def test_UNAUTHENTICATED(monkeypatch):
monkeypatch_environment(monkeypatch)
for request, endpoint in [
(GetSessionTokenRequest(), BrokerServicer().GetSessionToken),
(RenewSessionTokenRequest(), BrokerServicer().RenewSessionToken),
(CancelSessionTokenRequest(), BrokerServicer().CancelSessionToken),
(GetAccessTokenRequest(), BrokerServicer().GetAccessToken),
]:
context = MockContext()
response = endpoint(request, context)
assert response is None
assert context.code == grpc.StatusCode.UNAUTHENTICATED
assert context.details == 'Use "authorization: Negotiate <token>" metadata to authenticate'
def renew_session_token(renewer, session_token):
request = RenewSessionTokenRequest()
request.session_token = session_token
context = MockContext({
'authorization': f'Negotiate {renewer}'
})
response = BrokerServicer().RenewSessionToken(request, context)
return response, context
def get_access_token(scope=SCOPE, authenticated_user=None, owner=None, session_token=None):
request = GetAccessTokenRequest()
request.scope = scope
request.owner = owner
request.target = MOCK_BUCKET
if authenticated_user is not None:
context = MockContext({'authorization': f'Negotiate {authenticated_user}'})
else:
context = MockContext({'authorization': f'BrokerSession {session_token}'})
response = BrokerServicer().GetAccessToken(request, context)
return response, context
def get_session_token(authenticated_user, renewer):
request = GetSessionTokenRequest()
request.owner = authenticated_user
request.scope = SCOPE
request.renewer = renewer
request.target = MOCK_BUCKET
context = MockContext({
'authorization': f'Negotiate {authenticated_user}'
})
response = BrokerServicer().GetSessionToken(request, context)
return response, context
def test_get_access_token_INVALID_SESSION_TOKEN(monkeypatch):
monkeypatch_environment(monkeypatch)
request = GetAccessTokenRequest()
request.scope = SCOPE
request.target = MOCK_BUCKET
for session_token in [
'foobar',
base64.urlsafe_b64encode(b'foobar').decode('ascii')
]:
context = MockContext({'authorization': f'BrokerSession {session_token}'})
response = BrokerServicer().GetAccessToken(request, context)
assert response is None
assert context.code == grpc.StatusCode.UNAUTHENTICATED
assert context.details == f'Invalid session token'
def test_get_access_token_SESSION_TOKEN_WRONG_PASSWORD(monkeypatch):
monkeypatch_environment(monkeypatch)
session = Session(owner='*****@*****.**', renewer='*****@*****.**')
session_token = generate_session_token(session)
# Change password
session.password = '******'
session.save()
request = GetAccessTokenRequest()
request.scope = SCOPE
request.target = MOCK_BUCKET
context = MockContext({'authorization': f'BrokerSession {session_token}'})
response = BrokerServicer().GetAccessToken(request, context)
assert response is None
assert context.code == grpc.StatusCode.UNAUTHENTICATED
assert context.details == f'Invalid session token'
def run_server():
server = grpc.server(futures.ThreadPoolExecutor(max_workers=int(settings.NUM_SERVER_THREADS)))
add_BrokerServicer_to_server(BrokerServicer(), server)
# Load TLS certificate and key
with open(settings.TLS_KEY_PATH, 'rb') as f:
private_key = f.read()
with open(settings.TLS_CRT_PATH, 'rb') as f:
certificate_chain = f.read()
server_credentials = grpc.ssl_server_credentials( ( (private_key, certificate_chain), ) )
address = f'{settings.SERVER_HOST}:{settings.SERVER_PORT}'
print(f'Server listening on {address}...')
server.add_secure_port(address, server_credentials)
server.start()
try:
while True:
time.sleep(86400)
except KeyboardInterrupt:
server.stop(0)