def check_wildcards_test(self): # Only pepe can read openssl versions read_perms = [("openssl/*@lasote/testing", "pepe"), ("*/*@*/*", "*")] # Only pepe (and lasote because its owner) can write it and no more users can write write_perms = [(str(self.openssl_ref), "pepe")] authorizer = BasicAuthorizer(read_perms, write_perms) # Pepe can read all openssl versions authorizer.check_read_conan("pepe", self.openssl_ref) authorizer.check_read_conan("pepe", self.openssl_ref2) # Other user can't self.assertRaises(ForbiddenException, authorizer.check_read_conan, "juan", self.openssl_ref) self.assertRaises(ForbiddenException, authorizer.check_read_conan, "juan", self.openssl_ref2) # Only pepe can read versions 2.0.1 of lasote/testing read_perms = [("*/2.0.2@lasote/testing", "pepe"), ("*/*@*/*", "*")] authorizer = BasicAuthorizer(read_perms, write_perms) # Pepe can read openssl 2.0.1 version and 2.0.2 (only matches 2.0.2, so other is allowed) authorizer.check_read_conan("pepe", self.openssl_ref2) authorizer.check_read_conan("pepe", self.openssl_ref2) # Other user can't read 2.0.2 authorizer.check_read_conan("juan", self.openssl_ref) self.assertRaises(ForbiddenException, authorizer.check_read_conan, "juan", self.openssl_ref2) # Only pepe can read openssl version 2.0.1 from any owner read_perms = [("openssl/2.0.1@*/testing", "pepe")] # Only pepe (and lasote because its owner) can write it and no more users can write write_perms = [(str(self.openssl_ref), "pepe")] authorizer = BasicAuthorizer(read_perms, write_perms) # Pepe can read any openssl/2.0.1 authorizer.check_read_conan("pepe", self.openssl_ref) tmp_ref = ConanFileReference.loads("openssl/2.0.1@alfred/testing") authorizer.check_read_conan("pepe", tmp_ref) self.assertRaises(ForbiddenException, authorizer.check_read_conan, "juan", self.openssl_ref) self.assertRaises(ForbiddenException, authorizer.check_read_conan, "juan", tmp_ref) # Only pepe can read openssl version 2.0.1 from lasote/any channel read_perms = [("openssl/2.0.1@lasote/*", "pepe")] # Only pepe (and lasote because its owner) can write it and no more users can write write_perms = [(str(self.openssl_ref), "pepe")] authorizer = BasicAuthorizer(read_perms, write_perms) # Pepe can read openssl/2.0.1 from any channel but only from lasote authorizer.check_read_conan("pepe", self.openssl_ref) tmp_ref = ConanFileReference.loads("openssl/2.0.1@alfred/testing") self.assertRaises(ForbiddenException, authorizer.check_read_conan, "pepe", tmp_ref) tmp_ref = ConanFileReference.loads("openssl/2.0.1@lasote/otherchannel") authorizer.check_read_conan("pepe", tmp_ref)
def test_users(self): """Check that lists of user names are parsed correctly""" # Simple user list read_perms = [("openssl/*@lasote/testing", "user1,user2,user3")] authorizer = BasicAuthorizer(read_perms, []) for u in ['user1', 'user2', 'user3']: authorizer.check_read_conan(u, self.openssl_ref) # Spaces bewteen user names should be ignored read_perms = [("openssl/*@lasote/testing", "user1 , user2,\tuser3")] authorizer = BasicAuthorizer(read_perms, []) for u in ['user1', 'user2', 'user3']: authorizer.check_read_conan(u, self.openssl_ref)
def __init__(self): user_folder = conan_expand_user("~") server_folder = os.path.join(user_folder, '.conan_server') server_config = migrate_and_get_server_config(user_folder) custom_auth = server_config.custom_authenticator if custom_auth: authenticator = load_authentication_plugin(server_folder, custom_auth) else: authenticator = BasicAuthenticator(dict(server_config.users)) authorizer = BasicAuthorizer(server_config.read_permissions, server_config.write_permissions) credentials_manager = JWTCredentialsManager( server_config.jwt_secret, server_config.jwt_expire_time) updown_auth_manager = JWTUpDownAuthManager( server_config.updown_secret, server_config.authorize_timeout) file_manager = get_file_manager( server_config, updown_auth_manager=updown_auth_manager) search_adapter = DiskSearchAdapter() search_manager = DiskSearchManager( SimplePaths(server_config.disk_storage_path), search_adapter) server_capabilities = SERVER_CAPABILITIES self.ra = ConanServer(server_config.port, credentials_manager, updown_auth_manager, authorizer, authenticator, file_manager, search_manager, Version(SERVER_VERSION), Version(MIN_CLIENT_COMPATIBLE_VERSION), server_capabilities)
def __init__(self): user_folder = conan_expand_user("~") server_folder = os.path.join(user_folder, '.conan_server') server_config = migrate_and_get_server_config(user_folder) custom_auth = server_config.custom_authenticator if custom_auth: authenticator = load_authentication_plugin(server_folder, custom_auth) else: authenticator = BasicAuthenticator(dict(server_config.users)) authorizer = BasicAuthorizer(server_config.read_permissions, server_config.write_permissions) credentials_manager = JWTCredentialsManager(server_config.jwt_secret, server_config.jwt_expire_time) updown_auth_manager = JWTUpDownAuthManager(server_config.updown_secret, server_config.authorize_timeout) server_store = get_server_store(server_config.disk_storage_path, server_config.public_url, updown_auth_manager=updown_auth_manager) server_capabilities = SERVER_CAPABILITIES server_capabilities.append(REVISIONS) self.ra = ConanServer(server_config.port, credentials_manager, updown_auth_manager, authorizer, authenticator, server_store, Version(SERVER_VERSION), Version(MIN_CLIENT_COMPATIBLE_VERSION), server_capabilities, only_v1=False)
def setUp(self): self.conan_reference = ConanFileReference.loads( "openssl/2.0.3@lasote/testing") self.package_reference = PackageReference(self.conan_reference, "123123123") self.tmp_dir = temp_folder() read_perms = [("*/*@*/*", "*")] write_perms = [] authorizer = BasicAuthorizer(read_perms, write_perms) self.fake_url = "http://url" updown_auth_manager = JWTUpDownAuthManager("secret", timedelta(seconds=200)) adapter = DiskAdapter(self.fake_url, self.tmp_dir, updown_auth_manager) self.paths = SimplePaths(self.tmp_dir) self.file_manager = FileManager(self.paths, adapter) self.service = ConanService(authorizer, self.file_manager, "lasote") files = hello_source_files("test") save_files(self.paths.export(self.conan_reference), files) self.conan_digest = FileTreeManifest.create( self.paths.export(self.conan_reference)) conan_digest_path = os.path.join( self.paths.export(self.conan_reference), CONAN_MANIFEST) save(conan_digest_path, str(self.conan_digest)) files = hello_source_files("package") save_files(self.paths.package(self.package_reference), files)
def setUp(self): self.ref = ConanFileReference.loads("openssl/2.0.3@lasote/testing#%s" % DEFAULT_REVISION_V1) self.pref = PackageReference(self.ref, "123123123", DEFAULT_REVISION_V1) self.tmp_dir = temp_folder() read_perms = [("*/*@*/*", "*")] write_perms = [] authorizer = BasicAuthorizer(read_perms, write_perms) self.fake_url = "http://url" updown_auth_manager = JWTUpDownAuthManager("secret", timedelta(seconds=200)) adapter = ServerDiskAdapter(self.fake_url, self.tmp_dir, updown_auth_manager) self.server_store = ServerStore(storage_adapter=adapter) self.service = ConanService(authorizer, self.server_store, "lasote") self.search_service = SearchService(authorizer, self.server_store, "lasote") files = hello_source_files("test") save_files(self.server_store.export(self.ref), files) self.server_store.update_last_revision(self.ref) self.conan_digest = FileTreeManifest.create(self.server_store.export(self.ref)) conan_digest_path = os.path.join(self.server_store.export(self.ref), CONAN_MANIFEST) save(conan_digest_path, str(self.conan_digest)) files = hello_source_files("package") save_files(self.server_store.package(self.pref), files)
def __init__(self, base_path=None, read_permissions=None, write_permissions=None, users=None, base_url=None, plugins=None, server_version=None, min_client_compatible_version=None, server_capabilities=None): plugins = plugins or [] if not base_path: base_path = temp_folder() if server_capabilities is None: server_capabilities = SERVER_CAPABILITIES # Default enabled if not os.path.exists(base_path): raise Exception("Base path not exist! %s") # Define storage_folder, if not, it will be readed from conf file and pointed to real user home self.storage_folder = os.path.join(base_path, ".conan_server", "data") mkdir(self.storage_folder) server_config = migrate_and_get_server_config(base_path, self.storage_folder) if TestServerLauncher.port == 0: TestServerLauncher.port = server_config.port # Encode and Decode signature for Upload and Download service updown_auth_manager = JWTUpDownAuthManager(server_config.updown_secret, server_config.authorize_timeout) self.file_manager = get_file_manager(server_config, public_url=base_url, updown_auth_manager=updown_auth_manager) self.search_manager = DiskSearchManager(SimplePaths(server_config.disk_storage_path)) # Prepare some test users if not read_permissions: read_permissions = server_config.read_permissions read_permissions.append(("private_library/1.0.0@private_user/testing", "*")) read_permissions.append(("*/*@*/*", "*")) if not write_permissions: write_permissions = server_config.write_permissions if not users: users = dict(server_config.users) users[TESTING_REMOTE_PRIVATE_USER] = TESTING_REMOTE_PRIVATE_PASS authorizer = BasicAuthorizer(read_permissions, write_permissions) authenticator = BasicAuthenticator(users) credentials_manager = JWTCredentialsManager(server_config.jwt_secret, server_config.jwt_expire_time) logger.debug("Storage path: %s" % self.storage_folder) self.port = TestServerLauncher.port self.ra = ConanServer(self.port, credentials_manager, updown_auth_manager, authorizer, authenticator, self.file_manager, self.search_manager, server_version, min_client_compatible_version, server_capabilities) for plugin in plugins: self.ra.api_v1.install(plugin)
def __init__(self): user_folder = conan_expand_user("~") server_config = migrate_and_get_server_config(user_folder) authorizer = BasicAuthorizer(server_config.read_permissions, server_config.write_permissions) authenticator = BasicAuthenticator(dict(server_config.users)) credentials_manager = JWTCredentialsManager( server_config.jwt_secret, server_config.jwt_expire_time) updown_auth_manager = JWTUpDownAuthManager( server_config.updown_secret, server_config.authorize_timeout) file_manager = get_file_manager( server_config, updown_auth_manager=updown_auth_manager) search_adapter = DiskSearchAdapter() search_manager = DiskSearchManager( SimplePaths(server_config.disk_storage_path), search_adapter) self.ra = ConanServer(server_config.port, server_config.ssl_enabled, credentials_manager, updown_auth_manager, authorizer, authenticator, file_manager, search_manager, Version(SERVER_VERSION), Version(MIN_CLIENT_COMPATIBLE_VERSION))
def __init__(self, base_path=None, read_permissions=None, write_permissions=None, users=None, base_url=None, plugins=None, server_capabilities=None): plugins = plugins or [] if not base_path: base_path = temp_folder() if not os.path.exists(base_path): raise Exception("Base path not exist! %s") self._base_path = base_path server_config = migrate_and_get_server_config(base_path) if server_capabilities is None: server_capabilities = set(SERVER_CAPABILITIES) if TestServerLauncher.port == 0: TestServerLauncher.port = server_config.port # Encode and Decode signature for Upload and Download service updown_auth_manager = JWTUpDownAuthManager( server_config.updown_secret, server_config.authorize_timeout) base_url = base_url or server_config.public_url self.server_store = get_server_store(server_config.disk_storage_path, base_url, updown_auth_manager) # Prepare some test users if not read_permissions: read_permissions = server_config.read_permissions read_permissions.append( ("private_library/1.0.0@private_user/testing", "*")) read_permissions.append(("*/*@*/*", "*")) if not write_permissions: write_permissions = server_config.write_permissions if not users: users = dict(server_config.users) users[TESTING_REMOTE_PRIVATE_USER] = TESTING_REMOTE_PRIVATE_PASS authorizer = BasicAuthorizer(read_permissions, write_permissions) authenticator = BasicAuthenticator(users) credentials_manager = JWTCredentialsManager( server_config.jwt_secret, server_config.jwt_expire_time) self.port = TestServerLauncher.port self.ra = ConanServer(self.port, credentials_manager, updown_auth_manager, authorizer, authenticator, self.server_store, server_capabilities) for plugin in plugins: self.ra.api_v1.install(plugin) self.ra.api_v2.install(plugin)
def invalid_rule_test(self): """Invalid rule input""" read_perms = ["invalid_reference", "lasote", ("*/*@*/*", "")] write_perms = [] authorizer = BasicAuthorizer(read_perms, write_perms) self.assertRaises(InternalErrorException, authorizer.check_read_conan, "pepe", self.openssl_ref)
def permissions_test(self): """Check that permissions logic is ok""" # Only lasote can read it but other conans can be readed read_perms = [(str(self.openssl_ref), "lasote"), ("*/*@*/*", "*")] # Only pepe (and lasote because its owner) can write it and no more users can write write_perms = [(str(self.openssl_ref), "pepe")] authorizer = BasicAuthorizer(read_perms, write_perms) # READ PERMISSIONS # Pepe can't read conans self.assertRaises(ForbiddenException, authorizer.check_read_conan, "pepe", self.openssl_ref) # Owner can read conans authorizer.check_read_conan("lasote", self.openssl_ref) # Pepe can read other conans authorizer.check_read_conan("pepe", self.openssl_ref2) # Pepe can't read package self.assertRaises(ForbiddenException, authorizer.check_read_package, "pepe", self.package_reference) # Owner can read package authorizer.check_read_package("lasote", self.package_reference) # Pepe can read other package authorizer.check_read_package("pepe", self.package_reference2) # WRITE PERMISSIONS # Pepe can write conans authorizer.check_write_conan("pepe", self.openssl_ref) # Juan can't write conans self.assertRaises(ForbiddenException, authorizer.check_write_conan, "juan", self.openssl_ref) # Owner can write conans authorizer.check_write_conan("lasote", self.openssl_ref) # Pepe can't write other conans self.assertRaises(ForbiddenException, authorizer.check_write_conan, "pepe", self.openssl_ref2) # Owner can write package authorizer.check_write_package("lasote", self.package_reference) # Pepe can write package authorizer.check_write_package("pepe", self.package_reference) # Pepe can't write other package self.assertRaises(ForbiddenException, authorizer.check_write_package, "pepe", self.package_reference2)
def __init__(self, force_migration=False, server_dir=None): if sys.version_info.major == 2: raise Exception("The conan_server needs Python>=3 for running") self.force_migration = force_migration if server_dir: user_folder = server_folder = server_dir else: user_folder = conan_expand_user("~") server_folder = os.path.join(user_folder, '.conan_server') server_config = migrate_and_get_server_config(user_folder, self.force_migration, server_dir is not None) custom_auth = server_config.custom_authenticator if custom_auth: authenticator = load_authentication_plugin(server_folder, custom_auth) else: authenticator = BasicAuthenticator(dict(server_config.users)) authorizer = BasicAuthorizer(server_config.read_permissions, server_config.write_permissions) credentials_manager = JWTCredentialsManager( server_config.jwt_secret, server_config.jwt_expire_time) updown_auth_manager = JWTUpDownAuthManager( server_config.updown_secret, server_config.authorize_timeout) server_store = get_server_store( server_config.disk_storage_path, server_config.public_url, updown_auth_manager=updown_auth_manager) server_capabilities = SERVER_CAPABILITIES server_capabilities.append(REVISIONS) self.server = ConanServer(server_config.port, credentials_manager, updown_auth_manager, authorizer, authenticator, server_store, server_capabilities) if not self.force_migration: print("***********************") print("Using config: %s" % server_config.config_filename) print("Storage: %s" % server_config.disk_storage_path) print("Public URL: %s" % server_config.public_url) print("PORT: %s" % server_config.port) print("***********************")
def __init__(self, force_migration=False): self.force_migration = force_migration user_folder = conan_expand_user("~") server_folder = os.path.join(user_folder, '.conan_server') server_config = migrate_and_get_server_config(user_folder, None, self.force_migration) custom_auth = server_config.custom_authenticator if custom_auth: authenticator = load_authentication_plugin(server_folder, custom_auth) else: authenticator = BasicAuthenticator(dict(server_config.users)) authorizer = BasicAuthorizer(server_config.read_permissions, server_config.write_permissions) credentials_manager = JWTCredentialsManager( server_config.jwt_secret, server_config.jwt_expire_time) updown_auth_manager = JWTUpDownAuthManager( server_config.updown_secret, server_config.authorize_timeout) server_store = get_server_store( server_config.disk_storage_path, server_config.public_url, updown_auth_manager=updown_auth_manager) server_capabilities = SERVER_CAPABILITIES server_capabilities.append(REVISIONS) self.server = ConanServer(server_config.port, credentials_manager, updown_auth_manager, authorizer, authenticator, server_store, Version(SERVER_VERSION), Version(MIN_CLIENT_COMPATIBLE_VERSION), server_capabilities) if not self.force_migration: print("***********************") print("Using config: %s" % server_config.config_filename) print("Storage: %s" % server_config.disk_storage_path) print("Public URL: %s" % server_config.public_url) print("PORT: %s" % server_config.port) print("***********************")
def test_authenticated_user_wildcard_permissions(self): """Check that authenciated user wildcard permissions logic is ok""" # Only authenticated users can read openssl read_perms = [(str(self.openssl_ref), "?"), ("*/*@*/*", "*")] # Authenticated users can write any write_perms = [("*/*@*/*", "?")] authorizer = BasicAuthorizer(read_perms, write_perms) # READ PERMISSIONS # Authenticated user can read conan authorizer.check_read_conan("pepe", self.openssl_ref) # Authenticated user can read package authorizer.check_read_package("pepe", self.openssl_pref) # Anonymous user can not read conan, they must authenticate self.assertRaises(AuthenticationException, authorizer.check_read_conan, None, self.openssl_ref) # Anonymous user can not read package, they must authenticate self.assertRaises(AuthenticationException, authorizer.check_read_package, None, self.openssl_pref) # WRITE PERMISSIONS # Authenticated user can write conan authorizer.check_write_conan("pepe", self.openssl_ref) # Authenticated user can write package authorizer.check_write_package("pepe", self.openssl_pref) # Anonymous user can not write conan, they must authenticate self.assertRaises(AuthenticationException, authorizer.check_write_conan, None, self.openssl_ref) # Anonymous user can not write package, they must authenticate self.assertRaises(AuthenticationException, authorizer.check_write_package, None, self.openssl_pref)