def test_get_current_identity_host(self):
handler.configure([])
class Handler(handler.AuthenticatingHandler):
@api.public
def get(self):
self.response.write(api.get_current_identity_host() or '<none>')
app = self.make_test_app('/request', Handler)
def call(headers):
api.reset_local_state()
return app.get('/request', headers=headers).body
# Good token.
token = host_token.create_host_token('HOST.domain.com')
self.assertEqual('host.domain.com', call({'X-Host-Token-V1': token}))
# Missing or invalid tokens.
self.assertEqual('<none>', call({}))
self.assertEqual('<none>', call({'X-Host-Token-V1': 'broken'}))
# Expired token.
origin = datetime.datetime(2014, 1, 1, 1, 1, 1)
self.mock_now(origin)
token = host_token.create_host_token('HOST.domain.com', expiration_sec=60)
self.mock_now(origin, 61)
self.assertEqual('<none>', call({'X-Host-Token-V1': token}))
def test_authentication_error(self):
"""AuthenticationError in auth method stops request processing."""
test = self
calls = []
def failing(request):
raise api.AuthenticationError('Too bad')
def skipped(request):
self.fail('authenticate should not be called')
class Handler(handler.AuthenticatingHandler):
@api.public
def get(self):
test.fail('Handler code should not be called')
def authentication_error(self, err):
test.assertEqual('Too bad', err.message)
calls.append('authentication_error')
# pylint: disable=bad-super-call
super(Handler, self).authentication_error(err)
handler.configure([failing, skipped])
app = self.make_test_app('/request', Handler)
response = app.get('/request', expect_errors=True)
# Custom error handler is called and returned HTTP 401.
self.assertEqual(['authentication_error'], calls)
self.assertEqual(401, response.status_int)
# Authentication error is logged.
self.assertEqual(1, len(self.logged_warnings))
def test_auth_method_order(self):
"""Registered auth methods are tested in order."""
test = self
calls = []
ident = model.Identity(model.IDENTITY_USER, '*****@*****.**')
def not_applicable(request):
self.assertEqual('/request', request.path)
calls.append('not_applicable')
return None
def applicable(request):
self.assertEqual('/request', request.path)
calls.append('applicable')
return ident
class Handler(handler.AuthenticatingHandler):
@api.public
def get(self):
test.assertEqual(ident, api.get_current_identity())
self.response.write('OK')
handler.configure([not_applicable, applicable])
app = self.make_test_app('/request', Handler)
self.assertEqual('OK', app.get('/request').body)
# Both methods should be tried.
expected_calls = [
'not_applicable',
'applicable',
]
self.assertEqual(expected_calls, calls)
def setUp(self):
super(MembershipTest, self).setUp()
handler.configure([])
api.reset_local_state()
self.mock(api, 'is_admin', lambda: True)
model.AuthGroup(key=model.group_key('testgroup'), members=[]).put()
def is_group_member_mock(group, identity):
group = model.group_key(group).get()
return group is not None and identity in group.members
self.mock(api, 'is_group_member', is_group_member_mock)
def test_get_current_identity_ip(self):
handler.configure([])
class Handler(handler.AuthenticatingHandler):
@api.public
def get(self):
self.response.write(ipaddr.ip_to_string(api.get_current_identity_ip()))
app = self.make_test_app('/request', Handler)
response = app.get('/request', extra_environ={'REMOTE_ADDR': '192.1.2.3'})
self.assertEqual('192.1.2.3', response.body)
def setUp(self):
super(AuthenticatingHandlerTest, self).setUp()
# Reset global config of auth library before each test.
handler.configure([])
api.reset_local_state()
# Capture error and warning log messages.
self.logged_errors = []
self.mock(handler.logging, 'error',
lambda *args, **kwargs: self.logged_errors.append((args, kwargs)))
self.logged_warnings = []
self.mock(handler.logging, 'warning',
lambda *args, **kwargs: self.logged_warnings.append((args, kwargs)))
def test_anonymous(self):
"""If all auth methods are not applicable, identity is set to Anonymous."""
test = self
non_applicable = lambda _request: None
handler.configure([non_applicable, non_applicable])
class Handler(handler.AuthenticatingHandler):
@api.public
def get(self):
test.assertEqual(model.Anonymous, api.get_current_identity())
self.response.write('OK')
app = self.make_test_app('/request', Handler)
self.assertEqual('OK', app.get('/request').body)
def test_ip_whitelist_bot(self):
"""Requests from client in "bots" IP whitelist are authenticated as bot."""
handler.configure([])
model.bootstrap_ip_whitelist('bots', ['192.168.1.100/32'])
class Handler(handler.AuthenticatingHandler):
@api.public
def get(self):
self.response.write(api.get_current_identity().to_bytes())
app = self.make_test_app('/request', Handler)
def call(ip):
api.reset_local_state()
return app.get('/request', extra_environ={'REMOTE_ADDR': ip}).body
self.assertEqual('bot:192.168.1.100', call('192.168.1.100'))
self.assertEqual('anonymous:anonymous', call('127.0.0.1'))
def call(ident, ip):
api.reset_local_state()
handler.configure([lambda _request: ident])
response = app.get(
'/request', extra_environ={'REMOTE_ADDR': ip}, expect_errors=True)
return response.status_int
