)
self.assertEqual(headers[0][0], "WWW-Authenticate")
self.assertTrue(headers[0][1] == "Bearer")
def test_forget_gives_a_challenge_header(self):
policy = JWTAuthenticationPolicy()
req = self._make_authenticated_request("*****@*****.**", "/")
headers = policy.forget(req)
self.assertEqual(len(headers), 1)
self.assertEqual(headers[0][0], "WWW-Authenticate")
self.assertTrue(headers[0][1] == "JWT")
def test_can_get_claims_from_token(self):
claims = {'urn:websandhq.co.uk/auth:jti': 'hello'}
req = self._make_authenticated_request("*****@*****.**",
"/auth",
claims=claims)
policy = JWTAuthenticationPolicy(
master_secret="V8 JUICE IS 1/8TH GASOLINE")
encoded_claims = policy.get_claims(req)
self.assertTrue('urn:websandhq.co.uk/auth:jti' in encoded_claims)
self.assertEqual(encoded_claims['urn:websandhq.co.uk/auth:jti'],
'hello')
def test_can_get_claims_from_token(self):
claims = {
'urn:websandhq.co.uk/auth:jti': 'hello'
}
req = self._make_authenticated_request("*****@*****.**",
"/auth",
claims=claims)
policy = JWTAuthenticationPolicy(
master_secret="V8 JUICE IS 1/8TH GASOLINE")
encoded_claims = policy.get_claims(req)
self.assertTrue('urn:websandhq.co.uk/auth:jti' in encoded_claims)
self.assertEqual(encoded_claims['urn:websandhq.co.uk/auth:jti'],
'hello')
def test_from_settings_can_explicitly_set_all_properties(self):
policy = JWTAuthenticationPolicy.from_settings({
"jwtauth.find_groups": "pyramid_jwtauth.tests.test_jwtauth:stub_find_groups",
"jwtauth.master_secret": MASTER_SECRET,
# "jwtauth.decode_mac_id": "pyramid_macauth.tests:stub_decode_mac_id",
# "jwtauth.encode_mac_id": "pyramid_macauth.tests:stub_encode_mac_id",
})
self.assertEqual(policy.find_groups, stub_find_groups)
self.assertEqual(policy.master_secret, MASTER_SECRET)
def test_from_settings_can_explicitly_set_all_properties(self):
policy = JWTAuthenticationPolicy.from_settings({
"jwtauth.find_groups":
"pyramid_jwtauth.tests.test_jwtauth:stub_find_groups",
"jwtauth.master_secret":
MASTER_SECRET,
# "jwtauth.decode_mac_id": "pyramid_macauth.tests:stub_decode_mac_id",
# "jwtauth.encode_mac_id": "pyramid_macauth.tests:stub_encode_mac_id",
})
self.assertEqual(policy.find_groups, stub_find_groups)
self.assertEqual(policy.master_secret, MASTER_SECRET)
def test_default_groupfinder_returns_empty_list(self):
policy = JWTAuthenticationPolicy()
req = self._make_request("/auth")
self.assertEqual(policy.find_groups("test", req), [])
def test_forget_gives_a_challenge_header_with_custom_scheme(self):
policy = JWTAuthenticationPolicy(scheme='Bearer')
req = self._make_authenticated_request("*****@*****.**", "/")
headers = policy.forget(req)
self.assertTrue(headers[0][1] == "Bearer")
def test_remember_does_nothing(self):
policy = JWTAuthenticationPolicy()
req = self._make_authenticated_request("*****@*****.**", "/")
self.assertEqual(policy.remember(req, "*****@*****.**"), [])
def test_from_settings_produces_sensible_defaults(self):
policy = JWTAuthenticationPolicy.from_settings({})
# Using __code__ here is a Py2/Py3 compatible way of checking
# that a bound and unbound method point to the same function object.
self.assertEqual(policy.find_groups.__code__,
JWTAuthenticationPolicy.find_groups.__code__)
def test_default_groupfinder_returns_empty_list(self):
policy = JWTAuthenticationPolicy()
req = self._make_request("/auth")
self.assertEqual(policy.find_groups("test", req), [])
def test_forget_gives_a_challenge_header_with_custom_scheme(self):
policy = JWTAuthenticationPolicy(scheme='Bearer')
req = self._make_authenticated_request("*****@*****.**", "/")
headers = policy.forget(req)
self.assertTrue(headers[0][1] == "Bearer")
def test_remember_does_nothing(self):
policy = JWTAuthenticationPolicy()
req = self._make_authenticated_request("*****@*****.**", "/")
self.assertEqual(policy.remember(req, "*****@*****.**"), [])
def test_from_settings_produces_sensible_defaults(self):
policy = JWTAuthenticationPolicy.from_settings({})
# Using __code__ here is a Py2/Py3 compatible way of checking
# that a bound and unbound method point to the same function object.
self.assertEqual(policy.find_groups.__code__,
JWTAuthenticationPolicy.find_groups.__code__)
def configure_karl(config, load_zcml=True):
# Authorization/Authentication policies
settings = config.registry.settings
authentication_policy = MultiAuthenticationPolicy([
JWTAuthenticationPolicy.from_settings(settings),
AuthTktAuthenticationPolicy(
settings['who_secret'],
callback=group_finder,
cookie_name=settings['who_cookie']),
# for b/w compat with bootstrapper
RepozeWho1AuthenticationPolicy(callback=group_finder),
BasicAuthenticationPolicy(),
])
config.set_authorization_policy(ACLAuthorizationPolicy())
config.set_authentication_policy(authentication_policy)
# Static tree revisions routing
static_rev = settings.get('static_rev')
if not static_rev:
static_rev = _guess_static_rev()
settings['static_rev'] = static_rev
config.add_static_view('/static/%s' % static_rev, 'karl.views:static',
cache_max_age=60 * 60 * 24 * 365)
# Add a redirecting static view to all _other_ revisions.
def _expired_static_predicate(info, request):
# We add a redirecting route to all static/*,
# _except_ if it starts with the active revision segment.
path = info['match']['path']
return path and path[0] != static_rev
config.add_route('expired-static', '/static/*path',
custom_predicates=(_expired_static_predicate, ))
# Need a session if using Velruse
config.set_session_factory(Session(settings['who_secret']))
config.include('karl.debugload')
config.include('karl.underprofile')
if load_zcml:
config.hook_zca()
config.include('pyramid_zcml')
config.load_zcml('standalone.zcml')
debug = asbool(settings.get('debug', 'false'))
if not debug:
config.add_view('karl.errorpage.errorpage', context=Exception,
renderer="karl.views:templates/errorpage.pt")
config.add_view('karl.errorpage.errorpage', context=HTTPNotFound,
renderer="karl.views:templates/errorpage.pt")
config.add_view('karl.errorpage.errorpage', context=NotFound,
renderer="karl.views:templates/errorpage.pt")
config.add_view('karl.errorpage.errorpage', context=ReadOnlyError,
renderer="karl.views:templates/errorpage.pt")
debugtoolbar = asbool(settings.get('debugtoolbar', 'false'))
if debugtoolbar and pyramid_debugtoolbar:
config.include(pyramid_debugtoolbar)
config.add_subscriber(block_webdav, NewRequest)
# override renderer for jwtauth requests
config.add_renderer(name='karl_json', factory=karl_json_renderer_factory)
config.add_subscriber(jwtauth_override, NewRequest)
if slowlog is not None:
config.include(slowlog)
if perfmetrics is not None:
config.include(perfmetrics)
if 'intranet_search_paths' in settings:
settings['intranet_search_paths'] = settings[
'intranet_search_paths'].split()
else:
settings['intranet_search_paths'] = ('/profiles', '/offices')
# admin5 Admin UI
config.include('admin5')
config.include('karl.box')
