def add_role(self, realm, config):
self.log.debug(
'CrossbarRouterFactory.add_role(realm="{realm}", config={config})',
realm=realm,
config=config)
assert (type(realm) == str)
assert (realm in self._routers)
router = self._routers[realm]
uri = config['name']
if 'permissions' in config:
role = RouterRoleStaticAuth(router, uri, config['permissions'])
elif 'authorizer' in config:
role = RouterRoleDynamicAuth(router, uri, config['authorizer'])
else:
allow_by_default = config.get('allow-by-default', False)
role = RouterRole(router, uri, allow_by_default=allow_by_default)
router.add_role(role)
def setUp(self):
"""
Setup router and router session factories.
"""
# create a router factory
self.router_factory = RouterFactory()
# start a realm
self.router_factory.start_realm(RouterRealm(None,
{u'name': u'realm1'}))
# allow everything
permissions = RouterPermissions('', True, True, True, True, True)
router = self.router_factory.get(u'realm1')
router.add_role(
RouterRoleStaticAuth(router, None,
default_permissions=permissions))
# create a router session factory
self.session_factory = RouterSessionFactory(self.router_factory)
def test_start_router_component(self):
"""
Starting a class-based router component works.
"""
r = router.RouterWorkerSession(config=self.config, reactor=reactor)
# Open the transport
transport = FakeWAMPTransport(r)
r.onOpen(transport)
realm_config = {
u"name": u"realm1",
u'roles': [{u'name': u'anonymous',
u'permissions': [{u'subscribe': True,
u'register': True, u'call': True,
u'uri': u'*', u'publish': True}]}]
}
r.start_router_realm(u"realm1", realm_config)
permissions = RouterPermissions(u'', True, True, True, True, True)
routera = r._router_factory.get(u'realm1')
routera.add_role(RouterRoleStaticAuth(router, 'anonymous', default_permissions=permissions))
component_config = {
u"type": u"class",
u"classname": u"crossbar.worker.test.examples.goodclass.AppSession",
u"realm": u"realm1"
}
r.start_router_component("newcomponent", component_config)
self.assertEqual(len(r.get_router_components()), 1)
self.assertEqual(r.get_router_components()[0]["id"],
"newcomponent")
self.assertEqual(len(_), 1)
_.pop() # clear this global state
def add_realm_to_router(router_factory,
session_factory,
realm_name=u'default',
realm_options={}):
opts = dict(realm_options)
opts.update({u'name': realm_name})
# start a realm
realm = RouterRealm(None, opts)
router = router_factory.start_realm(realm)
extra = {}
session_config = ComponentConfig(realm_name, extra)
realm.session = RouterServiceSession(session_config, router)
# allow everything
default_permissions = {
u'uri': u'',
u'match': u'prefix',
u'allow': {
u'call': True,
u'register': True,
u'publish': True,
u'subscribe': True
}
}
router = router_factory.get(realm_name)
router.add_role(
RouterRoleStaticAuth(router,
'anonymous',
default_permissions=default_permissions))
session_factory.add(realm.session, authrole=u'trusted')
return router
def build_mqtt_server():
reactor = Clock()
router_factory, server_factory, session_factory = make_router()
add_realm_to_router(router_factory, session_factory)
router = add_realm_to_router(router_factory,
session_factory,
realm_name=u'mqtt',
realm_options={})
# allow everything
default_permissions = {
u'uri': u'',
u'match': u'prefix',
u'allow': {
u'call': True,
u'register': True,
u'publish': True,
u'subscribe': True
}
}
router.add_role(RouterRoleStaticAuth(router, u'mqttrole', default_permissions=default_permissions))
class AuthenticatorSession(ApplicationSession):
@inlineCallbacks
def onJoin(self, details):
def authenticate(realm, authid, details):
if authid == u"test123":
if details["ticket"] != u'password':
raise ApplicationError(u'com.example.invalid_ticket', u'nope')
res = {
u'realm': u'mqtt',
u'role': u'mqttrole',
u'extra': {}
}
return res
else:
raise ApplicationError(u'com.example.no_such_user', u'nah')
yield self.register(authenticate, u'com.example.auth')
def tls(realm, authid, details):
ACCEPTED_CERTS = set([u'95:1C:A9:6B:CD:8D:D2:BD:F4:73:82:01:55:89:41:12:9C:F8:AF:8E'])
if 'client_cert' not in details['transport'] or not details['transport']['client_cert']:
raise ApplicationError(u"com.example.no_cert", u"no client certificate presented")
client_cert = details['transport']['client_cert']
sha1 = client_cert['sha1']
subject_cn = client_cert['subject']['cn']
if sha1 not in ACCEPTED_CERTS:
raise ApplicationError(u"com.example.invalid_cert", u"certificate with SHA1 {} denied".format(sha1))
else:
return {
u'authid': subject_cn,
u'role': u'mqttrole',
u'realm': u'mqtt'
}
yield self.register(tls, u'com.example.tls')
config = ComponentConfig(u"default", {})
authsession = AuthenticatorSession(config)
session_factory.add(authsession, router, authrole=u"trusted")
options = {
u"options": {
u"realm": u"mqtt",
u"role": u"mqttrole",
u"payload_mapping": {
u"": {
u"type": u"native",
u"serializer": u"json"
}
},
u"auth": {
u"ticket": {
u"type": u"dynamic",
u"authenticator": u"com.example.auth",
u"authenticator-realm": u"default",
},
u"tls": {
u"type": u"dynamic",
u"authenticator": u"com.example.tls",
u"authenticator-realm": u"default",
}
}
}
}
mqtt_factory = WampMQTTServerFactory(session_factory, options, reactor)
server_factory._mqtt_factory = mqtt_factory
return reactor, router, server_factory, session_factory
