def test_locale_negotiation(client, testdata):
headers = Headers()
headers.add("Accept-Language", testdata.header)
res = client.get("/locale?available=" + testdata.available, headers=headers)
assert res.status_code == 200
assert res.json == {u"locale": testdata.result}
def test_get_existing_node_informations(self):
time.sleep(5)
h = Headers()
h.add("Authorization", self.valid_test_token)
rv = self.client.get(self.node_resource_path, headers=h)
for info in ["ip", "node", "state", "name"]:
self.assertTrue(info in rv.data)
def create_task(name, url, queued_callback=None, parameters=None):
# task name must be unique
if not parameters:
parameters = {}
task = BackgroundTask(name=name + str(int(time())))
task.parameters = parameters
task.modified_by = get_current_user()
db.session.add(task)
db.session.commit()
# schedule a task queue
if getattr(settings, 'APP_ENGINE', False):
from google.appengine.api import taskqueue
headers = Headers(request.headers)
headers.add('x-task-id', task.id)
taskqueue.add(
queue_name="ggrc",
url=url,
name="{}_{}".format(task.name, task.id),
params={'task_id': task.id},
method=request.method,
headers=headers)
elif queued_callback:
queued_callback(task)
return task
def test_create_node(self):
h = Headers()
h.add("Authorization", self.valid_test_token)
rv = self.client.post(self.node_resource_path, headers=h)
assert "error" not in rv.data
assert "Id" in rv.data
assert "name" in rv.data
def test_admin_page_rejects_bad_password(self):
""" Check that incorrect password won't allow access """
h = Headers()
auth = '{0}:foo'.format(Config.USERNAME).encode('ascii')
h.add('Authorization', b'Basic ' + base64.b64encode(auth))
rv = Client.open(self.client, path='/', headers=h)
self.assert_401(rv)
def test07_access_token_handler(self):
with dummy_app.test_request_context('/a_request'):
auth = IIIFAuthGoogle(client_secret_file=csf)
response = auth.access_token_handler()
self.assertEqual( response.status_code, 200 )
self.assertEqual( response.headers['Content-type'], 'application/json' )
j = json.loads(response.get_data())
self.assertEqual( j['error_description'], "No login details received" )
self.assertEqual( j['error'], "client_unauthorized" )
# add callback but no account cookie
with dummy_app.test_request_context('/a_request?callback=CB'):
auth = IIIFAuthGoogle(client_secret_file=csf)
response = auth.access_token_handler()
self.assertEqual( response.status_code, 200 )
self.assertEqual( response.headers['Content-type'], 'application/javascript' )
# strip JavaScript wrapper and then check JSON
js = response.get_data()
self.assertTrue( re.match('CB\(.*\);',js) )
j = json.loads(js.lstrip('CB(').rstrip(');'))
self.assertEqual( j['error_description'], "No login details received" )
self.assertEqual( j['error'], "client_unauthorized" )
# add an account cookie
h = Headers()
h.add('Cookie', 'lol_account=ACCOUNT_TOKEN')
with dummy_app.test_request_context('/a_request', headers=h):
auth = IIIFAuthGoogle(client_secret_file=csf, cookie_prefix='lol_')
response = auth.access_token_handler()
self.assertEqual( response.status_code, 200 )
self.assertEqual( response.headers['Content-type'], 'application/json' )
j = json.loads(response.get_data())
self.assertEqual( j['access_token'], "ACCOUNT_TOKEN" )
self.assertEqual( j['token_type'], "Bearer" )
def handler_b2s_image(self, id=None):
""" Handler for `/b2s_image` url for json data.
It accepts only Communication Kit Notifications.
"""
if id is None:
raise BadRequest()
headers = request.httprequest.headers
self._validate_headers(headers)
correspondence_obj = request.env['correspondence'].sudo()
correspondence = correspondence_obj.search([('uuid', '=', id)])
if not correspondence:
raise NotFound()
data = correspondence.get_image()
headers = Headers()
if correspondence.letter_format == 'zip':
fname = fields.Date.today() + ' letters.zip'
headers.add(
'Content-Disposition', 'attachment',
filename=fname)
response = Response(data, content_type='application/zip',
headers=headers)
else:
headers.add(
'Content-Disposition', 'attachment',
filename=correspondence.file_name)
response = Response(data, content_type='application/pdf',
headers=headers)
return response
def test_image_conneg_redirect(self):
self.app.redirect_conneg = True
h = Headers()
h.add('accept','image/jpeg')
to_get = '/%s/full/full/0/native' % (self.test_jp2_color_id,)
resp = self.client.get(to_get, headers=h, follow_redirects=False)
self.assertEqual(resp.status_code, 301)
def test_subscription_remove_period(client, session):
password = "******"
user = UserFactory(active=True, password=password)
author = AuthorFactory()
sub = SubscriptionFactory(user=user, author=author, active=True)
sub.add_period(PERIOD.DAILY)
assert sub.has_period(PERIOD.DAILY)
assert len(sub.periods) == 1
h = Headers()
auth = requests.auth._basic_auth_str(user.email, password)
h.add("Authorization", auth)
url = "{0}{1}{2}{3}".format(
url_for("subscriptions.remove_period"),
"?period=Daily",
"&subscription_id=",
str(sub.id),
)
response = client.post(url, headers=h)
assert response.status_code == 302
assert len(sub.periods) == 0
assert sub.has_period(PERIOD.DAILY) is False
def song(id, ext):
song = db.session.query(Song.id, Song.filename, Song.length, Song.mimetype, Song.artist, Song.album, Song.title, Song.track).filter(Song.id == id).first()
if song == None or not os.path.exists(song.filename):
return abort(404)
headers = Headers()
headers.add("X-Content-Duration", song.length)
headers.add("X-Accel-Buffering", "no")
range_header = request.headers.get('Range', None)
if range_header is not None:
range_header = range_header.split("-")
try:
range_header = intval(range_header[0])
except:
range_header = None
if range_header is None or range_header == 0:
db.session.add(Download(song, request))
db.session.commit()
ext = ext.lower()
for extension, mimeset in mimetypes.items():
if song.mimetype in mimeset and extension == ext:
return send_file_partial(song.filename, mimetype=song.mimetype, attachment_filename=generate_download_filename(song, ext), headers=headers)
if ext not in [ "ogg", "mp3", "flac", "wav", "webm" ]:
return abort(404)
transcode_options = [ 'avconv', '-loglevel', 'quiet', '-i', song.filename, '-f', ext, '-y', '-fflags', 'nobuffer' ];
if ext == "ogg" or ext == "webm":
transcode_options.extend([ '-acodec', 'libvorbis', '-aq', '5' ])
elif ext == "mp3":
transcode_options.extend([ '-ab', '160k' ])
transcode_options.append('-')
return send_process(transcode_options, mimetype=mimetypes[ext][0], attachment_filename=generate_download_filename(song, ext), headers=headers)
def test_info_conneg_415(self):
self.app.redirect_conneg = False
h = Headers()
h.add('accept','text/plain')
to_get = '/%s/info' % (self.test_jp2_color_id,)
resp = self.client.get(to_get, headers=h, follow_redirects=True)
self.assertEqual(resp.status_code, 415)
def credentials(scope="module"):
"""
Note that these credentials match those mentioned in test.htpasswd
"""
h = Headers()
h.add("Authorization", "Basic " + base64.b64encode("username:password"))
return h
def build_headers(self, data_json=False):
headers = Headers()
if data_json:
headers.add('Content-Type', 'application/json')
return headers
def test05_login_handler(self):
"""Test login_handler."""
with dummy_app.test_request_context('/a_request'):
auth = IIIFAuthBasic()
response = auth.login_handler()
self.assertEqual(response.status_code, 401)
self.assertEqual(response.headers['Content-type'], 'text/html')
html = response.get_data().decode('utf-8') # data is bytes in python3
self.assertEqual(html, '')
# add good login params and check OK, window close
h = Headers()
h.add('Authorization', b'Basic ' +
base64.b64encode(b'userpass:userpass'))
with dummy_app.test_request_context('/a_request', headers=h):
response = auth.login_handler()
self.assertEqual(response.status_code, 200)
html = response.get_data().decode('utf-8')
self.assertTrue(
re.search(
r'<script>window.close\(\);</script>',
html))
set_cookie = response.headers['Set-Cookie']
self.assertTrue(
re.search(
auth.auth_cookie_name +
'=valid-http-basic-login',
set_cookie))
# add bad login params and check fail
h = Headers()
h.add('Authorization', b'Basic ' +
base64.b64encode(b'userpass:bad-pass'))
with dummy_app.test_request_context('/a_request', headers=h):
response = auth.login_handler()
self.assertEqual(response.status_code, 401)
def test_subscription_remove_period(subhandler, client, session):
# users = User.query.all()
# pprint(users)
password = '******'
user = UserFactory(active=True, password=password)
author = AuthorFactory()
sub = SubscriptionFactory(user=user, author=author, active=True)
sub.add_period(PERIOD.DAILY)
# with client as c:
assert sub.has_period(PERIOD.DAILY)
assert len(sub.periods) == 1
h = Headers()
auth = requests.auth._basic_auth_str(user.email, password)
h.add('Authorization', auth)
url = url_for('subscriptions.remove_period') + '?period=Daily' + '&subscription_id=' + str(sub.id)
response = client.post(url, headers=h)
assert response.status_code == 302
assert len(sub.periods) == 0
assert sub.has_period(PERIOD.DAILY) is False
def fetch():
url = request.form['url']
print url
try:
h = Headers(request.headers)
h.clear()
h.add('referer', 'https://www.facebook.com/')
r = requests.request(
method='GET',
url=url,
headers=h,
timeout=5
)
except (
requests.exceptions.Timeout,
requests.exceptions.ConnectTimeout,
requests.exceptions.ReadTimeout):
return Response(status=504)
except (
requests.exceptions.ConnectionError,
requests.exceptions.HTTPError,
requests.exceptions.TooManyRedirects):
return Response(status=502)
except (
requests.exceptions.RequestException,
Exception) as e:
if app.debug:
raise e
return Response(status=500)
mimetype = "text/html"
return Response(r.content, mimetype=mimetype)
def get(id, ext=None):
item = Item.query.get_or_404(id)
path = os.path.normpath(item.path)
if not os.path.exists(path):
return abort(404)
headers = Headers()
headers.add("X-Content-Duration", item.length)
headers.add("X-Accel-Buffering", "no")
range_header = request.headers.get('Range', None)
if range_header is not None:
range_header = range_header.split('-')
try:
range_header = intval(range_header[0])
except:
range_header = None
current_app.logger.info(mimetypes.guess_type(item.path))
return send_file_partial(item.path,
mimetype=mimetypes.guess_type(item.path)[0],
headers=headers,
attachment_filename=secure_filename(
"%d - %s - %s (%s)[%s]" %
(item.track, item.title,
item.artist, item.album,
item.year)))
abort(404)
def test_crossdomain(self):
class Foo(flask_restful.Resource):
@cors.crossdomain(allow_origin='*')
def get(self):
return "data"
app = Flask(__name__)
api = flask_restful.Api(app)
api.add_resource(Foo, '/')
with app.test_client() as client:
h = Headers()
origin = "http://foo.bar"
h.add('Origin', origin)
res = client.get('/', headers=h)
headers = res.headers
assert_equals(res.status_code, 200)
assert_true(headers['Access-Control-Allow-Origin'] in ('*',
origin))
assert_equals(headers['Access-Control-Max-Age'], '21600')
allow_methods = headers['Access-Control-Allow-Methods']
assert_true('HEAD' in allow_methods)
assert_true('OPTIONS' in allow_methods)
assert_true('GET' in allow_methods)
def test_resubscribe(self):
user_email = '*****@*****.**'
user_password = '******'
add_admin(user_email, user_password)
hub = 'http://push.superfeedr.com'
responses.add(responses.POST,
hub,
body='{"title": "Success"}',
status=204,
content_type='application/json')
less_24 = datetime.utcnow() + relativedelta(hours=10)
feed1 = FeedFactory(lease_end=less_24,
status=STATUS.SUBSCRIBED,
hub=hub)
feed1.save()
with self.app.test_client() as c:
h = Headers()
auth = requests.auth._basic_auth_str(user_email, user_password)
h.add('Authorization', auth)
url = url_for('pubsubhubbub.resubscribe')
response = c.post(url, headers=h)
self.assertEqual(response.status_code, 200)
def test_admin_page_rejects_bad_username(self):
""" Check that incorrect username won't allow access """
h = Headers()
auth = 'foo:{0}'.format(Config.PASSWORD).encode('ascii')
h.add('Authorization', b'Basic ' + base64.b64encode(auth))
rv = Client.open(self.client, path='/', headers=h)
self.assert_401(rv)
def test07_access_token_handler(self):
with dummy_app.test_request_context('/a_request'):
auth = IIIFAuthBasic()
response = auth.access_token_handler()
self.assertEqual( response.status_code, 200 )
self.assertEqual( response.headers['Content-type'], 'application/json' )
j = json.loads(response.get_data())
self.assertEqual( j['error_description'], "No login details received" )
self.assertEqual( j['error'], "client_unauthorized" )
# add Authorization header, check we get token
h = Headers()
h.add('Authorization', 'Basic ' + base64.b64encode('userpass:userpass'))
with dummy_app.test_request_context('/a_request', headers=h):
auth = IIIFAuthBasic()
response = auth.access_token_handler()
self.assertEqual( response.status_code, 200 )
self.assertEqual( response.headers['Content-type'], 'application/json' )
j = json.loads(response.get_data())
self.assertEqual( j['access_token'], "secret_token_here" ) #FIXME
self.assertEqual( j['token_type'], "Bearer" )
self.assertEqual( j['expires_in'], 3600 )
# add callback but no Authorization header
with dummy_app.test_request_context('/a_request?callback=CB'):
auth = IIIFAuthBasic()
response = auth.access_token_handler()
self.assertEqual( response.status_code, 200 )
self.assertEqual( response.headers['Content-type'], 'application/javascript' )
# strip JavaScript wrapper and then check JSON
js = response.get_data()
self.assertTrue( re.match('CB\(.*\);',js) )
j = json.loads(js.lstrip('CB(').rstrip(');'))
self.assertEqual( j['error_description'], "No login details received" )
self.assertEqual( j['error'], "client_unauthorized" )
def jsonpost(self, *args, **kwargs):
"""Convenience method for making JSON POST requests."""
kwargs.setdefault('content_type', 'application/json')
if 'data' in kwargs:
kwargs['data'] = json.dumps(kwargs['data'])
headers = Headers()
override_headers = kwargs.pop('headers', {})
if override_headers:
for k, v in override_headers.items():
headers.add(k, v)
if 'useragent' in kwargs:
useragent = kwargs.pop('useragent')
headers.add('User-Agent', useragent)
# Set a quick JSON lookup attribute.
if 'method' in kwargs:
method = getattr(self.client, kwargs.get('method').lower())
else:
method = self.client.post
response = method(headers=headers, *args, **kwargs)
try:
response.json = json.loads(response.data)
except:
response.json = None
return response
def test_user_rss_url_etag(session, client):
entries = EntryFactory.create_batch(5)
author1 = AuthorFactory()
author1.entries.extend(entries)
user = UserFactory(active=True)
user.userfeed.private = False
sub1 = Subscription(user=user, author=author1)
sub1.save()
h = Headers()
h.add("If-None-Match", None)
response1 = client.get(url_for("users.user_feed", user_id=user.id), headers=h)
assert response1.status_code == 200
etag = response1.headers.get("ETag")
assert response1.data
assert (
response1.headers.get("Content-Type") == "application/atom+xml; charset=utf-8"
)
h.add("If-None-Match", etag)
response2 = client.get(url_for("users.user_feed", user_id=user.id), headers=h)
assert response2.status_code == 304
etag2 = response2.headers.get("ETag")
assert etag2 == etag
assert not response2.data
def item_ogg(item_id, ogg_q):
from subprocess import Popen, PIPE
import mimetypes;
item = g.lib.get_item(item_id)
filename = os.path.split(item.path)[1]
filename = os.path.splitext(filename)[0] + '.ogg'
headers = Headers()
headers.add('Content-Type', 'audio/ogg')
headers.add('Content-Disposition', 'attachment', filename=filename)
if mimetypes.guess_type(item.path)[0] == 'audio/mpeg':
decoded_fp = Popen(
["mpg123", "-q", "-w", "/dev/stdout", item.path],
stdout=PIPE)
ogg_fp = Popen(
["oggenc", "-q", str(ogg_q), "-Q", "-"],
stdin=decoded_fp.stdout,
stdout=PIPE);
decoded_fp.stdout.close()
else:
ogg_fp = Popen(
["oggenc", "-q", str(ogg_q),"-Q", "-o", "/dev/stdout", item.path],
stdout=PIPE);
res = Response(
#wrap_file(request.environ, ogg_fp.stdout),
ogg_fp.stdout,
headers=headers,
direct_passthrough=True)
res.implicit_sequence_conversion = False
return res
def test_cron_update_single_user(subhandler, client, session):
# users = User.query.all()
# pprint(users)
user = UserFactory(active=True)
user2 = UserFactory(active=True)
author = AuthorFactory()
now = datetime.utcnow()
entry1 = EntryFactory(published=now - timedelta(hours=5))
entry2 = EntryFactory(published=now - timedelta(hours=3))
entry3 = EntryFactory(published=now - timedelta(hours=26))
entry1.authors.append(author)
entry2.authors.append(author)
entry3.authors.append(author)
db.session.commit()
sub = SubscriptionFactory(user=user, author=author, active=True)
sub2 = SubscriptionFactory(user=user2, author=author, active=True)
sub.add_period(PERIOD.DAILY)
sub2.add_period(PERIOD.DAILY)
user_email = '*****@*****.**'
user_password = '******'
add_admin(user_email, user_password)
db.session.commit()
# with client as c:
with mail.record_messages() as outbox:
h = Headers()
auth = requests.auth._basic_auth_str(user_email, user_password)
h.add('Authorization', auth)
url = url_for('subscriptions.send_update') + '?period=Daily' + '&user_id=' + str(user.id)
response = client.post(url, headers=h)
assert response.status_code == 200
assert len(outbox) == 1
assert outbox[0].recipients[0] == user.email
email_count = Email.query.count()
assert email_count == 1
email = Email.query.filter_by(
user_id=user.id,
period_id=Period.get_period_id(PERIOD.DAILY)).first()
assert email.address == user.email
assert len(email.authors) == 1
assert len(email.entries) == 2
TestCase().assertCountEqual(email.entries, [entry1, entry2])
assert email.period == PERIOD.DAILY
TestCase().assertAlmostEqual(sub.last_email_sent,
datetime.utcnow(),
delta=timedelta(seconds=1))
def add_cors_headers(status, headers, exc_info=None):
headers = Headers(headers)
headers.add("Access-Control-Allow-Origin", self.origin(environ))
headers.add("Access-Control-Allow-Headers", "Origin, Content-Type")
headers.add("Access-Control-Allow-Credentials", "true")
headers.add("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE")
headers.add("Access-Control-Expose-Headers", "X-Set-Cookie")
return start_response(status, headers.to_list(), exc_info)
def basic_auth(self, path, key, follow_redirects=True):
h = Headers()
login = b64encode('api:{}'.format(key))
h.add('Authorization', 'Basic {}'.format(login))
return Client.open(self.client,
path=path,
headers=h,
follow_redirects=follow_redirects)
def vcard_response(data, filename='export.vcf'):
'''
Retourne les entêtes HTTP pour les fichiers VCARD
'''
headers = Headers()
headers.add('Content-Type', 'text/plain')
headers.add('Content-Disposition', 'attachment', filename='export.vcf')
return Response(data, headers=headers)
def test_admin_page_allows_valid_login(self):
""" Check that correct username and password will allow access """
h = Headers()
auth = '{0}:{1}'.format(
Config.USERNAME, Config.PASSWORD).encode('ascii')
h.add('Authorization', b'Basic ' + base64.b64encode(auth))
rv = Client.open(self.client, path='/', headers=h)
self.assert_200(rv)
def test_vote_page_allows_valid_login(self):
token = config.test_token
h = Headers()
h.add('Authorization',
'Basic ' + base64.b64encode(token + ':'))
rv = Client.open(self.client, path='/people/v1/hold/advise/check/' + config.hhauer_psuid,
headers=h)
self.assert_200(rv)
def test_page_parameter_not_provided(self):
with self.client:
user = self.client.post('/register', data=self.user)
logged_in = self.client.post('/login', data=self.data2)
result = json.loads(logged_in.data)
auth = result['token']
h = Headers()
h.add('x-access-token', auth)
resp = self.client.post('/category', headers=h, data=self.category)
search = self.client.get('/category/search?q=&per_page=2&page=',
headers=h)
results = json.loads(search.data)
self.assertEqual(search.status_code, 400)
def __init__(self, response=None, **kwargs):
headers = kwargs.get("headers")
security_headers = list(SECURITY_HEADERS)
if isinstance(response, bytes):
mimetype = get_img_mimetype(response)
security_headers.append(('Content-Type', mimetype))
if headers is None:
headers = Headers(security_headers)
else:
for header in security_headers:
headers.add(*header)
kwargs['headers'] = headers
super(CustomResponse, self).__init__(response, **kwargs)
def test_info_method_not_allowed(self):
headers = Headers()
headers.add('Accept', 'application/json')
response = self.client.put('/',
content_type='application/json',
follow_redirects=True,
headers=headers)
self.assertEqual(
response.status_code, 405,
'Failed to return Method Not Allowed error'
'when PUT method invoked for GET only view')
def add_cors_headers(status, headers, exc_info=None):
headers = Headers(headers)
headers.add("Access-Control-Allow-Origin",
get_origin(status, headers))
headers.add("Access-Control-Allow-Headers",
cfg.get("cors_headers"))
headers.add("Access-Control-Allow-Credentials",
cfg.get("cors_credentials"))
headers.add("Access-Control-Allow-Methods",
cfg.get("cors_methods"))
headers.add("Access-Control-Expose-Headers",
cfg.get("cors_expose_headers"))
return start_response(status, headers.to_list(), exc_info)
def add_cors_headers(status, headers, exc_info=None):
headers = Headers(headers)
headers.add("Access-Control-Allow-Origin", self.origin(environ))
headers.add("Access-Control-Allow-Credentials", "true")
headers.add("Access-Control-Allow-Methods",
", ".join(self.methods))
if self.allowed:
headers.add("Access-Control-Allow-Headers",
", ".join(self.allowed))
if self.exposed:
headers.add("Access-Control-Expose-Headers",
", ".join(self.exposed))
return start_response(status, headers.to_list(), exc_info)
def auth_header_for_reglr(self):
h = Headers()
auth_string = '{0}:{1}'.format(
TEST_REGLR_USERNAME,
TEST_REGLR_PASSWORD
)
encoded_auth_string = base64.b64encode(
str.encode(auth_string)).decode()
h.add(
'Authorization',
'Basic {0}'.format(encoded_auth_string)
)
return h
def test_auth_decorated_link_missing_token(client):
user = default_config()
headers = Headers()
headers.add('X-Tenant', 'rockee')
post_data = json.dumps({
'current_password': '******',
'new_password': '******'
})
rsp = client.post('/users/{}/change_password'.format(user.id),
data=post_data,
headers=headers)
print('\nResponse: {} -> {}'.format(rsp.status, rsp.data.decode()))
assert rsp.status_code == 401, 'should be unauthorized'
def get(self):
"""
Request a challenge token for SSH authentication
.. :quickref: SSH; Request SSH Challenge Token
:reqheader Rucio-VO: VO name as a string (Multi-VO only).
:reqheader Rucio-Account: Account identifier as a string.
:reqheader Rucio-AppID: Application identifier as a string.
:resheader Access-Control-Allow-Origin:
:resheader Access-Control-Allow-Headers:
:resheader Access-Control-Allow-Methods:
:resheader Access-Control-Allow-Credentials:
:resheader Access-Control-Expose-Headers:
:resheader X-Rucio-SSH-Challenge-Token: The SSH challenge token
:resheader X-Rucio-SSH-Challenge-Token-Expires: The expiry time of the token
:status 200: Successfully authenticated
:status 404: Invalid credentials
"""
headers = Headers()
headers['Access-Control-Allow-Origin'] = request.environ.get('HTTP_ORIGIN')
headers['Access-Control-Allow-Headers'] = request.environ.get('HTTP_ACCESS_CONTROL_REQUEST_HEADERS')
headers['Access-Control-Allow-Methods'] = '*'
headers['Access-Control-Allow-Credentials'] = 'true'
headers['Access-Control-Expose-Headers'] = 'X-Rucio-Auth-Token'
headers['Content-Type'] = 'application/octet-stream'
headers['Cache-Control'] = 'no-cache, no-store, max-age=0, must-revalidate'
headers.add('Cache-Control', 'post-check=0, pre-check=0')
headers['Pragma'] = 'no-cache'
vo = request.headers.get('X-Rucio-VO', default='def')
account = request.headers.get('X-Rucio-Account', default=None)
appid = request.headers.get('X-Rucio-AppID', default='unknown')
ip = request.headers.get('X-Forwarded-For', default=request.remote_addr)
try:
result = get_ssh_challenge_token(account, appid, ip, vo=vo)
except RucioException as error:
return generate_http_error_flask(500, error.__class__.__name__, error.args[0], headers=headers)
except Exception as error:
logging.exception("Internal Error")
return str(error), 500, headers
if not result:
return generate_http_error_flask(401, 'CannotAuthenticate', 'Cannot generate challenge for account %(account)s' % locals(), headers=headers)
headers['X-Rucio-SSH-Challenge-Token'] = result.token
headers['X-Rucio-SSH-Challenge-Token-Expires'] = date_to_str(result.expired_at)
return '', 200, headers
def test_firstname_is_empty_string(self):
data1 = {'username':'******',
'email':'*****@*****.**',
'password':'******',
'firstname':'',
'confirm_password':'******'
}
payload = json.dumps(data1)
h = Headers()
h.add('Content-Type', 'application/json')
response1 = self.client.post('/register', data=data1)
result = json.loads(response1.data)
self.assertEqual(response1.status_code, 400)
self.assertEqual(result['error'], 'all fields must be filled')
def get_headers(self) -> "Optional[HeadersType]":
headers = Headers()
headers.set('Access-Control-Allow-Origin',
request.environ.get('HTTP_ORIGIN'))
headers.set('Access-Control-Allow-Headers',
request.environ.get('HTTP_ACCESS_CONTROL_REQUEST_HEADERS'))
headers.set('Access-Control-Allow-Methods', '*')
headers.set('Access-Control-Allow-Credentials', 'true')
headers.set('Cache-Control',
'no-cache, no-store, max-age=0, must-revalidate')
headers.add('Cache-Control', 'post-check=0, pre-check=0')
headers.set('Pragma', 'no-cache')
return headers
def test_creating_categories(self):
with self.client:
response = self.client.post('/register', data=self.user)
responses = self.client.post('/login', data=self.data2)
result = json.loads(responses.data.decode())
auth = result['token']
h = Headers()
h.add('x-access-token', auth)
response = self.client.post('/category',
headers=h,
data=self.category)
results = json.loads(response.data)
self.assertEqual(response.status_code, 201)
self.assertEqual(results['message'], 'Category created')
def test_getting_all_categories(self):
with self.client:
response = self.client.post('/register', data=self.user)
responses = self.client.post('/login', data=self.data2)
result = json.loads(responses.data.decode())
auth = result['token']
h = Headers()
h.add('x-access-token', auth)
category_response = self.client.post('/category',
headers=h,
data=self.category)
results = json.loads(category_response.data)
self.assertEqual(category_response.status_code, 201)
self.assertIn('fish', results['category_name'])
def retrieve_message(hexhash=None):
errorResp = {"err_msg": "Message not found"}
errorHeader = Headers()
errorHeader.add('Content-Type', 'application/json')
if hexhash is None:
return JSONEncoder().encode(errorResp), 404, errorHeader
message = cache.get(hexhash)
if message is None:
return JSONEncoder().encode(errorResp), 404, errorHeader
resp = {"message": message.decode('utf-8')}
print("resp: {}".format(resp))
return JSONEncoder().encode(resp)
def test07_access_token_handler(self):
"""Test access_token_handler method."""
with dummy_app.test_request_context('/a_request'):
auth = IIIFAuthGoogle(client_secret_file=csf)
response = auth.access_token_handler()
self.assertEqual(response.status_code, 200)
self.assertEqual(response.headers['Content-type'],
'application/json')
j = json.loads(response.get_data().decode('utf-8'))
self.assertEqual(j['description'],
"No authorization details received")
self.assertEqual(j['error'], "client_unauthorized")
# add callback but no account cookie
with dummy_app.test_request_context('/a_request?messageId=1234'):
auth = IIIFAuthGoogle(client_secret_file=csf)
response = auth.access_token_handler()
self.assertEqual(response.status_code, 200)
self.assertEqual(response.headers['Content-type'], 'text/html')
# Check HTML is postMessage, includes an error
html = response.get_data().decode('utf-8')
self.assertTrue(re.search(r'postMessage\(', html))
self.assertTrue(re.search(r'"error"', html))
# add an account cookie
h = Headers()
h.add('Cookie', 'lol_account=ACCOUNT_TOKEN')
with dummy_app.test_request_context('/a_request', headers=h):
auth = IIIFAuthGoogle(client_secret_file=csf, cookie_prefix='lol_')
# stub token gen:
auth._generate_random_string = lambda x: 'lkjhg'
response = auth.access_token_handler()
self.assertEqual(response.status_code, 200)
self.assertEqual(response.headers['Content-type'],
'application/json')
j = json.loads(response.get_data().decode('utf-8'))
self.assertEqual(j['accessToken'], 'lkjhg')
# add an account cookie and a messageId
h = Headers()
h.add('Cookie', 'lol_account=ACCOUNT_TOKEN')
with dummy_app.test_request_context('/a_request?messageId=2345',
headers=h):
auth = IIIFAuthGoogle(client_secret_file=csf, cookie_prefix='lol_')
response = auth.access_token_handler()
self.assertEqual(response.status_code, 200)
self.assertEqual(response.headers['Content-type'], 'text/html')
# Check HTML is postMessage, includes messageId,
# does not include an error
html = response.get_data().decode('utf-8')
self.assertTrue(re.search(r'postMessage\(', html))
self.assertTrue(re.search(r'"messageId":\s*"2345"', html))
self.assertFalse(re.search(r'"error"', html))
def test_delete_unexisting_category(self):
"""Tests if user can delete an unexisiting category."""
self.register()
res = self.tester.post('/api-v0/auth/login',
data=json.dumps(self.login_data),
content_type='application/json')
data = json.loads(res.data)
h = Headers()
h.add('x-access-token', data['token'])
response = self.tester.delete('/api-v0/category/38', headers=h)
resp = json.loads(response.get_data(as_text=True))
self.assertEqual(response.status_code, 404)
self.assertEqual(resp['status'], False)
self.assertEqual(resp['message'], 'Could not find category')
def test_auth_decorated_link_good_token_correct_authority(client):
user = default_config()
headers = Headers()
headers.add('X-Tenant', 'rockee')
headers.set('Authorization', 'Bearer {}'.format(user.auth_token))
post_data = json.dumps({
'current_password': '******',
'new_password': '******'
})
rsp = client.post('/users/{}/change_password'.format(user.id),
data=post_data,
headers=headers)
print('\nResponse: {} -> {}'.format(rsp.status, rsp.data.decode()))
assert rsp.status_code == 200, 'should be ok'
def test_invalid_token(self):
with self.client:
response = self.client.post('/register', data=self.user)
responses = self.client.post('/login', data=self.data2)
result = json.loads(responses.data.decode())
auth = 'phiona'
h = Headers()
h.add('x-access-token', auth)
response = self.client.post('/category',
headers=h,
data=self.category)
result = json.loads(response.data)
self.assertEqual(response.status_code, 401)
self.assertEqual(result['message'], 'Invalid token')
def test_unsethook_administrator_user(self, mock_requests):
admin_role = Role.query.filter_by(name='Administrator').first()
admin = User(
email='*****@*****.**',
username='******',
role=admin_role,
password='******',
confirmed=True,
)
db.session.add(admin)
db.session.commit()
# Werkzeug's test client doesn't have embedded
# Basic HTTP Authentication out of box like requests have,
# so we have to implement it by making up headers.
# see also
# http://stackoverflow.com/a/30248823/4241180
# http://stackoverflow.com/a/27643297/4241180
# http://blog.bstpierre.org/flask-testing-auth
headers = Headers()
headers.add(*HTTP.basic_auth('*****@*****.**', 'test'))
response = self.client.post(TelegramUpdates.URL_UNSET_WEBHOOK,
data=json.dumps({}),
follow_redirects=True,
headers=headers)
self.assertEqual(
response.status_code, 200, 'Failed to return status code 200 '
'when unsetting Webhook URL by the administrator user')
response_json = json.loads(response.data)
self.assertEqual(
response_json['url'], '',
'Failed to return an empty field for the URL in JSON '
'when unsetting Webhook URL by the administrator user')
mock_requests.assert_called()
self.assertIn(
call(files=None,
json={
'url':
'',
'max_connections':
current_app.config['SERVER_MAX_CONNECTIONS'],
'allowed_updates': []
},
timeout=current_app.config['TELEGRAM_REQUEST_TIMEOUT_SEC'] *
60,
url=current_app.config['TELEGRAM_URL'] + 'setWebhook'),
mock_requests.call_args_list)
def get_with_basic_auth(self, path, username='******', password='******'):
"""
Do a request with ldap auth
:param path:
:param username:
:param password:
"""
h = Headers()
s_auth = base64.b64encode('{u}:{p}'.format(u=username,
p=password).encode('utf-8'))
h.add('Authorization', 'Basic ' + s_auth.decode('utf-8'))
response = Client.open(self.client, path=path, headers=h)
return response
def to_csv_resp(filename, data, columns, separator):
outdata = [separator.join(columns)]
headers = Headers()
headers.add('Content-Type', 'text/plain')
headers.add('Content-Disposition',
'attachment',
filename='export_%s.csv' % filename)
for o in data:
outdata.append(
separator.join('"%s"' % (o.get(i), '')[o.get(i) is None]
for i in columns))
out = '\r\n'.join(outdata)
return Response(out, headers=headers)
def to_csv_resp(filename, data, columns, separator):
outdata = [separator.join(columns)]
headers = Headers()
headers.add("Content-Type", "text/plain")
headers.add("Content-Disposition",
"attachment",
filename="export_%s.csv" % filename)
for o in data:
outdata.append(
separator.join('"%s"' % (o.get(i), "")[o.get(i) is None]
for i in columns))
out = "\r\n".join(outdata)
return Response(out, headers=headers)
def test_search_none_existing_category(self):
with self.client:
user = self.client.post('/register', data=self.user)
logged_in = self.client.post('/login', data=self.data2)
result = json.loads(logged_in.data)
auth = result['token']
h = Headers()
h.add('x-access-token', auth)
resp = self.client.post('/category', headers=h, data=self.category)
search = self.client.get(
'/category/search?q=peas&per_page=2&page=1', headers=h)
result = json.loads(search.data)
self.assertEqual(search.status_code, 404)
self.assertEqual(result['message'], 'search item not found')
def pipe(request, url):
headers = {}
if request.headers.get('Range'):
headers['Range'] = request.headers.get('Range')
request = urllib.request.Request(url, headers=headers)
try:
client = urllib.request.urlopen(request)
def stream():
continue_reading = True
while continue_reading:
bytes_read = client.read(10000)
if len(bytes_read) == 0:
continue_reading = False
else:
yield bytes_read
headers = Headers()
headers.add('Content-Type', client.getheader('Content-Type'))
headers.add('Content-Length', client.getheader('Content-Length'))
headers.add('Accept-Ranges', 'bytes')
headers.add('Content-Range', client.getheader(
'Content-Range')) if request.headers.get('Range') else None
return stream(), headers
except HTTPError:
return None, None
async def test_response_headers(httpserver, acurl_session_ng):
hdrs = Headers()
hdrs.add("Foo", "bar")
hdrs.add("Baz", "quux")
hdrs.add("baz", "quuz")
httpserver.expect_request("/foo").respond_with_response(
Response(response="", status=200, headers=hdrs))
r = await acurl_session_ng.get(httpserver.url_for("/foo"))
assert "Foo" in r.headers
assert r.headers["Foo"] == "bar"
assert r.headers["foo"] == "bar"
assert "Baz" in r.headers
assert r.headers["Baz"] == "quux, quuz"
assert r.headers["baz"] == "quux, quuz"
def pipe(request, url, proxy=None):
headers = {}
if request.headers.get('Range'):
headers['Range'] = request.headers.get('Range')
proxies = {'http': proxy, 'https': proxy} if proxy is not None else None
try:
r = requests.get(url, headers=headers, proxies=proxies, stream=True)
if r.status_code != 200:
logging.getLogger(__name__).warning(
f'http pipe failed for url {url} and proxy {proxy}: {r.status_code}'
)
return None, None
headers = Headers()
headers.add('Content-Type', r.headers.get('Content-Type'))
headers.add('Content-Length', r.headers.get('Content-Length'))
headers.add('Accept-Ranges', 'bytes')
headers.add('Content-Range', r.headers.get(
'Content-Range')) if request.headers.get('Range') else None
return r.iter_content(4096), headers
except Exception as e:
logging.getLogger(__name__).exception(
f'http pipe failed for url {url} and proxy {proxy}: {", ".join(e.args)}'
)
return None, None
def on_svg(self, request):
mapname = os.path.splitext(os.path.basename(request.args.get("map", "")))[0]
filename = "svg-plot-{}-{}.svg".format(
mapname, datetime.now().strftime("%Y%m%dT%H%M%S")
)
headers = Headers()
headers.add("Content-Disposition", "attachment", filename=filename)
params = parse_params(request)
translations = load_translations(self.translations_file)
svg = layered_svg(
params, mapserver_binary=self.mapserver_binary, translations=translations
)
return Response(svg, content_type="text/svg+xml", headers=headers)
def proxy_request(file):
hostname = REALHOST
port = REALPORT
# Whitelist a few headers to pass on
request_headers = {}
for h in ["Cookie", "Referer", "X-Csrf-Token", "X-Requested-With"]:
if h in request.headers:
request_headers[h] = request.headers[h]
request_headers['Cookie'] = 'PHPSESSID=22e697cf314742e2b5ef043f7a7a8643;'
# request_headers['Cookie'] = request_headers['Cookie'].split(';')[-1]+';'
if request.query_string:
path = "/%s?%s" % (file, request.query_string)
else:
path = "/" + file
if request.method == "POST":
form_data = list(iterform(request.form))
form_data = urllib.urlencode(form_data)
request_headers["Content-Length"] = len(form_data)
request_headers["Content-Type"] = "application/x-www-form-urlencoded"
else:
form_data = None
conn = httplib.HTTPConnection(hostname, port)
conn.request(request.method, path, body=form_data, headers=request_headers)
resp = conn.getresponse()
# Clean up response headers for forwarding
response_headers = Headers()
for key, value in resp.getheaders():
if key in ["content-length", "connection"]:
continue
if key == "set-cookie":
cookies = value.split(" ,")
print 'cookies: %s' % cookies
[response_headers.add(key, c) for c in cookies]
else:
response_headers.add(key, value)
contents = resp.read()
flask_response = Response(response=contents,
status=resp.status,
headers=response_headers,
content_type=resp.getheader('content-type'))
return flask_response
def test_fault(self):
h = Headers()
h.add("X-B3-Flags", 0)
h.add("X-B3-Sampled", "true")
h.add("X-B3-Spanid", "7c32ff2603f7586f")
h.add("X-B3-Traceid", "4ba9862655d0b76b1709d712d2027505")
h.add("Ot-Baggage-Injectfault", "service1_delay:10")
signal.alarm(5)
try:
resp = self.client.get("/", headers=h)
assert (False)
except Exception, exc:
assert (True)
def get(self):
"""
Authenticate a Rucio account temporarily via a GSS token.
.. :quickref: GSS; Authenticate with GSS token
:reqheader Rucio-VO: VO name as a string (Multi-VO only).
:reqheader Rucio-Account: Account identifier as a string.
:reqheader Rucio-AppID: Application identifier as a string.
:reqheader SavedCredentials: Apache mod_auth_kerb SavedCredentials.
:resheader Access-Control-Allow-Origin:
:resheader Access-Control-Allow-Headers:
:resheader Access-Control-Allow-Methods:
:resheader Access-Control-Allow-Credentials:
:resheader Access-Control-Expose-Headers:
:resheader X-Rucio-Auth-Token: The authentication token
:status 200: Successfully authenticated
:status 404: Invalid credentials
"""
headers = Headers()
headers['Access-Control-Allow-Origin'] = request.environ.get('HTTP_ORIGIN')
headers['Access-Control-Allow-Headers'] = request.environ.get('HTTP_ACCESS_CONTROL_REQUEST_HEADERS')
headers['Access-Control-Allow-Methods'] = '*'
headers['Access-Control-Allow-Credentials'] = 'true'
headers['Access-Control-Expose-Headers'] = 'X-Rucio-Auth-Token'
headers['Content-Type'] = 'application/octet-stream'
headers['Cache-Control'] = 'no-cache, no-store, max-age=0, must-revalidate'
headers.add('Cache-Control', 'post-check=0, pre-check=0')
headers['Pragma'] = 'no-cache'
vo = request.headers.get('X-Rucio-VO', default='def')
account = request.headers.get('X-Rucio-Account', default=None)
gsscred = request.environ.get('REMOTE_USER')
appid = request.headers.get('X-Rucio-AppID', default='unknown')
ip = request.headers.get('X-Forwarded-For', default=request.remote_addr)
try:
result = get_auth_token_gss(account, gsscred, appid, ip, vo=vo)
except AccessDenied:
return generate_http_error_flask(401, 'CannotAuthenticate', 'Cannot authenticate to account %(account)s with given credentials' % locals(), headers=headers)
if result is None:
return generate_http_error_flask(401, 'CannotAuthenticate', 'Cannot authenticate to account %(account)s with given credentials' % locals(), headers=headers)
headers['X-Rucio-Auth-Token'] = result.token
headers['X-Rucio-Auth-Token-Expires'] = date_to_str(result.expired_at)
return '', 200, headers
def test_request_london(self):
self.app.testing = True
auth_string = "{0}:{1}".format('user_01',
current_app.config['PASSWORD_USER_01'])
auth_bytes = auth_string.encode('utf-8')
b64_encoded_auth_bytes = b64encode(auth_bytes)
headers = Headers()
headers.add('Authorization',
'Basic ' + b64_encoded_auth_bytes.decode('utf-8'))
with self.app.test_client() as tcl:
query = '/api/v1/search?iata_code=LHR&date=2019-01-15&min_temperature_celsius=5&max_temperature_celsius=20&max_precipitation_mm=0'
response = tcl.get(query, headers=headers)
test_data_json = response.get_data()
self.assertTrue(response.status_code == 200) # OK
self.assertTrue(test_data_json == default_without_london)
