def create_session(config): session = Session(config) session.add_authenticator( create_authenticator( "cryptosign", authid="foo", authrole="role0", privkey="a" * 64, )) def joined(session, details): print("joined: {} {}".format(session, details)) session.config.extra['running'].callback(session) session.on('join', joined) def left(session, details): if "no_such_procedure" in str(details.reason): session.config.extra['running'].errback(Exception(details.reason)) session.on('leave', left) def disconnected(*args, **kw): print("disconnect: {} {}".format(args, kw)) session.on('disconnect', disconnected) return session
def test_inconsistent_authids(self): session = Session(mock.Mock()) auth0 = create_authenticator( "wampcra", authid="alice", secret="p4ssw0rd", ) auth1 = create_authenticator( "wampcra", authid="bob", secret="password42", ) session.add_authenticator(auth0) with self.assertRaises(ValueError) as ctx: session.add_authenticator(auth1) assert "authids" in str(ctx.exception)
def test_inconsistent_authids(self): session = Session(mock.Mock()) auth0 = create_authenticator( "wampcra", authid=u"alice", secret=u"p4ssw0rd", ) auth1 = create_authenticator( "wampcra", authid=u"bob", secret=u"password42", ) session.add_authenticator(auth0) with self.assertRaises(ValueError) as ctx: session.add_authenticator(auth1) assert "authids" in str(ctx.exception)
def test_authenticator(self): authenticator = create_authenticator( u"cryptosign", authid="someone", privkey=self.privkey_hex, ) session = Mock() session._transport.get_channel_id = Mock(return_value=self.channel_id) challenge = types.Challenge(u"cryptosign", dict(challenge="ff" * 32)) reply = yield authenticator.on_challenge(session, challenge) self.assertEqual( reply.result, u'9b6f41540c9b95b4b7b281c3042fa9c54cef43c842d62ea3fd6030fcb66e70b3e80d49d44c29d1635da9348d02ec93f3ed1ef227dfb59a07b580095c2b82f80f9d16ca518aa0c2b707f2b2a609edeca73bca8dd59817a633f35574ac6fd80d00', )
def on_connect(self): auth_methods = [u'scram'] auth_role = u'user' authid = u'{}'.format(self.component_config.session.username) password = u'{}'.format(self.component_config.session.password) self.authenticator = create_authenticator(AuthScram.name, authid=authid, password=saslprep(password)) self.join(self.config.realm, authmethods=auth_methods, authid=authid, authrole=auth_role, authextra=self.authenticator.authextra)
def create_session(): session = ProxyBackendSession() # we will do cryptosign authentication to any backend if 'auth' in backend_config and 'cryptosign-proxy' in backend_config['auth']: session.add_authenticator(create_authenticator("cryptosign", privkey=key['hex'])) # we allow anonymous authentication to just unix-sockets # currently. I don't think it's a good idea to allow any # anonymous auth to "real" backends over TCP due to # cross-protocol hijinks (and if a Web browser is running on # that machine, any website can try to access the "real" # backend) if 'auth' not in backend_config or 'anonymous-proxy' in backend_config['auth']: if backend_config['transport']['endpoint']['type'] == 'unix': session.add_authenticator(create_authenticator("anonymous")) else: raise RuntimeError('anonymous-proxy authenticator only allowed on Unix domain socket based transports, not type "{}"'.format(backend_config['transport']['endpoint']['type'])) def connected(session, transport): connected_d.callback(session) session.on('connect', connected) return session
def test_authenticator(self): authenticator = create_authenticator( "cryptosign", authid="someone", privkey=self.privkey_hex, ) session = Mock() session._transport.transport_details = self.transport_details challenge = types.Challenge("cryptosign", dict(challenge="ff" * 32)) f_reply = authenticator.on_challenge(session, challenge) def success(reply): self.assertEqual( reply, '9b6f41540c9b95b4b7b281c3042fa9c54cef43c842d62ea3fd6030fcb66e70b3e80d49d44c29d1635da9348d02ec93f3ed1ef227dfb59a07b580095c2b82f80f9d16ca518aa0c2b707f2b2a609edeca73bca8dd59817a633f35574ac6fd80d00', ) def failed(err): self.fail(str(err)) txaio.add_callbacks(f_reply, success, failed)
def create_session(): cfg = ComponentConfig(self._realm, self._extra) try: self._session = session = self.session_factory(cfg) for auth_name, auth_config in self._authentication.items(): if isinstance(auth_config, IAuthenticator): session.add_authenticator(auth_config) else: authenticator = create_authenticator( auth_name, **auth_config) session.add_authenticator(authenticator) except Exception as e: # couldn't instantiate session calls, which is fatal. # let the reconnection logic deal with that f = txaio.create_failure(e) txaio.reject(done, f) raise else: # hook up the listener to the parent so we can bubble # up events happning on the session onto the # connection. This lets you do component.on('join', # cb) which will work just as if you called # session.on('join', cb) for every session created. session._parent = self # listen on leave events; if we get errors # (e.g. no_such_realm), an on_leave can happen without # an on_join before def on_leave(session, details): self.log.info( "session leaving '{details.reason}'", details=details, ) if not txaio.is_called(done): if details.reason in [u"wamp.close.normal"]: txaio.resolve(done, None) else: f = txaio.create_failure( ApplicationError(details.reason)) txaio.reject(done, f) session.on('leave', on_leave) # if we were given a "main" procedure, we run through # it completely (i.e. until its Deferred fires) and # then disconnect this session def on_join(session, details): transport.connect_sucesses += 1 self.log.debug("session on_join: {details}", details=details) d = txaio.as_future(self._entry, reactor, session) def main_success(_): self.log.debug("main_success") def leave(): try: session.leave() except SessionNotReady: # someone may have already called # leave() pass txaio.call_later(0, leave) def main_error(err): self.log.debug("main_error: {err}", err=err) txaio.reject(done, err) session.disconnect() txaio.add_callbacks(d, main_success, main_error) if self._entry is not None: session.on('join', on_join) # listen on disconnect events. Note that in case we # had a "main" procedure, we could have already # resolve()'d our "done" future def on_disconnect(session, was_clean): self.log.debug( "session on_disconnect: was_clean={was_clean}", was_clean=was_clean, ) if not txaio.is_called(done): if not was_clean: self.log.warn(u"Session disconnected uncleanly") else: # eg the session has left the realm, and the transport was properly # shut down. successfully finish the connection txaio.resolve(done, None) session.on('disconnect', on_disconnect) # return the fresh session object return session
def create_session(): cfg = ComponentConfig(self._realm, self._extra) try: self._session = session = self.session_factory(cfg) for auth_name, auth_config in self._authentication.items(): authenticator = create_authenticator(auth_name, **auth_config) session.add_authenticator(authenticator) except Exception as e: # couldn't instantiate session calls, which is fatal. # let the reconnection logic deal with that f = txaio.create_failure(e) txaio.reject(done, f) raise else: # hook up the listener to the parent so we can bubble # up events happning on the session onto the # connection. This lets you do component.on('join', # cb) which will work just as if you called # session.on('join', cb) for every session created. session._parent = self # listen on leave events; if we get errors # (e.g. no_such_realm), an on_leave can happen without # an on_join before def on_leave(session, details): self.log.info( "session leaving '{details.reason}'", details=details, ) if not txaio.is_called(done): if details.reason in [u"wamp.error.no_auth_method"]: txaio.resolve(done, txaio.create_failure( ApplicationError( u"wamp.error.no_auth_method" ) )) else: txaio.resolve(done, None) session.on('leave', on_leave) # if we were given a "main" procedure, we run through # it completely (i.e. until its Deferred fires) and # then disconnect this session def on_join(session, details): transport.connect_sucesses += 1 self.log.debug("session on_join: {details}", details=details) d = txaio.as_future(self._entry, reactor, session) def main_success(_): self.log.debug("main_success") def leave(): try: session.leave() except SessionNotReady: # someone may have already called # leave() pass txaio.call_later(0, leave) def main_error(err): self.log.debug("main_error: {err}", err=err) txaio.reject(done, err) session.disconnect() txaio.add_callbacks(d, main_success, main_error) if self._entry is not None: session.on('join', on_join) # listen on disconnect events. Note that in case we # had a "main" procedure, we could have already # resolve()'d our "done" future def on_disconnect(session, was_clean): self.log.debug( "session on_disconnect: was_clean={was_clean}", was_clean=was_clean, ) if not txaio.is_called(done): if not was_clean: self.log.warn( u"Session disconnected uncleanly" ) # eg the session has left the realm, and the transport was properly # shut down. successfully finish the connection txaio.resolve(done, None) session.on('disconnect', on_disconnect) # return the fresh session object return session