def testValidateAuthTokenLengthDifferent(self, _): token_created_timestamp = time_util.ConvertToTimestamp( datetime(2017, 06, 13, 0, 0, 0)) tested_token = base64.urlsafe_b64encode('token:' + str(token_created_timestamp)) valid, expired = token.ValidateAuthToken('key', tested_token, 'email') self.assertFalse(valid) self.assertFalse(expired)
def testValidateAuthTokenExpired(self, _): tested_token = token.GenerateAuthToken('key', 'email', when=datetime( 2017, 06, 13, 0, 0, 0)) valid, expired = token.ValidateAuthToken('key', tested_token, 'email') self.assertTrue(valid) self.assertTrue(expired)
def testGeneratedXSRFTokenIsValidForSameUserAndSameAction(self, mock_now): mock_now.side_effect = [ datetime(2017, 6, 13, 0, 0, 0), datetime(2017, 6, 13, 0, 1, 0) ] xsrf_token = token.GenerateAuthToken('key', 'email', 'action') valid, expired = token.ValidateAuthToken('key', xsrf_token, 'email', 'action') self.assertTrue(valid) self.assertFalse(expired)
def HandlePost(self): assert self.auth_scope, 'Auth scope must be provided.' assert self.user_id, 'User id must be provided.' logging.debug('Post body: %s', self.request.body) try: envelope = json.loads(self.request.body) auth_token = envelope['message']['attributes']['auth_token'] message_data = json.loads( base64.b64decode(envelope['message']['data'])) user_data = json.loads( message_data.get('user_data') or message_data.get('userdata')) pipeline_id = user_data['runner_id'] valid, expired = token.ValidateAuthToken( self.auth_scope, auth_token, self.user_id, action_id=pipeline_id, valid_hours=self.GetValidHoursOfAuthToken()) if not valid or expired: # Ignore requests with invalid or expired auth token. logging.warning('Auth token: valid=%s, expired=%s', valid, expired) return pipeline = AsynchronousPipeline.from_id(pipeline_id) if not pipeline or not isinstance(pipeline, AsynchronousPipeline): # Ignore requests targeted at invalid pipelines. logging.warning('Pipeline not found or not async: %s', pipeline_id) return message_id = envelope['message']['message_id'] parameters = self.GetAdditionalParameters(envelope['message'], message_data) # The pipeline will schedule the callback task to be run in the same # target version and task queue as itself. # Use the message id from PubSub as task name to avoid duplicate callback # tasks because PubSub could push the same message multiple times. pipeline.ScheduleCallbackTask(name=message_id, parameters=parameters) except (ValueError, KeyError) as e: # Ignore requests with invalid message. logging.warning('Unexpected PubSub message format: %s', e.message)
def testGeneratedXSRFTokenIsInvalidForDifferentUserAndAction(self): xsrf_token = token.GenerateAuthToken('key', 'email1', 'action1') valid, expired = token.ValidateAuthToken('key', xsrf_token, 'email2', 'action2') self.assertFalse(valid) self.assertFalse(expired)
def testValidateAuthTokenDateInvalid(self): tested_token = base64.urlsafe_b64encode('token') valid, expired = token.ValidateAuthToken('key', tested_token, 'email') self.assertFalse(valid) self.assertFalse(expired)
def testValidateAuthTokenNoToken(self): valid, expired = token.ValidateAuthToken('key', None, 'email') self.assertFalse(valid) self.assertFalse(expired)
def testValidateAuthTokenSucceed(self, _): tested_token = token.GenerateAuthToken('key', 'email') valid, expired = token.ValidateAuthToken('key', tested_token, 'email') self.assertTrue(valid) self.assertFalse(expired)