async def test_middleware_doesnt_reissue_on_bad_response(loop, app, client): async def handler_bad_response(request): user_id = await auth.get_auth(request) assert user_id == 'some_user' return web.Response(status=400, text='bad_response') secret = b'01234567890abcdef' policy = auth.CookieTktAuthentication(secret, 15, 0, cookie_name='auth') auth.setup(app, policy) app.router.add_get('/bad_response', handler_bad_response) cli = await client(app) response = await cli.get('/remember') text = await response.text() data = response.cookies[policy.cookie_name] assert text == 'remember' # wait a second that the ticket value has changed await asyncio.sleep(1.0, loop=loop) response = await assert_response(cli.get('/auth'), 'auth') assert data != response.cookies[policy.cookie_name] data = response.cookies[policy.cookie_name] await asyncio.sleep(1.0, loop=loop) response = await assert_response(cli.get('/bad_response'), 'bad_response') assert response.status == 400 assert policy.cookie_name not in response.cookies
def app(loop): """Default app fixture for tests.""" async def handler_remember(request): user_identity = request.match_info['user'] await auth.remember(request, user_identity) return web.Response(text='remember') @autz_required('admin') async def handler_admin(request): return web.Response(text='admin') @autz_required('guest') async def handler_guest(request): return web.Response(text='guest') application = web.Application(loop=loop) secret = b'01234567890abcdef' storage = aiohttp_session.SimpleCookieStorage() policy = auth.SessionTktAuthentication(secret, 15, cookie_name='auth') aiohttp_session.setup(application, storage) auth.setup(application, policy) autz_policy = CustomAutzPolicy(admin_user_identity='alex') autz.setup(application, autz_policy) application.router.add_get('/remember/{user}', handler_remember) application.router.add_get('/admin', handler_admin) application.router.add_get('/guest', handler_guest) yield application
async def test_middleware_setup(app): secret = b'01234567890abcdef' policy = auth.CookieTktAuthentication(secret, 15, cookie_name='auth') auth.setup(app, policy) middleware = auth.auth_middleware(policy) assert app.middlewares[-1].__name__ == middleware.__name__
async def test_middleware_stores_auth_in_cookie(app, client): secret = b'01234567890abcdef' policy = auth.CookieTktAuthentication(secret, 15, cookie_name='auth') auth.setup(app, policy) cli = await client(app) response = await cli.get('/remember') text = await response.text() assert text == 'remember' assert policy.cookie_name in response.cookies
async def test_middleware_installed_no_session(app, client): async def handler_test(request): user_id = await auth.get_auth(request) assert user_id is None return web.Response(text='test') app.router.add_get('/test', handler_test) aiohttp_session.setup(app, aiohttp_session.SimpleCookieStorage()) auth.setup(app, auth.SessionTktAuthentication(urandom(16), 15)) cli = await client(app) await assert_response(cli.get('/test'), 'test')
async def test_middleware_gets_auth_from_session(app, client): secret = b'01234567890abcdef' storage = aiohttp_session.SimpleCookieStorage() policy = auth.SessionTktAuthentication(secret, 15, cookie_name='auth') aiohttp_session.setup(app, storage) auth.setup(app, policy) cli = await client(app) response = await cli.get('/remember') assert await response.text() == 'remember' await assert_response(cli.get('/auth'), 'auth')
async def test_middleware_stores_auth_in_session(app, client): secret = b'01234567890abcdef' storage = aiohttp_session.SimpleCookieStorage() policy = auth.SessionTktAuthentication(secret, 15, cookie_name='auth') aiohttp_session.setup(app, storage) auth.setup(app, policy) cli = await client(app) response = await cli.get('/remember') text = await response.text() assert text == 'remember' value = response.cookies.get(storage.cookie_name).value assert policy.cookie_name in value
def setupAuth(self, app): # setup session middleware in aiohttp fashion storage = EncryptedCookieStorage(urandom(32)) aiohttp_session.setup(app, storage) # Create an auth ticket mechanism that expires after 1 minute (60 # seconds), and has a randomly generated secret. Also includes the # optional inclusion of the users IP address in the hash policy = auth.SessionTktAuthentication(urandom(32), 60, include_ip=True) # setup aiohttp_auth.auth middleware in aiohttp fashion auth.setup(app, policy) app.middlewares.append(self.checkAuth) app.router.add_route('GET', '/logout', self.logout)
def app(loop): """Default app fixture for tests.""" async def handler_remember(request): await auth.remember(request, 'some_user') return web.Response(text='remember') application = web.Application(loop=loop) secret = b'01234567890abcdef' storage = aiohttp_session.SimpleCookieStorage() policy = auth.SessionTktAuthentication(secret, 15, cookie_name='auth') aiohttp_session.setup(application, storage) auth.setup(application, policy) application.router.add_get('/remember', handler_remember) yield application
async def test_middleware_cannot_store_auth_in_cookie_when_response_prepared( app, client): async def handler_test(request): await auth.remember(request, 'some_user') response = web.Response(text='test') await response.prepare(request) return response secret = b'01234567890abcdef' policy = auth.CookieTktAuthentication(secret, 15, cookie_name='auth') auth.setup(app, policy) app.router.add_get('/test', handler_test) cli = await client(app) with pytest.raises(Exception): await assert_response(cli.get('/test'), 'test')
async def test_middleware_forget_with_cookies(app, client): secret = b'01234567890abcdef' policy = auth.CookieTktAuthentication(secret, 120, cookie_name='auth') auth.setup(app, policy) cli = await client(app) response = await assert_response(cli.get('/remember'), 'remember') assert policy.cookie_name in response.cookies response = await assert_response(cli.get('/forget'), 'forget') # aiohttp set cookie_name with empty string when del_cookie # assert policy.cookie_name not in response.cookies assert response.cookies[policy.cookie_name].value == '' with pytest.raises(AssertionError): await assert_response(cli.get('/auth'), 'auth')
async def test_middleware_auth_required_decorator(app, client): @auth.auth_required async def handler_test(request): return web.Response(text='test') secret = b'01234567890abcdef' policy = auth.CookieTktAuthentication(secret, 120, cookie_name='auth') auth.setup(app, policy) app.router.add_get('/test', handler_test) cli = await client(app) response = await assert_response(cli.get('/test'), '401: Unauthorized') assert response.status == 401 response = await assert_response(cli.get('/remember'), 'remember') response = await assert_response(cli.get('/test'), 'test') assert response.status == 200
async def test_middleware_forget_with_session(app, client): secret = b'01234567890abcdef' storage = aiohttp_session.SimpleCookieStorage() policy = auth.SessionTktAuthentication(secret, 15, cookie_name='auth') aiohttp_session.setup(app, storage) auth.setup(app, policy) cli = await client(app) response = await assert_response(cli.get('/remember'), 'remember') value = response.cookies.get(storage.cookie_name).value assert policy.cookie_name in value response = await assert_response(cli.get('/forget'), 'forget') value = response.cookies.get(storage.cookie_name).value assert policy.cookie_name not in value with pytest.raises(AssertionError): await assert_response(cli.get('/auth'), 'auth')
async def test_middleware_reissues_ticket_auth(loop, app, client): secret = b'01234567890abcdef' policy = auth.CookieTktAuthentication(secret, 15, 0, cookie_name='auth') auth.setup(app, policy) cli = await client(app) response = await cli.get('/remember') text = await response.text() assert text == 'remember' data = response.cookies[policy.cookie_name] # wait a second that the ticket value has changed await asyncio.sleep(1.0, loop=loop) response = await assert_response(cli.get('/auth'), 'auth') assert data != response.cookies[policy.cookie_name]
async def web_server(): web_app = web.Application(client_max_size=30000000, middlewares=[error_middleware]) storage = EncryptedCookieStorage(urandom(32)) aiohttp_session.setup(web_app, storage) policy = auth.SessionTktAuthentication(urandom(32), 86400000, include_ip=True) auth.setup(web_app, policy) web_app.add_routes(routes) aiohttp_jinja2.setup( web_app, loader=jinja2.FileSystemLoader('book/webserver/template')) web_app['static_root_url'] = '/static' web_app.router.add_static("/static", "book/webserver/template/static") web_app.router.add_route("*", "/ws/", WebSocketAsync) web_app.router.add_static("/js", STATIC_DIR) web_app.router.add_static("/", ".") WebSocketAsync.add_route("list_people", ws_routes.list_people.list_people) WebSocketAsync.add_route("get_people", ws_routes.get_people.get_people) WebSocketAsync.add_route("delete_people", ws_routes.delete_people.delete_people) WebSocketAsync.add_route("create_people", ws_routes.create_people.create_people) WebSocketAsync.add_route("update_people", ws_routes.update_people.update_people) WebSocketAsync.add_route("update_password", ws_routes.user_profile.update_password) WebSocketAsync.add_route("list_users", ws_routes.user_profile.list_all_users) WebSocketAsync.add_route("create_user", ws_routes.user_profile.create_user) WebSocketAsync.add_route("edit_user", ws_routes.user_profile.edit_user) WebSocketAsync.add_route("remove_user", ws_routes.user_profile.remove_user) return web_app