async def test_middleware_doesnt_reissue_on_bad_response(loop, app, client):
async def handler_bad_response(request):
user_id = await auth.get_auth(request)
assert user_id == 'some_user'
return web.Response(status=400, text='bad_response')
secret = b'01234567890abcdef'
policy = auth.CookieTktAuthentication(secret, 15, 0, cookie_name='auth')
auth.setup(app, policy)
app.router.add_get('/bad_response', handler_bad_response)
cli = await client(app)
response = await cli.get('/remember')
text = await response.text()
data = response.cookies[policy.cookie_name]
assert text == 'remember'
# wait a second that the ticket value has changed
await asyncio.sleep(1.0, loop=loop)
response = await assert_response(cli.get('/auth'), 'auth')
assert data != response.cookies[policy.cookie_name]
data = response.cookies[policy.cookie_name]
await asyncio.sleep(1.0, loop=loop)
response = await assert_response(cli.get('/bad_response'), 'bad_response')
assert response.status == 400
assert policy.cookie_name not in response.cookies
async def test_middleware_stores_auth_in_cookie(self):
secret = b'01234567890abcdef'
auth_ = auth.CookieTktAuthentication(secret, 15, cookie_name='auth')
middlewares = [auth_middleware(auth_)]
request = await make_request('GET', '/', middlewares)
await auth.remember(request, 'some_user')
response = await make_response(request, middlewares)
self.assertTrue(auth_.cookie_name in response.cookies)
async def test_middleware_setup(app):
secret = b'01234567890abcdef'
policy = auth.CookieTktAuthentication(secret, 15, cookie_name='auth')
auth.setup(app, policy)
middleware = auth.auth_middleware(policy)
assert app.middlewares[-1].__name__ == middleware.__name__
def main():
loop = asyncio.get_event_loop()
policy = auth.CookieTktAuthentication(os.urandom(32),
60000,
include_ip=True)
middlewares = [auth.auth_middleware(policy)]
if os.environ['NODE_ENV'] == 'production':
middlewares.append(index_middleware)
app = aiohttp.web.Application(loop=loop, middlewares=middlewares)
# print(loop.run_until_complete(db.users.find({}, {'_id': 1})))
# app['ws_clients'] = {r['_id']: None for r in loop.run_until_complete(db.users.find({}, {'_id': 1}))}
app['admin_subscribed_bid'] = ''
app.on_startup.append(prepare_ws_clients)
app.on_shutdown.append(shutdown_websockets)
app.router.add_get('/index/', indx)
r1 = app.router.add_route('GET', '/test_auth/', test_auth)
r2 = app.router.add_route('POST', '/login/', login)
r3 = app.router.add_route('GET', '/ws', websocket_handler)
app.router.add_get('/rest/bids/', bids)
r4 = app.router.add_get('/rest/bid_report/', bid_report)
r5 = app.router.add_get('/rest/sdd_report/', sdd_report)
r6 = app.router.add_get('/rest/sdd_section_limits/', sdd_section_limits)
r7 = app.router.add_post('/rest/upload_file/', upload_file)
r8 = app.router.add_get('/rest/sleep/', sleep)
if os.environ['NODE_ENV'] == 'production':
app.router.add_route('GET', '/', index)
app.router.add_static('/', '../client/dist')
else:
cors = aiohttp_cors.setup(app,
defaults={
'*':
aiohttp_cors.ResourceOptions(
expose_headers='*',
allow_headers='*',
allow_credentials=True),
})
cors.add(r1)
cors.add(r2)
cors.add(r3)
cors.add(r4)
cors.add(r5)
cors.add(r6)
cors.add(r7)
cors.add(r8)
aiohttp.web.run_app(app, host=HOST, port=PORT)
async def test_middleware_stores_auth_in_cookie(app, client):
secret = b'01234567890abcdef'
policy = auth.CookieTktAuthentication(secret, 15, cookie_name='auth')
auth.setup(app, policy)
cli = await client(app)
response = await cli.get('/remember')
text = await response.text()
assert text == 'remember'
assert policy.cookie_name in response.cookies
async def test_middleware_gets_auth_from_cookie(self):
secret = b'01234567890abcdef'
auth_ = auth.CookieTktAuthentication(secret, 15, 2, cookie_name='auth')
middlewares = [auth_middleware(auth_)]
session_data = TicketFactory(secret).new('some_user')
request = await make_request('GET', '/', middlewares, \
[(auth_.cookie_name, session_data)])
user_id = await auth.get_auth(request)
self.assertEqual(user_id, 'some_user')
response = await make_response(request, middlewares)
self.assertFalse(auth_.cookie_name in response.cookies)
async def test_middleware_reissues_ticket_auth(self):
secret = b'01234567890abcdef'
auth_ = auth.CookieTktAuthentication(secret, 15, 0, cookie_name='auth')
middlewares = [auth_middleware(auth_)]
valid_until = time.time() + 15
session_data = TicketFactory(secret).new('some_user',
valid_until=valid_until)
request = await make_request('GET', '/', middlewares, \
[(auth_.cookie_name, session_data)])
user_id = await auth.get_auth(request)
self.assertEqual(user_id, 'some_user')
response = await make_response(request, middlewares)
self.assertTrue(auth_.cookie_name in response.cookies)
self.assertNotEqual(response.cookies[auth_.cookie_name], session_data)
async def test_middleware_cannot_store_auth_in_cookie_when_response_prepared(
app, client):
async def handler_test(request):
await auth.remember(request, 'some_user')
response = web.Response(text='test')
await response.prepare(request)
return response
secret = b'01234567890abcdef'
policy = auth.CookieTktAuthentication(secret, 15, cookie_name='auth')
auth.setup(app, policy)
app.router.add_get('/test', handler_test)
cli = await client(app)
with pytest.raises(Exception):
await assert_response(cli.get('/test'), 'test')
async def test_middleware_forget_with_cookies(app, client):
secret = b'01234567890abcdef'
policy = auth.CookieTktAuthentication(secret, 120, cookie_name='auth')
auth.setup(app, policy)
cli = await client(app)
response = await assert_response(cli.get('/remember'), 'remember')
assert policy.cookie_name in response.cookies
response = await assert_response(cli.get('/forget'), 'forget')
# aiohttp set cookie_name with empty string when del_cookie
# assert policy.cookie_name not in response.cookies
assert response.cookies[policy.cookie_name].value == ''
with pytest.raises(AssertionError):
await assert_response(cli.get('/auth'), 'auth')
async def test_middleware_auth_required_decorator(app, client):
@auth.auth_required
async def handler_test(request):
return web.Response(text='test')
secret = b'01234567890abcdef'
policy = auth.CookieTktAuthentication(secret, 120, cookie_name='auth')
auth.setup(app, policy)
app.router.add_get('/test', handler_test)
cli = await client(app)
response = await assert_response(cli.get('/test'), '401: Unauthorized')
assert response.status == 401
response = await assert_response(cli.get('/remember'), 'remember')
response = await assert_response(cli.get('/test'), 'test')
assert response.status == 200
async def test_middleware_reissues_ticket_auth(loop, app, client):
secret = b'01234567890abcdef'
policy = auth.CookieTktAuthentication(secret, 15, 0, cookie_name='auth')
auth.setup(app, policy)
cli = await client(app)
response = await cli.get('/remember')
text = await response.text()
assert text == 'remember'
data = response.cookies[policy.cookie_name]
# wait a second that the ticket value has changed
await asyncio.sleep(1.0, loop=loop)
response = await assert_response(cli.get('/auth'), 'auth')
assert data != response.cookies[policy.cookie_name]
def init():
policy = auth.CookieTktAuthentication(urandom(32), 600, include_ip=True)
middlewares = [auth.auth_middleware(policy)]
app = web.Application(middlewares=middlewares)
utils.connect_to_mysql()
app.router.add_route('GET', '/', hello)
app.router.add_route('POST', '/', createTable)
app.router.add_route('GET', '/check', checkIfLoggedIn)
app.router.add_route('POST', '/login', login)
app.router.add_route('POST', '/logout', logout)
# Players
app.router.add_route('GET', '/allplayers', dbutils.get_players)
app.router.add_route('POST', '/addplayer', dbutils.add_player)
app.router.add_route('POST', '/stats/player', dbutils.update_player_stats)
# Referee
app.router.add_route('GET', '/stats/referees', dbutils.get_referees_stats)
app.router.add_route('POST', '/addreferee', dbutils.add_referee)
# Clubs
app.router.add_route('GET', '/stats/clubs', dbutils.get_clubs_stats)
app.router.add_route('GET', '/club/{club}', dbutils.get_single_club_info)
app.router.add_route('POST', '/add/club', dbutils.add_new_club)
# Matches
app.router.add_route('GET', '/matches', dbutils.get_matches)
app.router.add_route('POST', '/matches/add', dbutils.add_match)
# League
app.router.add_route('GET', '/league/{league}', dbutils.get_league_stats)
# Stadiums
app.router.add_route('GET', '/stadiums', dbutils.get_stadiums_stats)
logging.info("Backend server started")
web.run_app(app)
logging.info("Closing connection")
response.set_cookie(self.cookie_name, cookie)
auth.cookie_ticket_auth.CookieTktAuthentication.process_response = process_response
import jinja2
from motor import motor_asyncio as motor
import xlsxwriter
import aiofiles
from multidict import MultiDict
import rest
import settings as S
auth_policy = auth.CookieTktAuthentication(os.urandom(32),
6000000,
include_ip=True)
auth_middleware = auth.auth_middleware(auth_policy)
@aiohttp_jinja2.template('sign-up.html')
async def ask_for_password(request):
msg = ''
if request.query.get('msg') == 'unequal-pwds':
msg = 'пароль подтвержден неправильно!'
return {
'id': request.query.get('id', ''),
'msg': msg,
}
async def on_start(app):
config = app["config"]
app["db"] = await asyncpgsa.create_pool(dsn=config["database"])
auth_policy = auth.CookieTktAuthentication(urandom(32), 60, include_ip=True)
autz_policy = ACLAutzPolicy(app["db"])
aiohttp_auth.setup(app, auth_policy, autz_policy)
