Пример #1
0
  def testMaybeSetVarsFail(self):
    self.mox.StubOutWithMock(time, 'time')
    time.time().MultipleTimes().AndReturn(1001)
    self.mox.StubOutWithMock(users_id_token, '_get_id_token_user')
    users_id_token._get_id_token_user(
        self._SAMPLE_TOKEN,
        self._SAMPLE_AUDIENCES,
        self._SAMPLE_ALLOWED_CLIENT_IDS,
        1001, memcache).MultipleTimes().AndReturn(users.User('*****@*****.**'))
    self.mox.ReplayAll()
    # This token should correctly result in _get_id_token_user being called
    os.environ['HTTP_AUTHORIZATION'] = ('Bearer ' + self._SAMPLE_TOKEN)
    api_instance = self.TestApiAnnotatedAtApi()

    # No im_self is present and no api_info can be used, so the method itself
    # has no access to scopes, hence scopes will be null and neither of the
    # token checks will occur
    users_id_token._maybe_set_current_user_vars(api_instance.method.im_func)
    self.assertNotIn('ENDPOINTS_USE_OAUTH_SCOPE', os.environ)
    self.assertEqual(os.getenv('ENDPOINTS_AUTH_EMAIL'), '')
    self.assertEqual(os.getenv('ENDPOINTS_AUTH_DOMAIN'), '')

    # Test the same works when using the method and not im_func
    os.environ.pop('ENDPOINTS_AUTH_EMAIL')
    os.environ.pop('ENDPOINTS_AUTH_DOMAIN')
    users_id_token._maybe_set_current_user_vars(api_instance.method)
    self.assertEqual(os.getenv('ENDPOINTS_AUTH_EMAIL'), '*****@*****.**')

    # Test that it works using the api info from the API
    os.environ.pop('ENDPOINTS_AUTH_EMAIL')
    os.environ.pop('ENDPOINTS_AUTH_DOMAIN')
    users_id_token._maybe_set_current_user_vars(api_instance.method.im_func,
                                                api_info=api_instance.api_info)
    self.assertEqual(os.getenv('ENDPOINTS_AUTH_EMAIL'), '*****@*****.**')
    self.mox.VerifyAll()
Пример #2
0
    def testMaybeSetVarsFail(self):
        self.mox.StubOutWithMock(time, 'time')
        time.time().MultipleTimes().AndReturn(1001)
        self.mox.StubOutWithMock(users_id_token, '_get_id_token_user')
        users_id_token._get_id_token_user(
            self._SAMPLE_TOKEN, self._SAMPLE_AUDIENCES,
            self._SAMPLE_ALLOWED_CLIENT_IDS, 1001,
            memcache).MultipleTimes().AndReturn(users.User('*****@*****.**'))
        self.mox.ReplayAll()
        # This token should correctly result in _get_id_token_user being called
        os.environ['HTTP_AUTHORIZATION'] = ('Bearer ' + self._SAMPLE_TOKEN)
        api_instance = self.TestApiAnnotatedAtApi()

        # No im_self is present and no api_info can be used, so the method itself
        # has no access to scopes, hence scopes will be null and neither of the
        # token checks will occur
        users_id_token._maybe_set_current_user_vars(
            api_instance.method.im_func)
        self.assertNotIn('ENDPOINTS_USE_OAUTH_SCOPE', os.environ)
        self.assertEqual(os.getenv('ENDPOINTS_AUTH_EMAIL'), '')
        self.assertEqual(os.getenv('ENDPOINTS_AUTH_DOMAIN'), '')

        # Test the same works when using the method and not im_func
        os.environ.pop('ENDPOINTS_AUTH_EMAIL')
        os.environ.pop('ENDPOINTS_AUTH_DOMAIN')
        users_id_token._maybe_set_current_user_vars(api_instance.method)
        self.assertEqual(os.getenv('ENDPOINTS_AUTH_EMAIL'), '*****@*****.**')

        # Test that it works using the api info from the API
        os.environ.pop('ENDPOINTS_AUTH_EMAIL')
        os.environ.pop('ENDPOINTS_AUTH_DOMAIN')
        users_id_token._maybe_set_current_user_vars(
            api_instance.method.im_func, api_info=api_instance.api_info)
        self.assertEqual(os.getenv('ENDPOINTS_AUTH_EMAIL'), '*****@*****.**')
        self.mox.VerifyAll()
Пример #3
0
 def testSampleIdToken(self):
     user = users_id_token._get_id_token_user(
         self._SAMPLE_TOKEN, self._SAMPLE_AUDIENCES,
         self._SAMPLE_ALLOWED_CLIENT_IDS, self._SAMPLE_TIME_NOW, self.cache)
     self.assertEqual(user.email(), '*****@*****.**')
     # User ID shouldn't be filled in.  See notes in users_id_token.py.
     self.assertIsNone(user.user_id())
     self.assertTrue(self.cache.used_cached_value)
Пример #4
0
  def VerifyIdToken(self, cls, *args):
    self.mox.StubOutWithMock(time, 'time')
    self.mox.StubOutWithMock(users_id_token, '_get_id_token_user')
    time.time().AndReturn(1001)
    users_id_token._get_id_token_user(
        self._SAMPLE_TOKEN,
        self._SAMPLE_AUDIENCES,
        self._SAMPLE_ALLOWED_CLIENT_IDS,
        1001, memcache).AndReturn(users.User('*****@*****.**'))
    self.mox.ReplayAll()

    os.environ['HTTP_AUTHORIZATION'] = ('Bearer ' + self._SAMPLE_TOKEN)
    if args:
      cls.method(*args)
    else:
      users_id_token._maybe_set_current_user_vars(cls.method)
    self.assertEqual(os.environ.get('ENDPOINTS_AUTH_EMAIL'), '*****@*****.**')
    self.mox.VerifyAll()
Пример #5
0
 def testSampleIdToken(self):
   user = users_id_token._get_id_token_user(self._SAMPLE_TOKEN,
                                            self._SAMPLE_AUDIENCES,
                                            self._SAMPLE_ALLOWED_CLIENT_IDS,
                                            self._SAMPLE_TIME_NOW, self.cache)
   self.assertEqual(user.email(), '*****@*****.**')
   # User ID shouldn't be filled in.  See notes in users_id_token.py.
   self.assertIsNone(user.user_id())
   self.assertTrue(self.cache.used_cached_value)
Пример #6
0
  def VerifyIdToken(self, cls, *args):
    self.mox.StubOutWithMock(time, 'time')
    self.mox.StubOutWithMock(users_id_token, '_get_id_token_user')
    time.time().AndReturn(1001)
    users_id_token._get_id_token_user(
        self._SAMPLE_TOKEN,
        users_id_token._ISSUERS,
        self._SAMPLE_AUDIENCES,
        self._SAMPLE_ALLOWED_CLIENT_IDS,
        1001, memcache).AndReturn(users.User('*****@*****.**'))
    self.mox.ReplayAll()

    os.environ['HTTP_AUTHORIZATION'] = ('Bearer ' + self._SAMPLE_TOKEN)
    if args:
      cls.method(*args)
    else:
      users_id_token._maybe_set_current_user_vars(cls.method)
    self.assertEqual(os.environ.get('ENDPOINTS_AUTH_EMAIL'), '*****@*****.**')
    self.mox.VerifyAll()
Пример #7
0
 def testExpiredToken(self):
     """Verify that expired tokens will fail."""
     expired_time_now = (self._SAMPLE_TIME_NOW +
                         users_id_token._MAX_TOKEN_LIFETIME_SECS + 1)
     self.assertRaises(users_id_token._AppIdentityError,
                       users_id_token._verify_signed_jwt_with_certs,
                       self._SAMPLE_TOKEN, expired_time_now, self.cache)
     # Also verify that this doesn't return a user when called from
     # users_id_token.
     user = users_id_token._get_id_token_user(
         self._SAMPLE_TOKEN, self._SAMPLE_AUDIENCES,
         self._SAMPLE_ALLOWED_CLIENT_IDS, expired_time_now, self.cache)
     self.assertIsNone(user)
Пример #8
0
 def testExpiredToken(self):
   """Verify that expired tokens will fail."""
   expired_time_now = (self._SAMPLE_TIME_NOW +
                       users_id_token._MAX_TOKEN_LIFETIME_SECS + 1)
   self.assertRaises(users_id_token._AppIdentityError,
                     users_id_token._verify_signed_jwt_with_certs,
                     self._SAMPLE_TOKEN, expired_time_now,
                     self.cache)
   # Also verify that this doesn't return a user when called from
   # users_id_token.
   user = users_id_token._get_id_token_user(self._SAMPLE_TOKEN,
                                            self._SAMPLE_AUDIENCES,
                                            self._SAMPLE_ALLOWED_CLIENT_IDS,
                                            expired_time_now, self.cache)
   self.assertIsNone(user)
Пример #9
0
def test_get_id_token_user(valid_issuers, valid_audiences, valid_client_ids,
                           token_sig_cert_uri, token_issuer, token_audience,
                           token_client_id, token_email_address):
    cache = TestCache()
    parsed_token = {
        'iss': token_issuer,
        'aud': token_audience,
        'azp': token_client_id,
        'email': token_email_address,
    }

    with mock.patch.object(users_id_token,
                           '_verify_signed_jwt_with_certs') as mocked_verify:
        mocked_verify.side_effect = _make_mocked_verify_signed_jwt_with_certs(
            token_sig_cert_uri)
        user = users_id_token._get_id_token_user(parsed_token, valid_issuers,
                                                 valid_audiences,
                                                 valid_client_ids, 0, cache)
        assert user is not None
        assert user.email() == token_email_address