def test_cors_origin_single(self):
self._app.mod_opts["cors_origin"] = "http://example.com"
response = yield self.http_client.fetch(
self.get_url("/login"),
method="POST",
body=urllib.parse.urlencode(self.auth_creds),
headers={"Content-Type": self.content_type_map["form"]},
)
token = salt.utils.json.loads(self.decode_body(response).body)["return"][0][
"token"
]
url = "ws://127.0.0.1:{}/all_events/{}".format(self.get_http_port(), token)
# Example.com should works
request = HTTPRequest(
url, headers={"Origin": "http://example.com", "Host": "example.com"}
)
ws = yield websocket_connect(request)
ws.write_message("websocket client ready")
ws.close()
# But foo.bar not
request = HTTPRequest(
url, headers={"Origin": "http://foo.bar", "Host": "example.com"}
)
try:
ws = yield websocket_connect(request)
except HTTPError as error:
self.assertEqual(error.code, 403)
def test_cors_origin_multiple(self):
self._app.mod_opts["cors_origin"] = ["http://example.com", "http://foo.bar"]
response = yield self.http_client.fetch(
self.get_url("/login"),
method="POST",
body=urlencode(self.auth_creds),
headers={"Content-Type": self.content_type_map["form"]},
)
token = salt.utils.json.loads(self.decode_body(response).body)["return"][0][
"token"
]
url = "ws://127.0.0.1:{0}/all_events/{1}".format(self.get_http_port(), token)
# Example.com should works
request = HTTPRequest(
url, headers={"Origin": "http://example.com", "Host": "example.com"}
)
ws = yield websocket_connect(request)
ws.write_message("websocket client ready")
ws.close()
# Foo.bar too
request = HTTPRequest(
url, headers={"Origin": "http://foo.bar", "Host": "example.com"}
)
ws = yield websocket_connect(request)
ws.write_message("websocket client ready")
ws.close()
def test_websocket_callbacks(self):
websocket_connect('ws://127.0.0.1:%d/echo' % self.get_http_port(),
io_loop=self.io_loop,
callback=self.stop)
ws = self.wait().result()
ws.write_message('hello')
ws.read_message(self.stop)
response = self.wait().result()
self.assertEqual(response, 'hello')
self.close_future.add_done_callback(lambda f: self.stop())
ws.close()
self.wait()
def test_websocket_headers(self):
# Ensure that arbitrary headers can be passed through websocket_connect.
ws = yield websocket_connect(
HTTPRequest('ws://127.0.0.1:%d/header' % self.get_http_port(),
headers={'X-Test': 'hello'}))
response = yield ws.read_message()
self.assertEqual(response, 'hello')
yield self.close(ws)
def test_websocket_close_buffered_data(self):
ws = yield websocket_connect('ws://127.0.0.1:%d/echo' %
self.get_http_port())
ws.write_message('hello')
ws.write_message('world')
# Close the underlying stream.
ws.stream.close()
yield self.close_future
def test_websocket_network_fail(self):
sock, port = bind_unused_port()
sock.close()
with self.assertRaises(IOError):
with ExpectLog(gen_log, ".*"):
yield websocket_connect('ws://127.0.0.1:%d/' % port,
io_loop=self.io_loop,
connect_timeout=3600)
def test_check_origin_invalid_partial_url(self):
port = self.get_http_port()
url = 'ws://127.0.0.1:%d/echo' % port
headers = {'Origin': '127.0.0.1:%d' % port}
with self.assertRaises(HTTPError) as cm:
yield websocket_connect(HTTPRequest(url, headers=headers),
io_loop=self.io_loop)
self.assertEqual(cm.exception.code, 403)
def test_websocket_header_echo(self):
# Ensure that headers can be returned in the response.
# Specifically, that arbitrary headers passed through websocket_connect
# can be returned.
ws = yield websocket_connect(
HTTPRequest('ws://127.0.0.1:%d/header_echo' % self.get_http_port(),
headers={'X-Test-Hello': 'hello'}))
self.assertEqual(ws.headers.get('X-Test-Hello'), 'hello')
self.assertEqual(ws.headers.get('X-Extra-Response-Header'),
'Extra-Response-Value')
yield self.close(ws)
def test_check_origin_valid_with_path(self):
port = self.get_http_port()
url = 'ws://127.0.0.1:%d/echo' % port
headers = {'Origin': 'http://127.0.0.1:%d/something' % port}
ws = yield websocket_connect(HTTPRequest(url, headers=headers),
io_loop=self.io_loop)
ws.write_message('hello')
response = yield ws.read_message()
self.assertEqual(response, 'hello')
yield self.close(ws)
def test_websocket_handler_bad_token(self):
"""
A bad token should returns a 401 during a websocket connect
"""
token = 'A'*len(getattr(hashlib, self.opts.get('hash_type', 'md5'))().hexdigest())
url = 'ws://127.0.0.1:{0}/all_events/{1}'.format(self.get_http_port(), token)
request = HTTPRequest(url, headers={'Origin': 'http://example.com',
'Host': 'example.com'})
try:
ws = yield websocket_connect(request)
except HTTPError as error:
self.assertEqual(error.code, 401)
def test_websocket_handler_upgrade_to_websocket(self):
response = yield self.http_client.fetch(self.get_url('/login'),
method='POST',
body=urlencode(self.auth_creds),
headers={'Content-Type': self.content_type_map['form']})
token = salt.utils.json.loads(self.decode_body(response).body)['return'][0]['token']
url = 'ws://127.0.0.1:{0}/all_events/{1}'.format(self.get_http_port(), token)
request = HTTPRequest(url, headers={'Origin': 'http://example.com',
'Host': 'example.com'})
ws = yield websocket_connect(request)
ws.write_message('websocket client ready')
ws.close()
def test_check_origin_invalid_subdomains(self):
port = self.get_http_port()
url = 'ws://localhost:%d/echo' % port
# Subdomains should be disallowed by default. If we could pass a
# resolver to websocket_connect we could test sibling domains as well.
headers = {'Origin': 'http://subtenant.localhost'}
with self.assertRaises(HTTPError) as cm:
yield websocket_connect(HTTPRequest(url, headers=headers),
io_loop=self.io_loop)
self.assertEqual(cm.exception.code, 403)
def test_check_origin_invalid(self):
port = self.get_http_port()
url = 'ws://127.0.0.1:%d/echo' % port
# Host is 127.0.0.1, which should not be accessible from some other
# domain
headers = {'Origin': 'http://somewhereelse.com'}
with self.assertRaises(HTTPError) as cm:
yield websocket_connect(HTTPRequest(url, headers=headers),
io_loop=self.io_loop)
self.assertEqual(cm.exception.code, 403)
def test_cors_origin_multiple(self):
self._app.mod_opts['cors_origin'] = ['http://example.com', 'http://foo.bar']
response = yield self.http_client.fetch(self.get_url('/login'),
method='POST',
body=urlencode(self.auth_creds),
headers={'Content-Type': self.content_type_map['form']})
token = salt.utils.json.loads(self.decode_body(response).body)['return'][0]['token']
url = 'ws://127.0.0.1:{0}/all_events/{1}'.format(self.get_http_port(), token)
# Example.com should works
request = HTTPRequest(url, headers={'Origin': 'http://example.com',
'Host': 'example.com'})
ws = yield websocket_connect(request)
ws.write_message('websocket client ready')
ws.close()
# Foo.bar too
request = HTTPRequest(url, headers={'Origin': 'http://foo.bar',
'Host': 'example.com'})
ws = yield websocket_connect(request)
ws.write_message('websocket client ready')
ws.close()
def test_websocket_handler_bad_token(self):
"""
A bad token should returns a 401 during a websocket connect
"""
token = "A" * len(
getattr(hashlib, self.opts.get("hash_type", "md5"))().hexdigest()
)
url = "ws://127.0.0.1:{0}/all_events/{1}".format(self.get_http_port(), token)
request = HTTPRequest(
url, headers={"Origin": "http://example.com", "Host": "example.com"}
)
try:
ws = yield websocket_connect(request)
except HTTPError as error:
self.assertEqual(error.code, 401)
def test_websocket_handler_upgrade_to_websocket(self):
response = yield self.http_client.fetch(
self.get_url("/login"),
method="POST",
body=urlencode(self.auth_creds),
headers={"Content-Type": self.content_type_map["form"]},
)
token = salt.utils.json.loads(self.decode_body(response).body)["return"][0][
"token"
]
url = "ws://127.0.0.1:{0}/all_events/{1}".format(self.get_http_port(), token)
request = HTTPRequest(
url, headers={"Origin": "http://example.com", "Host": "example.com"}
)
ws = yield websocket_connect(request)
ws.write_message("websocket client ready")
ws.close()
def ws_connect(self, path, **kwargs):
ws = yield websocket_connect(
'ws://127.0.0.1:%d%s' % (self.get_http_port(), path), **kwargs)
raise gen.Return(ws)