def test_get_current_identity_host(self): handler.configure([]) class Handler(handler.AuthenticatingHandler): @api.public def get(self): self.response.write(api.get_current_identity_host() or '<none>') app = self.make_test_app('/request', Handler) def call(headers): api.reset_local_state() return app.get('/request', headers=headers).body # Good token. token = host_token.create_host_token('HOST.domain.com') self.assertEqual('host.domain.com', call({'X-Host-Token-V1': token})) # Missing or invalid tokens. self.assertEqual('<none>', call({})) self.assertEqual('<none>', call({'X-Host-Token-V1': 'broken'})) # Expired token. origin = datetime.datetime(2014, 1, 1, 1, 1, 1) self.mock_now(origin) token = host_token.create_host_token('HOST.domain.com', expiration_sec=60) self.mock_now(origin, 61) self.assertEqual('<none>', call({'X-Host-Token-V1': token}))
def test_authentication_error(self): """AuthenticationError in auth method stops request processing.""" test = self calls = [] def failing(request): raise api.AuthenticationError('Too bad') def skipped(request): self.fail('authenticate should not be called') class Handler(handler.AuthenticatingHandler): @api.public def get(self): test.fail('Handler code should not be called') def authentication_error(self, err): test.assertEqual('Too bad', err.message) calls.append('authentication_error') # pylint: disable=bad-super-call super(Handler, self).authentication_error(err) handler.configure([failing, skipped]) app = self.make_test_app('/request', Handler) response = app.get('/request', expect_errors=True) # Custom error handler is called and returned HTTP 401. self.assertEqual(['authentication_error'], calls) self.assertEqual(401, response.status_int) # Authentication error is logged. self.assertEqual(1, len(self.logged_warnings))
def test_auth_method_order(self): """Registered auth methods are tested in order.""" test = self calls = [] ident = model.Identity(model.IDENTITY_USER, '*****@*****.**') def not_applicable(request): self.assertEqual('/request', request.path) calls.append('not_applicable') return None def applicable(request): self.assertEqual('/request', request.path) calls.append('applicable') return ident class Handler(handler.AuthenticatingHandler): @api.public def get(self): test.assertEqual(ident, api.get_current_identity()) self.response.write('OK') handler.configure([not_applicable, applicable]) app = self.make_test_app('/request', Handler) self.assertEqual('OK', app.get('/request').body) # Both methods should be tried. expected_calls = [ 'not_applicable', 'applicable', ] self.assertEqual(expected_calls, calls)
def setUp(self): super(MembershipTest, self).setUp() handler.configure([]) api.reset_local_state() self.mock(api, 'is_admin', lambda: True) model.AuthGroup(key=model.group_key('testgroup'), members=[]).put() def is_group_member_mock(group, identity): group = model.group_key(group).get() return group is not None and identity in group.members self.mock(api, 'is_group_member', is_group_member_mock)
def test_get_current_identity_ip(self): handler.configure([]) class Handler(handler.AuthenticatingHandler): @api.public def get(self): self.response.write(ipaddr.ip_to_string(api.get_current_identity_ip())) app = self.make_test_app('/request', Handler) response = app.get('/request', extra_environ={'REMOTE_ADDR': '192.1.2.3'}) self.assertEqual('192.1.2.3', response.body)
def setUp(self): super(AuthenticatingHandlerTest, self).setUp() # Reset global config of auth library before each test. handler.configure([]) api.reset_local_state() # Capture error and warning log messages. self.logged_errors = [] self.mock(handler.logging, 'error', lambda *args, **kwargs: self.logged_errors.append((args, kwargs))) self.logged_warnings = [] self.mock(handler.logging, 'warning', lambda *args, **kwargs: self.logged_warnings.append((args, kwargs)))
def test_anonymous(self): """If all auth methods are not applicable, identity is set to Anonymous.""" test = self non_applicable = lambda _request: None handler.configure([non_applicable, non_applicable]) class Handler(handler.AuthenticatingHandler): @api.public def get(self): test.assertEqual(model.Anonymous, api.get_current_identity()) self.response.write('OK') app = self.make_test_app('/request', Handler) self.assertEqual('OK', app.get('/request').body)
def test_ip_whitelist_bot(self): """Requests from client in "bots" IP whitelist are authenticated as bot.""" handler.configure([]) model.bootstrap_ip_whitelist('bots', ['192.168.1.100/32']) class Handler(handler.AuthenticatingHandler): @api.public def get(self): self.response.write(api.get_current_identity().to_bytes()) app = self.make_test_app('/request', Handler) def call(ip): api.reset_local_state() return app.get('/request', extra_environ={'REMOTE_ADDR': ip}).body self.assertEqual('bot:192.168.1.100', call('192.168.1.100')) self.assertEqual('anonymous:anonymous', call('127.0.0.1'))
def call(ident, ip): api.reset_local_state() handler.configure([lambda _request: ident]) response = app.get( '/request', extra_environ={'REMOTE_ADDR': ip}, expect_errors=True) return response.status_int