示例#1
0
 def test_proxy_allowed(self):
     """
     When proxy behavior is enabled, ``proxy_allowed()`` should
     return ``True`` and ``False`` otherwise. If it is not
     configured at all, ``True`` should be returned.
     """
     self.assertTrue(proxy_allowed('http://www.example.com'))
     self.assertTrue(proxy_allowed('http://example.org/proxy'))
     self.assertFalse(proxy_allowed('http://example.com'))
     self.assertFalse(proxy_allowed('http://www.example.org'))
 def test_proxy_allowed(self):
     """
     When proxy behavior is enabled, ``proxy_allowed()`` should
     return ``True`` and ``False`` otherwise. If it is not
     configured at all, ``True`` should be returned.
     """
     self.assertTrue(proxy_allowed('http://www.example.com'))
     self.assertTrue(proxy_allowed('http://example.org/proxy'))
     self.assertFalse(proxy_allowed('http://example.com'))
     self.assertFalse(proxy_allowed('http://www.example.org'))
示例#3
0
    def validate_callback(self, service, pgturl, pgtid, pgtiou):
        """Verify the provided proxy callback URL."""
        if not proxy_allowed(service):
            raise UnauthorizedServiceProxy("%s is not authorized to use proxy authentication" % service)

        if not is_scheme_https(pgturl):
            raise InvalidProxyCallback("Proxy callback %s is not HTTPS" % pgturl)

        if not proxy_callback_allowed(service, pgturl):
            raise InvalidProxyCallback("%s is not an authorized proxy callback URL" % pgturl)

        # Verify that the SSL certificate is valid
        verify = os.environ.get('REQUESTS_CA_BUNDLE', True)
        try:
            requests.get(pgturl, verify=verify, timeout=5)
        except requests.exceptions.SSLError:
            raise InvalidProxyCallback("SSL certificate validation failed for proxy callback %s" % pgturl)
        except requests.exceptions.RequestException as e:
            raise InvalidProxyCallback(e)

        # Callback certificate appears valid, so send the ticket strings
        pgturl = add_query_params(pgturl, {'pgtId': pgtid, 'pgtIou': pgtiou})
        try:
            response = requests.get(pgturl, verify=verify, timeout=5)
        except requests.exceptions.RequestException as e:
            raise InvalidProxyCallback(e)

        try:
            response.raise_for_status()
        except requests.exceptions.HTTPError as e:
            raise InvalidProxyCallback("Proxy callback %s returned %s" % (pgturl, e))
示例#4
0
    def validate_callback(self, service, pgturl, pgtid, pgtiou):
        """Verify the provided proxy callback URL."""
        if not proxy_allowed(service):
            raise UnauthorizedServiceProxy("%s is not authorized to use proxy authentication" % service)

        if not is_scheme_https(pgturl):
            raise InvalidProxyCallback("Proxy callback %s is not HTTPS" % pgturl)

        if not proxy_callback_allowed(service, pgturl):
            raise InvalidProxyCallback("%s is not an authorized proxy callback URL" % pgturl)

        # Verify that the SSL certificate is valid
        verify = os.environ.get('REQUESTS_CA_BUNDLE', True)
        try:
            requests.get(pgturl, verify=verify, timeout=5)
        except requests.exceptions.SSLError:
            raise InvalidProxyCallback("SSL certificate validation failed for proxy callback %s" % pgturl)
        except requests.exceptions.RequestException as e:
            raise InvalidProxyCallback(e)

        # Callback certificate appears valid, so send the ticket strings
        pgturl = add_query_params(pgturl, {'pgtId': pgtid, 'pgtIou': pgtiou})
        try:
            response = requests.get(pgturl, verify=verify, timeout=5)
        except requests.exceptions.RequestException as e:
            raise InvalidProxyCallback(e)

        try:
            response.raise_for_status()
        except requests.exceptions.HTTPError as e:
            raise InvalidProxyCallback("Proxy callback %s returned %s" % (pgturl, e))
    def test_invalid_custom_backend(self):
        """
        Test that a custom service backend without properly defined
        attributes raises ``NotImplementedError``
        """

        with self.assertRaises(NotImplementedError):
            service_allowed('http://www.example.com')

        with self.assertRaises(NotImplementedError):
            get_callbacks('http://www.example.com')

        with self.assertRaises(NotImplementedError):
            get_logout_url('http://www.example.com')

        with self.assertRaises(NotImplementedError):
            logout_allowed('http://www.example.com')

        with self.assertRaises(NotImplementedError):
            proxy_allowed('http://www.example.com')
示例#6
0
 def handle(self, **options):
     service = options['service']
     pgturl = options['pgturl']
     if service_allowed(service):
         self.stdout.write('Valid Service: %s' % service)
         self.stdout.write('Proxy Allowed: %s' % proxy_allowed(service))
         if pgturl:
             self.stdout.write('Proxy Callback Allowed: %s' %
                               proxy_callback_allowed(service, pgturl))
         self.stdout.write('Logout Allowed: %s' % logout_allowed(service))
         self.stdout.write('Logout URL: %s' % get_logout_url(service))
         self.stdout.write('Callbacks: %s' % get_callbacks(service))
     else:
         self.stdout.write(self.style.ERROR('Invalid Service: %s' %
                                            service))
示例#7
0
    def handle(self, **options):
        self.service = options['service']
        self.pgturl = options['pgturl']
        self.verbosity = options['verbosity']

        if service_allowed(self.service):
            try:
                self.stdout.write(self.style.SUCCESS("Valid service: %s" % self.service))
            except AttributeError:
                # Django 1.8 does not have the "Success" style
                self.stdout.write(self.style.SQL_FIELD("Valid service: %s" % self.service))
            if self.verbosity >= 1:
                self.format_output('Proxy allowed', proxy_allowed(self.service))
                if self.pgturl:
                    self.format_output('Proxy callback allowed', proxy_callback_allowed(self.service, self.pgturl))
                self.format_output('Logout allowed', logout_allowed(self.service))
                self.format_output('Logout URL', get_logout_url(self.service))
                self.format_output('Callbacks', ', '.join(get_callbacks(self.service)))
            if self.verbosity >= 2:
                self.format_output('Backend', get_backend_path(self.service))
        else:
            self.stdout.write(self.style.ERROR("Invalid service: %s" % self.service))
示例#8
0
    def validate_callback(self, service, pgturl, pgtid, pgtiou):
        """Verify the provided proxy callback URL."""
        if not proxy_allowed(service):
            raise UnauthorizedServiceProxy(
                "%s is not authorized to use proxy authentication" % service)

        if not is_scheme_https(pgturl):
            raise InvalidProxyCallback("Proxy callback %s is not HTTPS" %
                                       pgturl)

        if not proxy_callback_allowed(service, pgturl):
            raise InvalidProxyCallback(
                "%s is not an authorized proxy callback URL" % pgturl)

        # Check the proxy callback URL and SSL certificate
        pgturl_params = add_query_params(pgturl, {
            'pgtId': pgtid,
            'pgtIou': pgtiou
        })
        verify = os.environ.get('REQUESTS_CA_BUNDLE', True)
        try:
            r = requests.get(pgturl_params, verify=verify, timeout=3.0)
        except requests.exceptions.SSLError:
            msg = "SSL cert validation failed for proxy callback %s" % pgturl
            raise InvalidProxyCallback(msg)
        except requests.exceptions.ConnectionError:
            msg = "Error connecting to proxy callback %s" % pgturl
            raise InvalidProxyCallback(msg)
        except requests.exceptions.Timeout:
            msg = "Timeout connecting to proxy callback %s" % pgturl
            raise InvalidProxyCallback(msg)

        # Check the returned HTTP status code
        try:
            r.raise_for_status()
        except requests.exceptions.HTTPError as e:
            msg = "Proxy callback %s returned %s" % (pgturl, e)
            raise InvalidProxyCallback(msg)