def test_return_public_role_if_missing_auth_header(self):
request = self.factory.get(
"/test-url/",
HTTP_DATE="Thu, 22 Jun 2017 17:15:21 GMT",
HTTP_HOST="hmac.com",
HTTP_REQUEST_LINE="GET /requests HTTP/1.1",
)
hmac_auth = HMACAuth(request)
self.assertEqual(hmac_auth.user_role, UserRole.PUBLIC)
def test_raise_permission_denied_if_missing_auth_header(self):
request = self.factory.get(
"/test-url/",
HTTP_DATE="Thu, 22 Jun 2017 17:15:21 GMT",
HTTP_HOST="hmac.com",
HTTP_REQUEST_LINE="GET /requests HTTP/1.1",
)
hmac_auth = HMACAuth(request)
with self.assertRaises(PermissionDenied):
hmac_auth.user_role
def test_user_role_raise_permission_denied_if_using_wrong_headers(self, ):
request = self.factory.get(
"/test-url/",
HTTP_HOST="hmac.com",
HTTP_DATE="Thu, 22 Jun 2017 17:15:21 GMT",
HTTP_PROXY_AUTHORIZATION=(
"hmac "
'username="******", '
'algorithm="hmac-sha256", '
'headers="date request-line", '
'signature="ujWCGHeec9Xd6UD2zlyxiNMCiXnDOWeVFMu5VeRUxtw="'),
)
hmac_auth = HMACAuth(request)
with self.assertRaises(PermissionDenied):
hmac_auth.user_role
def test_is_valid_return_true_for_valid_request(self):
request = self.factory.get(
"/test-url/",
HTTP_DATE="Thu, 22 Jun 2017 17:15:21 GMT",
HTTP_HOST="hmac.com",
HTTP_REQUEST_LINE="GET /requests HTTP/1.1",
HTTP_PROXY_AUTHORIZATION=(
"hmac "
'username="******", '
'algorithm="hmac-sha256", '
'headers="date request-line", '
'signature="ujWCGHeec9Xd6UD2zlyxiNMCiXnDOWeVFMu5VeRUxtw="'),
)
hmac_auth = HMACAuth(request)
self.assertTrue(hmac_auth.is_valid)
def test_user_role_return_public_role_if_no_group_provided(self):
request = self.factory.get(
"/test-url/",
HTTP_DATE="Thu, 22 Jun 2017 17:15:21 GMT",
HTTP_HOST="hmac.com",
HTTP_REQUEST_LINE="GET /requests HTTP/1.1",
HTTP_PROXY_AUTHORIZATION=(
"hmac "
'username="******", '
'algorithm="hmac-sha256", '
'headers="date request-line", '
'signature="ujWCGHeec9Xd6UD2zlyxiNMCiXnDOWeVFMu5VeRUxtw="'),
)
hmac_auth = HMACAuth(request)
self.assertEqual(hmac_auth.user_role, UserRole.PUBLIC)
def test_user_role_raise_permission_denied_if_invalid_signature(self):
request = self.factory.get(
"/test-url/",
HTTP_DATE="Thu, 22 Jun 2017 17:15:21 GMT",
HTTP_HOST="hmac.com",
HTTP_REQUEST_LINE="GET /requests HTTP/1.1",
HTTP_PROXY_AUTHORIZATION=("hmac "
'username="******", '
'algorithm="hmac-sha256", '
'headers="date request-line", '
'signature="invalid-signature"'),
)
hmac_auth = HMACAuth(request)
with self.assertRaises(PermissionDenied):
hmac_auth.user_role
def test_user_role_raise_permission_denied_if_missing_required_credential_key(
self):
request = self.factory.get(
"/test-url/",
HTTP_DATE="Thu, 22 Jun 2017 17:15:21 GMT",
HTTP_HOST="hmac.com",
HTTP_REQUEST_LINE="GET /requests HTTP/1.1",
HTTP_PROXY_AUTHORIZATION=(
"hmac "
'username="******", '
'headers="date request-line", '
'signature="ujWCGHeec9Xd6UD2zlyxiNMCiXnDOWeVFMu5VeRUxtw="'),
)
hmac_auth = HMACAuth(request)
with self.assertRaises(PermissionDenied):
hmac_auth.user_role
def test_user_role_raise_permission_denied_for_invalid_group(self):
request = self.factory.get(
"/test-url/",
HTTP_DATE="Thu, 22 Jun 2017 17:15:21 GMT",
HTTP_HOST="hmac.com",
HTTP_REQUEST_LINE="GET /requests HTTP/1.1",
HTTP_PROXY_AUTHORIZATION=(
"hmac "
'username="******", '
'algorithm="hmac-sha256", '
'headers="date request-line", '
'signature="ujWCGHeec9Xd6UD2zlyxiNMCiXnDOWeVFMu5VeRUxtw="'
),
HTTP_X_FORWARDED_GROUPS="invalid_group",
)
hmac_auth = HMACAuth(request)
with self.assertRaises(PermissionDenied):
hmac_auth.user_role
def test_user_role_return_expected_user_role(self):
group_roles = [
("ltj_admin", UserRole.ADMIN),
("ltj_virka_hki", UserRole.OFFICE_HKI),
("ltj_virka", UserRole.OFFICE),
]
for group, expected_role in group_roles:
request = self.factory.get(
"/test-url/",
HTTP_DATE="Thu, 22 Jun 2017 17:15:21 GMT",
HTTP_HOST="hmac.com",
HTTP_REQUEST_LINE="GET /requests HTTP/1.1",
HTTP_PROXY_AUTHORIZATION=(
"hmac "
'username="******", '
'algorithm="hmac-sha256", '
'headers="date request-line", '
'signature="ujWCGHeec9Xd6UD2zlyxiNMCiXnDOWeVFMu5VeRUxtw="'
),
HTTP_X_FORWARDED_GROUPS=group,
)
hmac_auth = HMACAuth(request)
self.assertEqual(hmac_auth.user_role, expected_role)
def _get_hmac_auth(self):
if not hasattr(self, "_hmac_auth"):
self._hmac_auth = HMACAuth(self.request)
return self._hmac_auth