def test_auth_req_fake_tenantadm_tenant_suspended(self, management_api, device_api, tenant_foobar, clean_migrated_db): d = Device() da = DevAuthorizer(tenant_token=tenant_foobar) url = device_api.auth_requests_url handlers = [ ('POST', '/api/internal/v1/tenantadm/tenants/verify', lambda _: (401, {}, { 'request_id': 'test', 'error': 'account suspended' })), ] with mockserver.run_fake(get_fake_tenantadm_addr(), handlers=handlers) as fake: rsp = device_auth_req(url, da, d) assert rsp.status_code == 401 assert rsp.json()['error'] == 'account suspended' # request failed, so device should not even be listed as known for the # default tenant TestEnterprise.verify_tenant_dev_present(management_api, d.identity, '', present=False)
def test_auth_req_fake_tenantadm_valid_tenant_token( self, management_api, device_api, tenant_foobar): d = Device() da = DevAuthorizer(tenant_token=tenant_foobar) url = device_api.auth_requests_url handlers = [ ('POST', '/api/internal/v1/tenantadm/tenants/verify', lambda _: (200, {}, { 'id': '507f191e810c19729de860ea', 'name': 'Acme', })), ] try: with orchestrator.run_fake_for_device_id(1) as server: with mockserver.run_fake(get_fake_tenantadm_addr(), handlers=handlers) as fake: rsp = device_auth_req(url, da, d) assert rsp.status_code == 401 except bravado.exception.HTTPError as e: assert e.response.status_code == 204 # device should be appear in devices listing TestEnterprise.verify_tenant_dev_present(management_api, d.identity, tenant_foobar, present=True)
def tenantadm_fake_tenant_verify(): handlers = [ ('POST', '/api/internal/v1/tenantadm/tenants/verify', lambda _: (200, {}, '')), ] with mockserver.run_fake(get_fake_tenantadm_addr(), handlers=handlers) as fake: yield fake
def init_service_mocks( self, wflows_rsp_q: asyncio.Queue = None, tadm_rsp_q: asyncio.Queue = None, ) -> mockserver.MockServer: # Very simple tornado request handler for tenantadm and workflows that # generates responses from items pushed onto an asyncio.Queue object, # the object can either be a callable or a 3-tuple with (code, header, # body). Callables are passed 'self' (RequestHandler) as argument. class RequestHandler(tornado.web.RequestHandler): def initialize(self, rsp_q): self.rsp_q = rsp_q def prepare(self): rsp = self.rsp_q.get_nowait() if callable(rsp): rsp(self) else: (status, hdr, body) = rsp self.set_status(status) for key, val in hdr.items(): self.add_header(key, val) if body: self.write(body) self.finish() with mockserver.run_fake(get_fake_tenantadm_addr()) as tadm: tadm.app.add_handlers( r".*", [( r".*", RequestHandler, { "rsp_q": tadm_rsp_q }, )], ) with mockserver.run_fake(get_fake_workflows_addr()) as wflows: wflows.app.add_handlers( r".*", [( r".*", RequestHandler, { "rsp_q": wflows_rsp_q }, )], ) yield tadm, wflows
def request_token(device, dev_auth, url): handlers = [ ('POST', '/api/internal/v1/tenantadm/tenants/verify', lambda _: (200, {}, { 'id': '507f191e810c19729de860ea', 'name': 'Acme', })), ] with mockserver.run_fake(get_fake_tenantadm_addr(), handlers=handlers) as fake: rsp = device_auth_req(url, dev_auth, device) assert rsp.status_code == 200 dev_auth.parse_rsp_payload(device, rsp.text) return device.token
def mock_tenantadm_auth(tenant_addons): def tenantadm_handler(req): auth = req.headers["Authorization"] # jwt = <header (base64)>.<claims (base64)>.<signature (base64)> jwt_b64 = auth.split(".") if len(jwt_b64) > 1: print(jwt_b64) # Convert base64 from url- to std-encoding and append padding claims_b64 = jwt_b64[1].replace("+", "-").replace("?", "_") # Add padding claims_b64 += "=" * (-len(claims_b64) % 4) # Decode claims claims = base64.b64decode(claims_b64) d = json.loads(claims) tenant_id = d["mender.tenant"] return ( 200, {}, { "id": tenant_id, "name": "Acme", "addons": [{ "name": addon, "enabled": True } for addon in tenant_addons], }, ) else: return (500, {}, {}) with mockserver.run_fake( get_fake_tenantadm_addr(), handlers=[("POST", "/api/internal/v1/tenantadm/tenants/verify", tenantadm_handler)], ) as srv: yield srv
def test_auth_req_fake_tenantadm_valid_tenant_token( self, management_api, device_api, tenant_foobar): d = Device() da = DevAuthorizer(tenant_token=tenant_foobar) url = device_api.auth_requests_url handlers = [ ('POST', '/api/internal/v1/tenantadm/tenants/verify', lambda _: (200, {}, { 'id': '507f191e810c19729de860ea', 'name': 'Acme', })), ] with mockserver.run_fake(get_fake_tenantadm_addr(), handlers=handlers) as fake: rsp = device_auth_req(url, da, d) assert rsp.status_code == 401 # device should be appear in devices listing TestMultiTenant.verify_tenant_dev_present(management_api, d.identity, tenant_foobar, present=True)
def test_auth_req_fake_tenantadm_invalid_tenant_token( self, management_api, device_api, clean_migrated_db): d = Device() da = DevAuthorizer(tenant_token="bad-token") url = device_api.auth_requests_url handlers = [ ('POST', '/api/internal/v1/tenantadm/tenants/verify', lambda _: (401, {}, { 'request_id': 'test', 'error': 'ignoreme' })), ] with mockserver.run_fake(get_fake_tenantadm_addr(), handlers=handlers) as fake: rsp = device_auth_req(url, da, d) assert rsp.status_code == 401 # request failed, so device should not even be listed as known for the # default tenant TestMultiTenant.verify_tenant_dev_present(management_api, d.identity, '', present=False)
def accepted_tenants_devices(device_api, management_api, clean_migrated_db, cli, request): """Fixture that sets up an accepted devices for tenants. The fixture can be parametrized with a tenants, number of devices and number of authentication sets. Yields a dict: [tenant ID: [device object, ...], ]""" requested = request.param tenants_devices = dict() url = device_api.auth_requests_url for (tenant, dev_count, auth_count) in requested: tenant_devices = [] cli.migrate(tenant=tenant) tenant_token = make_fake_tenant_token(tenant) for _ in range(int(dev_count)): d = Device() for i in range(int(auth_count)): d.rotate_key() da = DevAuthorizer(tenant_token=tenant_token) # poke devauth so that device appears handlers = [ ( "POST", "/api/internal/v1/tenantadm/tenants/verify", lambda _: ( 200, {}, { "id": "507f191e810c19729de860ea", "name": "Acme", }, ), ), ] try: with orchestrator.run_fake_for_device_id(1) as server: with mockserver.run_fake(get_fake_tenantadm_addr(), handlers=handlers) as fake: rsp = device_auth_req(url, da, d) assert rsp.status_code == 401 except bravado.exception.HTTPError as e: assert e.response.status_code == 204 # try to find our devices in all devices listing dev = management_api.find_device_by_identity( d.identity, Authorization="Bearer " + tenant_token) devid = dev.id for a in dev.auth_sets: if compare_keys(a.pubkey, d.public_key): aid = a.id break try: with orchestrator.run_fake_for_device_id(devid) as server: management_api.accept_device(devid, aid, Authorization="Bearer " + tenant_token) token = request_token(d, da, device_api.auth_requests_url) assert len(token) > 0 except bravado.exception.HTTPError as e: assert e.response.status_code == 204 assert dev tenant_devices.append(d) tenants_devices[tenant] = tenant_devices yield tenants_devices