def get(self):
"""Handle GET."""
try:
# already munki authenticated? return, nothing to do.
gaeserver.DoMunkiAuth()
#logging.info('Uauth: session is already authenticated')
return
except gaeserver.NotAuthenticated:
pass
user = users.get_current_user()
if not user:
#logging.error('Uauth: user is not logged in')
raise NotAuthenticated
email = user.email()
if auth.IsAdminUser(email):
a = gaeserver.AuthSimianServer()
output = a.SessionCreateUserAuthToken(email, level=gaeserver.LEVEL_ADMIN)
elif auth.IsSupportUser(email):
a = gaeserver.AuthSimianServer()
output = a.SessionCreateUserAuthToken(email, level=gaeserver.LEVEL_BASE)
else:
logging.error('Uauth: user %s is not an admin', email)
raise NotAuthenticated
if output:
#logging.info('Uauth: success, token = %s', output)
self.response.headers['Set-Cookie'] = '%s=%s; secure; httponly;' % (
auth_init.AUTH_TOKEN_COOKIE, output)
self.response.out.write(auth_init.AUTH_TOKEN_COOKIE)
else:
#logging.info('Uauth: unknown token')
raise NotAuthenticated
def post(self):
"""Returns auth token for get method."""
session = gaeserver.DoMunkiAuth()
asd = gaeserver.AuthSessionSimianServer()
token = None
for s in asd.GetByUuid(session.uuid):
if s.level != gaeserver.LEVEL_APPLESUS:
continue
if asd.IsExpired(s):
continue
assert s.key().name().startswith('t_')
token = s.key().name()[2:]
if not token:
auth1 = gaeserver.AuthSimianServer()
# create new token suitable only for applesus.
# original token will be destroyed on postflight.
token = auth1.SessionCreateUserAuthToken(
session.uuid, level=gaeserver.LEVEL_APPLESUS)
munki_header = self.request.headers.get(MUNKI_CLIENT_ID_HEADER_KEY, '')
# Also store munki header, which contain OS X version and track.
d = {
'cookies': auth.CreateAuthTokenCookieStr(token),
'header': self._SanitazeMunkiHeader(munki_header),
}
self.response.out.write(_EncodeMsg(d))
def testAuthLevel(self):
auth1 = gaeserver.AuthSimianServer()
token = auth1.SessionCreateUserAuthToken(
'long_uuid', level=gaeserver.LEVEL_APPLESUS)
os.environ['HTTP_COOKIE'] = '%s=%s' % (auth.AUTH_TOKEN_COOKIE, token)
self.assertRaises(gaeserver.NotAuthenticated, gaeserver.DoMunkiAuth)
def GetAuth1Instance(self, ca_id=None):
"""Generate an instance of auth1 class and return it.
Args:
ca_id: str, default None, the ca_id to pass to LoadCaParameters.
This value changes the set of server/ca public/priv etc config
parameters that is used for the Auth1 communication.
"""
try:
auth1 = gaeserver.AuthSimianServer()
auth1.LoadCaParameters(settings, ca_id)
except gaeserver.CaParametersError, e:
logging.critical('(ca_id = %s) %s' % (ca_id, str(e)))
raise base.NotAuthenticated('CaParametersError')
def setUp(self):
super(test.AppengineTest, self).setUp()
mox.MoxTestBase.setUp(self)
self.stubs = stubout.StubOutForTesting()
self.aps = gaeserver.AuthSimianServer()
def testDoMunkiAuth(self):
"""Test DoMunkiAuth()."""
level = 123
cookie_str = 'foo=bar'
token = 'cookie value for auth.AUTH_TOKEN_COOKIE'
uuid = 'session uuid'
mock_valobj = self.mox.CreateMockAnything()
mock_valobj.value = token
mock_session = self.mox.CreateMockAnything()
mock_session.uuid = 'session uuid'
mock_environ = self.mox.CreateMockAnything()
mock_cookie = self.mox.CreateMockAnything()
mock_auth1 = self.mox.CreateMockAnything()
self.stubs.Set(gaeserver.os, 'environ', mock_environ)
self.mox.StubOutWithMock(gaeserver.Cookie, 'SimpleCookie', True)
self.mox.StubOutWithMock(gaeserver, 'AuthSimianServer', True)
# 0: fake_noauth=True, nothing to mock
# test 1: missing cookie
mock_environ.get('HTTP_COOKIE', None).AndReturn(None)
# test 2: cookie is malformed
mock_environ.get('HTTP_COOKIE', None).AndReturn(cookie_str)
gaeserver.Cookie.SimpleCookie().AndReturn(mock_cookie)
mock_cookie.load(cookie_str).AndRaise(TypeError)
# test 3: cookie exists, but isn't ours
mock_environ.get('HTTP_COOKIE', None).AndReturn(cookie_str)
gaeserver.Cookie.SimpleCookie().AndReturn(mock_cookie)
mock_cookie.load(cookie_str).AndRaise(gaeserver.Cookie.CookieError)
# test 4: cookie exists, is ours, but token isn't authenticated
mock_environ.get('HTTP_COOKIE', None).AndReturn(cookie_str)
gaeserver.Cookie.SimpleCookie().AndReturn(mock_cookie)
mock_cookie.load(cookie_str).AndReturn(None)
mock_cookie.__contains__(
gaeserver.auth.AUTH_TOKEN_COOKIE).AndReturn(False)
# test 5: GetSessionIfAuthOK() returns false, bad token
mock_environ.get('HTTP_COOKIE', None).AndReturn(cookie_str)
gaeserver.Cookie.SimpleCookie().AndReturn(mock_cookie)
mock_cookie.load(cookie_str).AndReturn(None)
mock_cookie.__contains__(
gaeserver.auth.AUTH_TOKEN_COOKIE).AndReturn(True)
mock_cookie.__getitem__(
gaeserver.auth.AUTH_TOKEN_COOKIE).AndReturn(mock_valobj)
gaeserver.AuthSimianServer().AndReturn(mock_auth1)
mock_cookie.__getitem__(
gaeserver.auth.AUTH_TOKEN_COOKIE).AndReturn(mock_valobj)
mock_auth1.GetSessionIfAuthOK(token, gaeserver.LEVEL_BASE).AndRaise(
gaeserver.base.AuthSessionError)
# 6: test all success!
mock_environ.get('HTTP_COOKIE', None).AndReturn(cookie_str)
gaeserver.Cookie.SimpleCookie().AndReturn(mock_cookie)
mock_cookie.load(cookie_str).AndReturn(None)
mock_cookie.__contains__(
gaeserver.auth.AUTH_TOKEN_COOKIE).AndReturn(True)
mock_cookie.__getitem__(
gaeserver.auth.AUTH_TOKEN_COOKIE).AndReturn(mock_valobj)
gaeserver.AuthSimianServer().AndReturn(mock_auth1)
mock_cookie.__getitem__(
gaeserver.auth.AUTH_TOKEN_COOKIE).AndReturn(mock_valobj)
mock_auth1.GetSessionIfAuthOK(token, level).AndReturn(mock_session)
self.mox.ReplayAll()
self.assertRaises(
gaeserver.NotAuthenticated,
gaeserver.DoMunkiAuth, fake_noauth=True) # 0
self.assertRaises(gaeserver.NotAuthenticated, gaeserver.DoMunkiAuth) # 1
self.assertRaises(gaeserver.NotAuthenticated, gaeserver.DoMunkiAuth) # 2
self.assertRaises(gaeserver.NotAuthenticated, gaeserver.DoMunkiAuth) # 3
self.assertRaises(gaeserver.NotAuthenticated, gaeserver.DoMunkiAuth) # 4
self.assertRaises(gaeserver.NotAuthenticated, gaeserver.DoMunkiAuth) # 5
session = gaeserver.DoMunkiAuth(require_level=level) # 6
self.assertEqual(uuid, session.uuid) # 6
self.mox.VerifyAll()
def setUp(self): mox.MoxTestBase.setUp(self) self.stubs = stubout.StubOutForTesting() self.aps = gaeserver.AuthSimianServer()
