def testValidateAuthTokenLengthDifferent(self, _):
token_created_timestamp = time_util.ConvertToTimestamp(
datetime(2017, 06, 13, 0, 0, 0))
tested_token = base64.urlsafe_b64encode('token:' +
str(token_created_timestamp))
valid, expired = token.ValidateAuthToken('key', tested_token, 'email')
self.assertFalse(valid)
self.assertFalse(expired)
def testValidateAuthTokenExpired(self, _):
tested_token = token.GenerateAuthToken('key',
'email',
when=datetime(
2017, 06, 13, 0, 0, 0))
valid, expired = token.ValidateAuthToken('key', tested_token, 'email')
self.assertTrue(valid)
self.assertTrue(expired)
def testGeneratedXSRFTokenIsValidForSameUserAndSameAction(self, mock_now):
mock_now.side_effect = [
datetime(2017, 6, 13, 0, 0, 0),
datetime(2017, 6, 13, 0, 1, 0)
]
xsrf_token = token.GenerateAuthToken('key', 'email', 'action')
valid, expired = token.ValidateAuthToken('key', xsrf_token, 'email',
'action')
self.assertTrue(valid)
self.assertFalse(expired)
def HandlePost(self):
assert self.auth_scope, 'Auth scope must be provided.'
assert self.user_id, 'User id must be provided.'
logging.debug('Post body: %s', self.request.body)
try:
envelope = json.loads(self.request.body)
auth_token = envelope['message']['attributes']['auth_token']
message_data = json.loads(
base64.b64decode(envelope['message']['data']))
user_data = json.loads(
message_data.get('user_data') or message_data.get('userdata'))
pipeline_id = user_data['runner_id']
valid, expired = token.ValidateAuthToken(
self.auth_scope,
auth_token,
self.user_id,
action_id=pipeline_id,
valid_hours=self.GetValidHoursOfAuthToken())
if not valid or expired:
# Ignore requests with invalid or expired auth token.
logging.warning('Auth token: valid=%s, expired=%s', valid,
expired)
return
pipeline = AsynchronousPipeline.from_id(pipeline_id)
if not pipeline or not isinstance(pipeline, AsynchronousPipeline):
# Ignore requests targeted at invalid pipelines.
logging.warning('Pipeline not found or not async: %s',
pipeline_id)
return
message_id = envelope['message']['message_id']
parameters = self.GetAdditionalParameters(envelope['message'],
message_data)
# The pipeline will schedule the callback task to be run in the same
# target version and task queue as itself.
# Use the message id from PubSub as task name to avoid duplicate callback
# tasks because PubSub could push the same message multiple times.
pipeline.ScheduleCallbackTask(name=message_id,
parameters=parameters)
except (ValueError, KeyError) as e:
# Ignore requests with invalid message.
logging.warning('Unexpected PubSub message format: %s', e.message)
def testGeneratedXSRFTokenIsInvalidForDifferentUserAndAction(self):
xsrf_token = token.GenerateAuthToken('key', 'email1', 'action1')
valid, expired = token.ValidateAuthToken('key', xsrf_token, 'email2',
'action2')
self.assertFalse(valid)
self.assertFalse(expired)
def testValidateAuthTokenDateInvalid(self):
tested_token = base64.urlsafe_b64encode('token')
valid, expired = token.ValidateAuthToken('key', tested_token, 'email')
self.assertFalse(valid)
self.assertFalse(expired)
def testValidateAuthTokenNoToken(self):
valid, expired = token.ValidateAuthToken('key', None, 'email')
self.assertFalse(valid)
self.assertFalse(expired)
def testValidateAuthTokenSucceed(self, _):
tested_token = token.GenerateAuthToken('key', 'email')
valid, expired = token.ValidateAuthToken('key', tested_token, 'email')
self.assertTrue(valid)
self.assertFalse(expired)
