def _gen_request(self, method, url, params=None, headers=None, extra_environ=None, status=None, upload_files=None, expect_errors=False, content_type=None): headers = {} if headers is None else headers.copy() if self.auth: headers["X-Devpi-Auth"] = b64encode("%s:%s" % self.auth) # fill headers with defaults for name, val in self.headers.items(): headers.setdefault(name, val) kw = dict(headers=headers) if params and params is not webtest.utils.NoDefault: if method.lower() in ('post', 'put', 'patch'): kw['data'] = params else: kw['params'] = params meth = getattr(requests, method.lower()) if '://' not in url: url = self.base_url + url r = meth(url, **kw) return FunctionalResponseWrapper(r)
def test_expired(self, blank_request, mock, policy, xom): from pyramid.authentication import b64encode with mock.patch('time.time') as timemock: timemock.return_code = 0.0 passwd = policy.auth.serializer.dumps(('foo', [])) blank_request.headers['X-Devpi-Auth'] = b64encode( 'foo:%s' % passwd).decode("ascii") assert policy.callback('foo', blank_request) is None
def _gen_request(self, method, url, **kw): if self.auth: headers = kw.get("headers") if not headers: headers = kw["headers"] = {} headers["X-Devpi-Auth"] = b64encode("%s:%s" % self.auth) #print ("setting auth header %r %s %s" % (auth, method, url)) return super(MyTestApp, self)._gen_request(method, url, **kw)
def test_nouser_basic(self, blank_request, policy, xom): from devpi_server.views import HTTPException from pyramid.authentication import b64encode blank_request.headers['Authorization'] = 'BASIC ' + b64encode( 'foo:bar').decode("ascii") with pytest.raises(HTTPException) as e: policy.callback('foo', blank_request) assert e.value.status_code == 401 assert e.value.title == "user 'foo' does not exist"
def test_expired(self, blank_request, mock, policy, xom): from devpi_server.views import HTTPException from pyramid.authentication import b64encode with mock.patch('time.time') as timemock: timemock.return_code = 0.0 passwd = policy.auth.serializer.dumps(('foo', [])) blank_request.headers['X-Devpi-Auth'] = b64encode( 'foo:%s' % passwd).decode("ascii") with pytest.raises(HTTPException) as e: policy.callback('foo', blank_request) assert e.value.status_code == 401 assert e.value.title == "auth expired for 'foo'"
def with_user(request, user): from pyramid.authentication import b64encode if user is None: request.headers.pop('Authorization', None) else: if user == 'root': auth = "root:" else: auth = "%s:123" % user request.headers['Authorization'] = 'Basic %s' % b64encode( auth.encode('utf-8')).decode('ascii') return request
def _gen_request(self, method, url, params=None, headers=None, **kw): headers = {} if headers is None else headers.copy() if self.auth: if not headers: headers = kw["headers"] = {} headers["X-Devpi-Auth"] = b64encode("%s:%s" % self.auth) #print ("setting auth header %r %s %s" % (auth, method, url)) # fill headers with defaults for name, val in self.headers.items(): headers.setdefault(name, val) kw["headers"] = headers if params is not None: kw["params"] = params return super(MyTestApp, self)._gen_request(method, url, **kw)
def test_me(self): # /api/me.json # Test unauthenticated/unauthorized access headers = {'Accept': 'application/json'} res = self.testapp.get('/api/me.json', headers=headers, status=200) self.assertEqual(res.json, {'data': None}) # Test unauthenticated access -- invalid scheme headers = {'Accept': 'application/json', 'Authorization': 'Test Test'} res = self.testapp.get('/api/me.json', headers=headers, status=200) self.assertEqual(res.json, {'data': None}) # Test unauthenticated access -- missing token headers = {'Accept': 'application/json', 'Authorization': 'Token'} res = self.testapp.get('/api/me.json', headers=headers, status=200) self.assertEqual(res.json, {'data': None}) # Test unauthenticated access -- mangled traditional token headers = {'Accept': 'application/json', 'Authorization': 'Token +='} res = self.testapp.get('/api/me.json', headers=headers, status=200) self.assertEqual(res.json, {'data': None}) token = b64encode('%s%s' % (self.user_user.email, self.user_user.api_token)) headers = { 'Accept': 'application/json', 'Authorization': 'Token %s' % native_(token) } res = self.testapp.get('/api/me.json', headers=headers, status=200) self.assertEqual(res.json, {'data': None}) # Test authenticated/authorized access token = self.user_user.authorization_token headers = { 'Accept': 'application/json', 'Authorization': 'Token %s' % token } res = self.testapp.get('/api/me.json', headers=headers, status=200) self.assertIn('data', res.json) self.assertIn('email', res.json['data']) self.assertEqual(res.json['data']['email'], '*****@*****.**')
def test_me(self): # /api/me.json # Test unauthenticated/unauthorized access headers = {'Accept': 'application/json'} res = self.testapp.get('/api/me.json', headers=headers, status=200) self.assertEqual(res.json, {'data': None}) # Test unauthenticated access -- invalid scheme headers = {'Accept': 'application/json', 'Authorization': 'Test Test'} res = self.testapp.get('/api/me.json', headers=headers, status=200) self.assertEqual(res.json, {'data': None}) # Test unauthenticated access -- missing token headers = {'Accept': 'application/json', 'Authorization': 'Token'} res = self.testapp.get('/api/me.json', headers=headers, status=200) self.assertEqual(res.json, {'data': None}) # Test unauthenticated access -- mangled traditional token headers = {'Accept': 'application/json', 'Authorization': 'Token +='} res = self.testapp.get('/api/me.json', headers=headers, status=200) self.assertEqual(res.json, {'data': None}) token = b64encode('%s%s' % (self.user_user.email, self.user_user.api_token)) headers = {'Accept': 'application/json', 'Authorization': 'Token %s' % native_(token)} res = self.testapp.get('/api/me.json', headers=headers, status=200) self.assertEqual(res.json, {'data': None}) # Test authenticated/authorized access token = self.user_user.authorization_token headers = {'Accept': 'application/json', 'Authorization': 'Token %s' % token} res = self.testapp.get('/api/me.json', headers=headers, status=200) self.assertIn('data', res.json) self.assertIn('email', res.json['data']) self.assertEqual(res.json['data']['email'], '*****@*****.**')
def test_nouser_basic(self, blank_request, policy, xom): from pyramid.authentication import b64encode blank_request.headers['Authorization'] = 'BASIC ' + b64encode( 'foo:bar').decode("ascii") assert policy.callback('foo', blank_request) is None
def authorization_token(self): return native_(b64encode("%s:%s" % (self.email, self.api_token)))