def test_user_can_be_loaded_from_session_token(self): self.make_participant('alice') user = User.from_username('alice') user.sign_in(SimpleCookie()) token = user.participant.session_token actual = User.from_session_token(token).participant.username assert actual == 'alice'
def get_auth_from_request(request): """Authenticate from a cookie or an API key in basic auth. """ user = None if request.line.uri.startswith('/assets/'): pass elif 'Authorization' in request.headers: header = request.headers['authorization'] if header.startswith('Basic '): creds = header[len('Basic '):].decode('base64') token, ignored = creds.split(':') user = User.from_api_key(token) # We don't require CSRF if they basically authenticated. csrf_token = csrf._get_new_csrf_key() request.headers.cookie['csrf_token'] = csrf_token request.headers['X-CSRF-TOKEN'] = csrf_token if 'Referer' not in request.headers: request.headers['Referer'] = \ 'https://%s/' % csrf._get_host(request) elif SESSION in request.headers.cookie: token = request.headers.cookie[SESSION].value user = User.from_session_token(token) request.context['user'] = user or User()
def get_auth_from_request(request): """Authenticate from a cookie or an API key in basic auth. """ user = None if request.line.uri.startswith('/assets/'): pass elif 'Authorization' in request.headers: header = request.headers['authorization'] if header.startswith('Basic '): creds = header[len('Basic '):].decode('base64') token, ignored = creds.split(':') user = User.from_api_key(token) # We don't require CSRF if they basically authenticated. csrf_token = csrf._get_new_csrf_key() request.headers.cookie['csrf_token'] = csrf_token request.headers['X-CSRF-TOKEN'] = csrf_token if 'Referer' not in request.headers: request.headers['Referer'] = \ 'https://%s/' % csrf._get_host(request) elif SESSION in request.headers.cookie: token = request.headers.cookie[SESSION].value user = User.from_session_token(token) request.context['user'] = user or User()
def test_user_from_expired_session_is_anonymous(self): self.make_participant('alice') user = User.from_username('alice') user.sign_in(SimpleCookie()) token = user.participant.session_token user.participant.set_session_expires(utcnow()) user = User.from_session_token(token) assert user.ANON
def authenticate_user_if_possible(request, user): """This signs the user in. """ if request.line.uri.startswith('/assets/'): pass elif 'Authorization' in request.headers: header = request.headers['authorization'] if header.startswith('Basic '): user = _get_user_via_basic_auth(header) if not user.ANON: _turn_off_csrf(request) elif SESSION in request.headers.cookie: token = request.headers.cookie[SESSION].value user = User.from_session_token(token) return {'user': user}
def authenticate_user_if_possible(request, user): """This signs the user in. """ if request.line.uri.startswith('/assets/'): pass elif 'Authorization' in request.headers: header = request.headers['authorization'] if header.startswith('Basic '): user = _get_user_via_basic_auth(header) if not user.ANON: _turn_off_csrf(request) elif SESSION in request.headers.cookie: token = request.headers.cookie[SESSION].value user = User.from_session_token(token) return {'user': user}
def set_request_context_user(request): """Set request.context['user']. This signs the user in. """ request.context['user'] = user = ANON # Make sure we always have a user object, even if # there's an exception in the rest of this function. if request.line.uri.startswith('/assets/'): pass elif 'Authorization' in request.headers: header = request.headers['authorization'] if header.startswith('Basic '): user = _get_user_via_basic_auth(header) if not user.ANON: _turn_off_csrf(request) elif SESSION in request.headers.cookie: token = request.headers.cookie[SESSION].value user = User.from_session_token(token) request.context['user'] = user
def test_user_from_None_session_token_is_anonymous(self): self.make_participant('alice') self.make_participant('bob') user = User.from_session_token(None) assert user.ANON
def test_user_from_bad_session_token_is_anonymous(self): user = User.from_session_token('deadbeef') assert user.ANON