def test_authenticated_userid_does_not_proxy_if_no_forwarded_user( self, pyramid_request, BasicAuthAuthenticationPolicy): auth_policy = AuthClientPolicy() auth_policy.authenticated_userid(pyramid_request) assert BasicAuthAuthenticationPolicy.return_value.unauthenticated_userid.call_count == 0 assert BasicAuthAuthenticationPolicy.return_value.callback.call_count == 0
def test_effective_principals_proxies_to_basic_auth( self, pyramid_request, check, BasicAuthAuthenticationPolicy): auth_policy = AuthClientPolicy() auth_policy.effective_principals(pyramid_request) BasicAuthAuthenticationPolicy.return_value.effective_principals.assert_called_once_with( pyramid_request)
def test_check_proxies_to_verify_auth_client(self, pyramid_request, verify_auth_client): AuthClientPolicy.check("someusername", "somepassword", pyramid_request) verify_auth_client.assert_called_once_with("someusername", "somepassword", pyramid_request.db)
def test_check_proxies_to_verify_auth_client( self, pyramid_request, verify_auth_client ): AuthClientPolicy.check("someusername", "somepassword", pyramid_request) verify_auth_client.assert_called_once_with( "someusername", "somepassword", pyramid_request.db )
def test_unauthenticated_userid_doesnt_proxy_to_basic_auth_if_forwarded_user( self, pyramid_request, BasicAuthAuthenticationPolicy): pyramid_request.headers['X-Forwarded-User'] = '******' auth_policy = AuthClientPolicy() auth_policy.unauthenticated_userid(pyramid_request) assert BasicAuthAuthenticationPolicy.return_value.unauthenticated_userid.call_count == 0
def test_effective_principals_returns_only_Everyone_if_callback_returns_None( self, pyramid_request, check): check.return_value = None policy = AuthClientPolicy(check=check) principals = policy.effective_principals(pyramid_request) assert principals == ["system.Everyone"]
def test_check_doesnt_proxy_to_principals_for_auth_client_if_forwarded_user( self, user_service, pyramid_request, verify_auth_client, principals_for_auth_client): pyramid_request.headers['X-Forwarded-User'] = '******' AuthClientPolicy.check('someusername', 'somepassword', pyramid_request) assert principals_for_auth_client.call_count == 0
def test_unauthenticated_userid_proxies_to_basic_auth_if_no_forwarded_user( self, pyramid_request, BasicAuthAuthenticationPolicy): auth_policy = AuthClientPolicy() unauth_id = auth_policy.unauthenticated_userid(pyramid_request) BasicAuthAuthenticationPolicy.return_value.unauthenticated_userid.assert_called_once_with( pyramid_request) assert unauth_id == BasicAuthAuthenticationPolicy.return_value.unauthenticated_userid.return_value
def test_effective_principals_returns_only_Everyone_if_callback_returns_None( self, pyramid_request, check ): check.return_value = None policy = AuthClientPolicy(check=check) principals = policy.effective_principals(pyramid_request) assert principals == ["system.Everyone"]
def test_check_fetches_user_if_forwarded_user( self, pyramid_request, verify_auth_client, user_service ): pyramid_request.headers["X-Forwarded-User"] = "******" AuthClientPolicy.check("someusername", "somepassword", pyramid_request) user_service.fetch.assert_called_once_with("acct:[email protected]")
def test_check_fetches_user_if_forwarded_user(self, pyramid_request, verify_auth_client, user_service): pyramid_request.headers["X-Forwarded-User"] = "******" AuthClientPolicy.check("someusername", "somepassword", pyramid_request) user_service.fetch.assert_called_once_with("acct:[email protected]")
def test_effective_principals_returns_list_containing_callback_return_value( self, pyramid_request, check): check.return_value = ["foople", "blueberry"] policy = AuthClientPolicy(check=check) principals = policy.effective_principals(pyramid_request) assert "foople" in principals assert "blueberry" in principals
def test_check_fetches_user_if_forwarded_user(self, pyramid_request, verify_auth_client, user_service): pyramid_request.headers['X-Forwarded-User'] = '******' AuthClientPolicy.check('someusername', 'somepassword', pyramid_request) user_service.fetch.assert_called_once_with('acct:[email protected]')
def test_effective_principals_proxies_to_basic_auth( self, pyramid_request, check, BasicAuthAuthenticationPolicy ): auth_policy = AuthClientPolicy() auth_policy.effective_principals(pyramid_request) BasicAuthAuthenticationPolicy.return_value.effective_principals.assert_called_once_with( pyramid_request )
def test_effective_principals_returns_list_containing_callback_return_value( self, pyramid_request, check ): check.return_value = ["foople", "blueberry"] policy = AuthClientPolicy(check=check) principals = policy.effective_principals(pyramid_request) assert "foople" in principals assert "blueberry" in principals
def test_authenticated_userid_returns_None_if_callback_not_OK( self, check, pyramid_request): check.return_value = None policy = AuthClientPolicy(check=check) pyramid_request.headers["X-Forwarded-User"] = "******" userid = policy.authenticated_userid(pyramid_request) assert userid is None
def test_authenticated_userid_proxies_to_basic_auth_policy_if_forwarded_user( self, pyramid_request, BasicAuthAuthenticationPolicy): pyramid_request.headers['X-Forwarded-User'] = '******' auth_policy = AuthClientPolicy() auth_policy.authenticated_userid(pyramid_request) BasicAuthAuthenticationPolicy.return_value.unauthenticated_userid.assert_called_once_with( pyramid_request) BasicAuthAuthenticationPolicy.return_value.callback.assert_called_once_with( BasicAuthAuthenticationPolicy.return_value.unauthenticated_userid. return_value, pyramid_request)
def test_authenticated_userid_does_not_proxy_if_no_forwarded_user( self, pyramid_request, BasicAuthAuthenticationPolicy ): auth_policy = AuthClientPolicy() auth_policy.authenticated_userid(pyramid_request) assert ( BasicAuthAuthenticationPolicy.return_value.unauthenticated_userid.call_count == 0 ) assert BasicAuthAuthenticationPolicy.return_value.callback.call_count == 0
def test_authenticated_userid_returns_None_if_callback_not_OK( self, check, pyramid_request ): check.return_value = None policy = AuthClientPolicy(check=check) pyramid_request.headers["X-Forwarded-User"] = "******" userid = policy.authenticated_userid(pyramid_request) assert userid is None
def test_check_doesnt_proxy_to_principals_for_auth_client_if_forwarded_user( self, user_service, pyramid_request, verify_auth_client, principals_for_auth_client, ): pyramid_request.headers["X-Forwarded-User"] = "******" AuthClientPolicy.check("someusername", "somepassword", pyramid_request) assert principals_for_auth_client.call_count == 0
def test_unauthenticated_userid_doesnt_proxy_to_basic_auth_if_forwarded_user( self, pyramid_request, BasicAuthAuthenticationPolicy ): pyramid_request.headers["X-Forwarded-User"] = "******" auth_policy = AuthClientPolicy() auth_policy.unauthenticated_userid(pyramid_request) assert ( BasicAuthAuthenticationPolicy.return_value.unauthenticated_userid.call_count == 0 )
def test_unauthenticated_userid_proxies_to_basic_auth_if_no_forwarded_user( self, pyramid_request, BasicAuthAuthenticationPolicy ): auth_policy = AuthClientPolicy() unauth_id = auth_policy.unauthenticated_userid(pyramid_request) BasicAuthAuthenticationPolicy.return_value.unauthenticated_userid.assert_called_once_with( pyramid_request ) assert ( unauth_id == BasicAuthAuthenticationPolicy.return_value.unauthenticated_userid.return_value )
def test_authenticated_userid_proxies_to_basic_auth_policy_if_forwarded_user( self, pyramid_request, BasicAuthAuthenticationPolicy ): pyramid_request.headers["X-Forwarded-User"] = "******" auth_policy = AuthClientPolicy() auth_policy.authenticated_userid(pyramid_request) BasicAuthAuthenticationPolicy.return_value.unauthenticated_userid.assert_called_once_with( pyramid_request ) BasicAuthAuthenticationPolicy.return_value.callback.assert_called_once_with( BasicAuthAuthenticationPolicy.return_value.unauthenticated_userid.return_value, pyramid_request, )
def test_check_returns_None_if_verify_auth_client_fails( self, pyramid_request, verify_auth_client): verify_auth_client.return_value = None principals = AuthClientPolicy.check("someusername", "somepassword", pyramid_request) assert principals is None
def test_it_instantiates_a_BasicAuthAuthenticationPolicy( self, BasicAuthAuthenticationPolicy ): AuthClientPolicy() BasicAuthAuthenticationPolicy.assert_called_once_with( check=AuthClientPolicy.check )
def test_check_returns_None_if_fetch_forwarded_user_fails( self, pyramid_request, verify_auth_client, user_service): user_service.fetch.return_value = None pyramid_request.headers["X-Forwarded-User"] = "******" principals = AuthClientPolicy.check("someusername", "somepassword", pyramid_request) assert principals is None
def test_check_returns_None_if_verify_auth_client_fails( self, pyramid_request, verify_auth_client ): verify_auth_client.return_value = None principals = AuthClientPolicy.check( "someusername", "somepassword", pyramid_request ) assert principals is None
def test_check_returns_None_if_user_fetch_raises_valueError( self, pyramid_request, verify_auth_client, user_service): pyramid_request.headers['X-Forwarded-User'] = '******' user_service.fetch.side_effect = ValueError('whoops') principals = AuthClientPolicy.check('someusername', 'somepassword', pyramid_request) assert principals is None
def test_check_returns_None_if_user_fetch_raises_valueError( self, pyramid_request, verify_auth_client, user_service): pyramid_request.headers["X-Forwarded-User"] = "******" user_service.fetch.side_effect = ValueError("whoops") principals = AuthClientPolicy.check("someusername", "somepassword", pyramid_request) assert principals is None
def test_check_proxies_to_principals_for_auth_client_if_no_forwarded_user( self, pyramid_request, verify_auth_client, principals_for_auth_client): principals = AuthClientPolicy.check("someusername", "somepassword", pyramid_request) assert principals == principals_for_auth_client.return_value principals_for_auth_client.assert_called_once_with( verify_auth_client.return_value)
def test_check_returns_None_if_fetch_forwarded_user_fails( self, pyramid_request, verify_auth_client, user_service ): user_service.fetch.return_value = None pyramid_request.headers["X-Forwarded-User"] = "******" principals = AuthClientPolicy.check( "someusername", "somepassword", pyramid_request ) assert principals is None
def test_check_returns_None_if_userid_is_invalid(self, pyramid_request, verify_auth_client, user_service): pyramid_request.headers["X-Forwarded-User"] = "******" user_service.fetch.side_effect = InvalidUserId("badly_formatted") principals = AuthClientPolicy.check(mock.sentinel.username, mock.sentinel.password, pyramid_request) assert principals is None
def test_check_returns_None_if_user_fetch_raises_valueError( self, pyramid_request, verify_auth_client, user_service ): pyramid_request.headers["X-Forwarded-User"] = "******" user_service.fetch.side_effect = ValueError("whoops") principals = AuthClientPolicy.check( "someusername", "somepassword", pyramid_request ) assert principals is None
def test_check_proxies_to_principals_for_auth_client_if_no_forwarded_user( self, pyramid_request, verify_auth_client, principals_for_auth_client ): principals = AuthClientPolicy.check( "someusername", "somepassword", pyramid_request ) assert principals == principals_for_auth_client.return_value principals_for_auth_client.assert_called_once_with( verify_auth_client.return_value )
def test_check_returns_None_if_forwarded_user_authority_mismatch( self, pyramid_request, verify_auth_client, user_service, factories): mismatched_user = factories.User(authority="two.com") verify_auth_client.return_value = factories.ConfidentialAuthClient( authority="one.com") user_service.fetch.return_value = mismatched_user pyramid_request.headers["X-Forwarded-User"] = mismatched_user.userid principals = AuthClientPolicy.check("someusername", "somepassword", pyramid_request) assert principals is None
def test_it_proxies_to_principals_for_user_if_fetch_forwarded_user_ok( self, pyramid_request, verify_auth_client, user_service, factories, principals_for_auth_client_user): matched_user = factories.User(authority="one.com") verify_auth_client.return_value = factories.ConfidentialAuthClient( authority="one.com") user_service.fetch.return_value = matched_user pyramid_request.headers['X-Forwarded-User'] = matched_user.userid principals = AuthClientPolicy.check('someusername', 'somepassword', pyramid_request) principals_for_auth_client_user.assert_called_once_with( matched_user, verify_auth_client.return_value) assert principals == principals_for_auth_client_user.return_value
def test_check_returns_None_if_forwarded_user_authority_mismatch( self, pyramid_request, verify_auth_client, user_service, factories ): mismatched_user = factories.User(authority="two.com") verify_auth_client.return_value = factories.ConfidentialAuthClient( authority="one.com" ) user_service.fetch.return_value = mismatched_user pyramid_request.headers["X-Forwarded-User"] = mismatched_user.userid principals = AuthClientPolicy.check( "someusername", "somepassword", pyramid_request ) assert principals is None
def test_it_proxies_to_principals_for_user_if_fetch_forwarded_user_ok( self, pyramid_request, verify_auth_client, user_service, factories, principals_for_auth_client_user, ): matched_user = factories.User(authority="one.com") verify_auth_client.return_value = factories.ConfidentialAuthClient( authority="one.com" ) user_service.fetch.return_value = matched_user pyramid_request.headers["X-Forwarded-User"] = matched_user.userid principals = AuthClientPolicy.check( "someusername", "somepassword", pyramid_request ) principals_for_auth_client_user.assert_called_once_with( matched_user, verify_auth_client.return_value ) assert principals == principals_for_auth_client_user.return_value
from h.auth.util import default_authority, groupfinder from h.security import derive_key __all__ = ( 'DEFAULT_POLICY', 'WEBSOCKET_POLICY', ) log = logging.getLogger(__name__) PROXY_POLICY = RemoteUserAuthenticationPolicy( environ_key='HTTP_X_FORWARDED_USER', callback=groupfinder) TICKET_POLICY = pyramid_authsanity.AuthServicePolicy() TOKEN_POLICY = TokenAuthenticationPolicy(callback=groupfinder) AUTH_CLIENT_POLICY = AuthClientPolicy() API_POLICY = APIAuthenticationPolicy(user_policy=TOKEN_POLICY, client_policy=AUTH_CLIENT_POLICY) DEFAULT_POLICY = AuthenticationPolicy(api_policy=API_POLICY, fallback_policy=TICKET_POLICY) WEBSOCKET_POLICY = TOKEN_POLICY def includeme(config): global DEFAULT_POLICY global WEBSOCKET_POLICY # Set up authsanity settings = config.registry.settings
def auth_policy(self, check): auth_policy = AuthClientPolicy(check=check) return auth_policy