def test_getChild(self):
"""
L{_HostResource.getChild} returns the proper I{Resource} for the vhost
embedded in the URL. Verify that returning the proper I{Resource}
required changing the I{Host} in the header.
"""
bazroot = Data(b"root data", "")
bazuri = Data(b"uri data", "")
baztest = Data(b"test data", "")
bazuri.putChild(b"test", baztest)
bazroot.putChild(b"uri", bazuri)
hr = _HostResource()
root = NameVirtualHost()
root.default = Data(b"default data", "")
root.addHost(b"baz.com", bazroot)
request = DummyRequest([b"uri", b"test"])
request.prepath = [b"bar", b"http", b"baz.com"]
request.site = Site(root)
request.isSecure = lambda: False
request.host = b""
step = hr.getChild(b"baz.com", request) # Consumes rest of path
self.assertIsInstance(step, Data)
request = DummyRequest([b"uri", b"test"])
step = root.getChild(b"uri", request)
self.assertIsInstance(step, NoResource)
def setUp(self):
self.agent = None # for twisted.web.client.Agent test
self.cleanupServerConnections = 0
r = resource.Resource()
r.putChild(b"file", Data(b"0123456789", "text/html"))
r.putChild(b"redirect", Redirect(b"/file"))
self.infiniteRedirectResource = CountingRedirect(b"/infiniteRedirect")
r.putChild(b"infiniteRedirect", self.infiniteRedirectResource)
r.putChild(b"wait", ForeverTakingResource())
r.putChild(b"write-then-wait", ForeverTakingResource(write=True))
r.putChild(b"never-read", ForeverTakingNoReadingResource())
r.putChild(b"error", ErrorResource())
r.putChild(b"nolength", NoLengthResource())
r.putChild(b"host", HostHeaderResource())
r.putChild(b"payload", PayloadResource())
r.putChild(b"broken", BrokenDownloadResource())
r.putChild(b"cookiemirror", CookieMirrorResource())
r.putChild(b'delay1', DelayResource(1))
r.putChild(b'delay2', DelayResource(2))
self.afterFoundGetCounter = CountingResource()
r.putChild(b"afterFoundGetCounter", self.afterFoundGetCounter)
r.putChild(b"afterFoundGetRedirect", Redirect(b"/afterFoundGetCounter"))
miscasedHead = Data(b"miscased-head GET response content", "major/minor")
miscasedHead.render_Head = lambda request: b"miscased-head content"
r.putChild(b"miscased-head", miscasedHead)
self.extendedRedirect = ExtendedRedirect(b'/extendedRedirect')
r.putChild(b"extendedRedirect", self.extendedRedirect)
self.site = server.Site(r, timeout=None)
self.wrapper = WrappingFactory(self.site)
self.port = self._listen(self.wrapper)
self.portno = self.port.getHost().port
def setUp(self):
root = Data(b'El toro!', 'text/plain')
root.putChild(b"cookiemirror", CookieMirrorResource())
root.putChild(b"rawcookiemirror", RawCookieMirrorResource())
site = server.Site(root, timeout=None)
self.port = self._listen(site)
self.portno = self.port.getHost().port
def setUp(self):
self.agent = None # for twisted.web.client.Agent test
self.cleanupServerConnections = 0
r = resource.Resource()
r.putChild(b"file", Data(b"0123456789", "text/html"))
r.putChild(b"redirect", Redirect(b"/file"))
self.infiniteRedirectResource = CountingRedirect(b"/infiniteRedirect")
r.putChild(b"infiniteRedirect", self.infiniteRedirectResource)
r.putChild(b"wait", ForeverTakingResource())
r.putChild(b"write-then-wait", ForeverTakingResource(write=True))
r.putChild(b"never-read", ForeverTakingNoReadingResource())
r.putChild(b"error", ErrorResource())
r.putChild(b"nolength", NoLengthResource())
r.putChild(b"host", HostHeaderResource())
r.putChild(b"payload", PayloadResource())
r.putChild(b"broken", BrokenDownloadResource())
r.putChild(b"cookiemirror", CookieMirrorResource())
r.putChild(b'delay1', DelayResource(1))
r.putChild(b'delay2', DelayResource(2))
self.afterFoundGetCounter = CountingResource()
r.putChild(b"afterFoundGetCounter", self.afterFoundGetCounter)
r.putChild(b"afterFoundGetRedirect", Redirect(b"/afterFoundGetCounter"))
miscasedHead = Data(b"miscased-head GET response content", "major/minor")
miscasedHead.render_Head = lambda request: b"miscased-head content"
r.putChild(b"miscased-head", miscasedHead)
self.extendedRedirect = ExtendedRedirect(b'/extendedRedirect')
r.putChild(b"extendedRedirect", self.extendedRedirect)
self.site = server.Site(r, timeout=None)
self.wrapper = WrappingFactory(self.site)
self.port = self._listen(self.wrapper)
self.portno = self.port.getHost().port
def test_getChild(self):
"""
L{NameVirtualHost.getChild} returns correct I{Resource} based off
the header and modifies I{Request} to ensure proper prepath and
postpath are set.
"""
virtualHostResource = NameVirtualHost()
leafResource = Data(b"leaf data", "")
leafResource.isLeaf = True
normResource = Data(b"norm data", "")
virtualHostResource.addHost(b"leaf.example.org", leafResource)
virtualHostResource.addHost(b"norm.example.org", normResource)
request = DummyRequest([])
request.requestHeaders.addRawHeader(b"host", b"norm.example.org")
request.prepath = [b""]
self.assertIsInstance(virtualHostResource.getChild(b"", request),
NoResource)
self.assertEqual(request.prepath, [b""])
self.assertEqual(request.postpath, [])
request = DummyRequest([])
request.requestHeaders.addRawHeader(b"host", b"leaf.example.org")
request.prepath = [b""]
self.assertIsInstance(virtualHostResource.getChild(b"", request), Data)
self.assertEqual(request.prepath, [])
self.assertEqual(request.postpath, [b""])
def test_getChild(self):
"""
L{NameVirtualHost.getChild} returns correct I{Resource} based off
the header and modifies I{Request} to ensure proper prepath and
postpath are set.
"""
virtualHostResource = NameVirtualHost()
leafResource = Data(b"leaf data", "")
leafResource.isLeaf = True
normResource = Data(b"norm data", "")
virtualHostResource.addHost(b'leaf.example.org', leafResource)
virtualHostResource.addHost(b'norm.example.org', normResource)
request = DummyRequest([])
request.requestHeaders.addRawHeader(b'host', b'norm.example.org')
request.prepath = [b'']
self.assertIsInstance(virtualHostResource.getChild(b'', request),
NoResource)
self.assertEqual(request.prepath, [b''])
self.assertEqual(request.postpath, [])
request = DummyRequest([])
request.requestHeaders.addRawHeader(b'host', b'leaf.example.org')
request.prepath = [b'']
self.assertIsInstance(virtualHostResource.getChild(b'', request),
Data)
self.assertEqual(request.prepath, [])
self.assertEqual(request.postpath, [b''])
def get_client_resource(self, configuration):
"""
:return: A static data resource that produces the given configuration when
rendered, as an aid to testing.
"""
items = configuration.items(self._client_section_name, [])
resource = Data(
dumps(dict(items)),
b"text/json",
)
# Give it some dynamic stuff too.
resource.putChild(b"counter", GetCounter())
return resource
def test_resource_tree(self):
"""
The agent should traverse the resource tree correctly
"""
class R(Resource):
def __init__(self, response):
Resource.__init__(self)
self._response = response
def render_GET(self, request):
return self._response
a = Data('a', 'text/plain')
c = Data('c', 'text/plain')
a.putChild('b', Data('b', 'text/plain'))
a.putChild('c', c)
c.putChild('d', Data('d', 'text/plain'))
agent = self.getAgent(a)
# are these assertions correct?
yield self.assertBody(agent, 'a', 'GET', 'http://example.com')
yield self.assertBody(agent, 'a', 'GET', 'http://example.com/')
yield self.assertBody(agent, 'b', 'GET', 'http://example.com/b')
yield self.assertBody(agent, 'c', 'GET', 'http://example.com/c')
yield self.assertBody(agent, 'd', 'GET', 'http://example.com/c/d')
def get_provider_factory():
"""
Instantiates a Site that serves the resources
that we expect from a valid provider.
Listens on:
* port 8000 for http connections
* port 8443 for https connections
:rparam: factory for a site
:rtype: Site instance
"""
root = Data("", "")
root.putChild("", root)
root.putChild("provider.json",
FileModified(os.path.join(_here, "test_provider.json")))
config = Resource()
config.putChild("eip-service.json",
FileModified(os.path.join(_here, "eip-service.json")))
apiv1 = Resource()
apiv1.putChild("config", config)
apiv1.putChild("sessions", API_Sessions())
apiv1.putChild("users", FakeUsers(None))
apiv1.putChild("cert", FileModified(os.path.join(_here, 'openvpn.pem')))
root.putChild("1", apiv1)
factory = Site(root)
return factory
def setUp(self):
self.username = b'foo bar'
self.password = b'bar baz'
self.avatarContent = b"contents of the avatar resource itself"
self.childName = b"foo-child"
self.childContent = b"contents of the foo child of the avatar"
self.checker = InMemoryUsernamePasswordDatabaseDontUse()
self.checker.addUser(self.username, self.password)
self.avatar = Data(self.avatarContent, 'text/plain')
self.avatar.putChild(self.childName,
Data(self.childContent, 'text/plain'))
self.avatars = {self.username: self.avatar}
self.realm = Realm(self.avatars.get)
self.portal = portal.Portal(self.realm, [self.checker])
self.wrapper = SoledadSession(self.portal)
def start_responding(self, server_name, challenge, response):
"""
Add the child resource.
"""
self.resource.putChild(
challenge.encode('token').encode('utf-8'),
Data(response.key_authorization.encode('utf-8'), 'text/plain'))
def getChild(self, path, request):
try:
paste = Paste.findByName(self._store, path.decode('ascii'))
except ItemNotFound:
return NoResource('No such paste')
else:
return Data(paste.toJSON(), 'application/json')
def test_trpProcessor(self):
"""
The I{--path} option creates a root resource which serves the
pickled resource out of any child with the C{".rpy"} extension.
"""
path, root = self._pathOption()
path.child("foo.trp").setContent(pickle.dumps(Data("foo", "bar")))
child = root.getChild("foo.trp", None)
self.assertIsInstance(child, Data)
self.assertEqual(child.data, 'foo')
self.assertEqual(child.type, 'bar')
warnings = self.flushWarnings()
# If the trp module hadn't been imported before this test ran, there
# will be two deprecation warnings; one for the module, one for the
# function. If the module has already been imported, the
# module-scope deprecation won't be emitted again.
if len(warnings) == 2:
self.assertEqual(warnings[0]['category'], DeprecationWarning)
self.assertEqual(
warnings[0]['message'],
"twisted.web.trp is deprecated as of Twisted 9.0. Resource "
"persistence is beyond the scope of Twisted Web.")
warning = warnings[1]
else:
warning = warnings[0]
self.assertEqual(warning['category'], DeprecationWarning)
self.assertEqual(
warning['message'],
"twisted.web.trp.ResourceUnpickler is deprecated as of Twisted "
"9.0. Resource persistence is beyond the scope of Twisted Web.")
def test_renderWithHost(self):
"""
L{NameVirtualHost.render} returns the result of rendering the resource
which is the value in the instance's C{host} dictionary corresponding
to the key indicated by the value of the I{Host} header in the request.
"""
virtualHostResource = NameVirtualHost()
virtualHostResource.addHost('example.org', Data("winner", ""))
request = DummyRequest([''])
request.headers['host'] = 'example.org'
d = _render(virtualHostResource, request)
def cbRendered(ignored, request):
self.assertEqual(''.join(request.written), "winner")
d.addCallback(cbRendered, request)
# The port portion of the Host header should not be considered.
requestWithPort = DummyRequest([''])
requestWithPort.headers['host'] = 'example.org:8000'
dWithPort = _render(virtualHostResource, requestWithPort)
def cbRendered(ignored, requestWithPort):
self.assertEqual(''.join(requestWithPort.written), "winner")
dWithPort.addCallback(cbRendered, requestWithPort)
return gatherResults([d, dWithPort])
def test_http(self):
"""
When connecting to a HTTP server, a PB connection times
out.
"""
result = Deferred()
site = Site(Data("", "text/plain"))
client = HangCheckFactory(PBClientFactory(),
lambda: result.callback(None))
self.patch(HangCheckProtocol, '_HUNG_CONNECTION_TIMEOUT', 0.1)
connected_server_and_client(
self,
site,
client,
)
timer = reactor.callLater(2, result.cancel)
result.addCallback(lambda _: timer.cancel())
def check_for_timeout(reason):
reason.trap(CancelledError)
raise Exception("Didn't not hangup")
result.addErrback(check_for_timeout)
return result
def test_http(self):
"""
When connecting to a HTTP server, a PB connection times
out.
"""
result = defer.Deferred()
site = Site(Data("", "text/plain"))
client = HangCheckFactory(
PBClientFactory(), lambda: result.callback(None))
self.patch(HangCheckProtocol, '_HUNG_CONNECTION_TIMEOUT', 0.1)
d_connected = connected_server_and_client(
self, site, client,
)
def cancel_all():
result.cancel()
d_connected.cancel()
timer = reactor.callLater(2, cancel_all)
try:
yield result
except defer.CancelledError:
raise Exception('Timeout did not happen')
finally:
d_connected.cancel()
timer.cancel()
def magic_folder_uri_hierarchy_from_magic_folder_json(
folders,
collective_dircap,
collective_json,
upload_dircap,
upload_json,
token,
):
upload = Data(
dumps(upload_json),
b"text/plain",
)
collective = Data(
dumps(collective_json),
b"text/plain",
)
uri = Resource()
uri.putChild(
upload_dircap,
upload,
)
uri.putChild(
cap_from_string(
upload_dircap.encode("ascii")).get_readonly().to_string(),
upload,
)
uri.putChild(
collective_dircap,
collective,
)
api = MagicFolderWebApi(
get_magic_folder=lambda name: folders[name.decode("utf-8")],
get_auth_token=lambda: token,
)
root = Resource()
# Unfortunately the following two resource hierarchies should live at
# different servers. However, we lack multi-server support in our web
# testing library. So, they live side-by-side. I hope that if the
# implementation mistakenly sends requests to the wrong server it will be
# blindingly obvious and this test shortcoming will not hurt us much.
root.putChild(b"uri", uri)
root.putChild(b"api", api)
return root
def go(self, reactor):
data = Data("Hello world\n", "text/plain")
data.putChild("", data)
factory = Site(data)
# TODO: adoptStreamConnection should really support AF_UNIX
protocol = ConnectionFromManager(reactor, factory)
skt = fromfd(MAGIC_FILE_DESCRIPTOR, AF_UNIX, SOCK_STREAM)
os.close(MAGIC_FILE_DESCRIPTOR)
serverTransport = UNIXServer(skt, protocol, None, None, 1234, reactor)
protocol.makeConnection(serverTransport)
serverTransport.startReading()
globalLogBeginner.beginLoggingTo([protocol.sendLog])
factory.doStart()
return Deferred()
def getChild(self, path, request):
try:
paste = Paste.findByName(self.store, path.decode('ascii'))
except ItemNotFound:
return NoResource('No such paste')
else:
return Data(paste.content.encode('utf-8'),
'text/plain; charset=UTF-8')
def get_provider_factory():
"""
Instantiates a Site that serves the resources
that we expect from a valid provider.
Listens on:
* port 8000 for http connections
* port 8443 for https connections
:rparam: factory for a site
:rtype: Site instance
"""
root = Data("", "")
root.putChild("", root)
root.putChild("provider.json", FileModified(
os.path.join(_here,
"test_provider.json")))
config = Resource()
config.putChild(
"eip-service.json",
FileModified(
os.path.join(_here, "eip-service.json")))
apiv1 = Resource()
apiv1.putChild("config", config)
apiv1.putChild("sessions", API_Sessions())
apiv1.putChild("users", FakeUsers(None))
apiv1.putChild("cert", FileModified(
os.path.join(_here,
'openvpn.pem')))
root.putChild("1", apiv1)
factory = Site(root)
return factory
def init_app(self, app, workerid):
# do your imports *here*
from twisted.web.static import Data
from twoost.httprpc import DumbRPCResource, XMLRPCResource
from demoapp.webres import SlowHelloWorldResource
from demoapp.webapi import WebAPIService
# our webapi-worker hasn't direct access to DB
# it only validates data & send it to our amqp
amqps = build_amqps(app, ['default'])
webapi_service = attach_service(app, WebAPIService(
queue_event_callback=amqps['default'].makeSender(
# routing_key_fn=lambda msg: msg['some_field'],
exchange='new_event',
),
# we can use various callbacks here
# `amqps.makeSender(...)` - send message via AMQP
# `partial(proxy.remoteCall, 'method-name')` - execute RPC
# `other_service.method_name` - direct access...
# `partial(logger.info, "msg: %r")` -- just log
# `lambda _: None` -- skip at all...
))
# RPC fn = any function, which CAN return Deferred
rpc_methods = {
'version': lambda: __version__,
'new_event': webapi_service.new_event,
}
restree = {
'demoapp': {
None: Data("twoost demoapp. <a href='/demoapp/'>Hello</a>.", 'text/html'),
'': SlowHelloWorldResource(),
'rpc': {
'dumbrpc': DumbRPCResource(rpc_methods),
'xmlrpc': XMLRPCResource(rpc_methods),
# TODO: add JSON-RPC ?
},
'workerid': Data(workerid, "text/plain"),
},
}
build_web(app, restree)
def test_authorized(self, auth_token, child_segments, content):
"""
If the correct bearer token is not given in the **Authorization** header
of the request then the response code is UNAUTHORIZED.
:param bytes auth_token: A bearer token which, when presented, should
authorize access to the resource.
:param [unicode] child_segments: Additional path segments to add to the
request path beneath **v1**.
:param bytes content: The bytes we expect to see on a successful
request.
"""
def get_auth_token():
return auth_token
# Since we don't want to exercise any real magic-folder application
# logic we'll just magic up the child resource being requested.
branch = Data(
content,
b"application/binary",
)
segments_remaining = child_segments[:]
while segments_remaining:
name = segments_remaining.pop()
resource = Resource()
resource.putChild(name.encode("utf-8"), branch)
branch = resource
root = magic_folder_resource(
get_auth_token,
v1_resource=branch,
)
treq = StubTreq(root)
url = DecodedURL.from_text(u"http://example.invalid./v1").child(
*child_segments)
encoded_url = url_to_bytes(url)
# A request with no token at all or the wrong token should receive an
# unauthorized response.
headers = {
b"Authorization": u"Bearer {}".format(auth_token).encode("ascii"),
}
self.assertThat(
treq.get(
encoded_url,
headers=headers,
),
succeeded(
matches_response(
code_matcher=Equals(OK),
body_matcher=Equals(content),
), ),
)
def _get_index_content(self):
ns = {}
for attribute in [
'codecs', 'mime-type', 'width', 'height', 'stream-url'
]:
ns[attribute] = self._properties[attribute]
content = HTML5TEMPLATE % ns
return Data(content, 'text/html')
def test_renderWithoutHost(self):
"""
L{NameVirtualHost.render} returns the result of rendering the
instance's C{default} if it is not C{None} and there is no I{Host}
header in the request.
"""
virtualHostResource = NameVirtualHost()
virtualHostResource.default = Data("correct result", "")
request = DummyRequest([''])
self.assertEqual(virtualHostResource.render(request), "correct result")
def setUp(self):
"""
Create a realm, portal, and L{HTTPAuthSessionWrapper} to use in the tests.
"""
self.username = b'foo bar'
self.password = b'bar baz'
self.avatarContent = b"contents of the avatar resource itself"
self.childName = b"foo-child"
self.childContent = b"contents of the foo child of the avatar"
self.checker = InMemoryUsernamePasswordDatabaseDontUse()
self.checker.addUser(self.username, self.password)
self.avatar = Data(self.avatarContent, 'text/plain')
self.avatar.putChild(self.childName,
Data(self.childContent, 'text/plain'))
self.avatars = {self.username: self.avatar}
self.realm = Realm(self.avatars.get)
self.portal = portal.Portal(self.realm, [self.checker])
self.credentialFactories = []
self.wrapper = HTTPAuthSessionWrapper(self.portal,
self.credentialFactories)
async def listen(self, private_key_path: FilePath, cert_path: FilePath):
"""
Context manager that runs a HTTPS server with the given private key
and certificate.
Returns a URL that will connect to the server.
"""
location_hint, endpoint_string = self._port_assigner.assign(reactor)
underlying_endpoint = serverFromString(reactor, endpoint_string)
endpoint = _TLSEndpointWrapper.from_paths(underlying_endpoint,
private_key_path, cert_path)
root = Data(b"YOYODYNE", "text/plain")
root.isLeaf = True
listening_port = await endpoint.listen(Site(root))
try:
yield f"https://127.0.0.1:{listening_port.getHost().port}/"
finally:
await listening_port.stopListening()
# Make sure all server connections are closed :( No idea why this
# is necessary when it's not for IStorageServer HTTPS tests.
await deferLater(reactor, 0.01)
def test_makePersonalServerFactory(self):
"""
L{makePersonalServerFactory} returns a PB server factory which has
as its root object a L{ResourcePublisher}.
"""
# The fact that this pile of objects can actually be used somehow is
# verified by twisted.web.test.test_distrib.
site = Site(Data(b"foo bar", "text/plain"))
serverFactory = makePersonalServerFactory(site)
self.assertIsInstance(serverFactory, PBServerFactory)
self.assertIsInstance(serverFactory.root, ResourcePublisher)
self.assertIdentical(serverFactory.root.site, site)
def setUp(self):
plainRoot = Data(b'not me', 'text/plain')
tlsRoot = Data(b'me neither', 'text/plain')
plainSite = server.Site(plainRoot, timeout=None)
tlsSite = server.Site(tlsRoot, timeout=None)
self.tlsPort = reactor.listenSSL(
0, tlsSite,
contextFactory=ssl.DefaultOpenSSLContextFactory(
serverPEMPath, serverPEMPath),
interface="127.0.0.1")
self.plainPort = reactor.listenTCP(0, plainSite, interface="127.0.0.1")
self.plainPortno = self.plainPort.getHost().port
self.tlsPortno = self.tlsPort.getHost().port
plainRoot.putChild(b'one', Redirect(self.getHTTPS('two')))
tlsRoot.putChild(b'two', Redirect(self.getHTTP('three')))
plainRoot.putChild(b'three', Redirect(self.getHTTPS('four')))
tlsRoot.putChild(b'four', Data(b'FOUND IT!', 'text/plain'))
def setUp(self):
market_factory = WebSocketServerFactory(
'ws://localhost:8080/market_stream')
user_factory = WebSocketServerFactory(
'ws://localhost:8080/user_stream')
market_factory.protocol = MarketStreamServerProtocol
user_factory.protocol = UserStreamServerProtocol
market_factory.startFactory()
user_factory.startFactory()
root = Data('', 'text/plain')
root.putChild(b'market_stream', WebSocketResource(market_factory))
root.putChild(b'user_stream', WebSocketResource(user_factory))
site = Site(root)
reactor.listenTCP(8080, site)
def run_server():
reactor.run(installSignalHandlers=False)
Thread(target=run_server).start()
def run_client():
from examples import simple_trading
self.client_process = Process(target=run_client)
self.client_process.start()
def test_getChild(self):
"""
L{_HostResource.getChild} returns the proper I{Resource} for the vhost
embedded in the URL. Verify that returning the proper I{Resource}
required changing the I{Host} in the header.
"""
bazroot = Data(b'root data', "")
bazuri = Data(b'uri data', "")
baztest = Data(b'test data', "")
bazuri.putChild(b'test', baztest)
bazroot.putChild(b'uri', bazuri)
hr = _HostResource()
root = NameVirtualHost()
root.default = Data(b'default data', "")
root.addHost(b'baz.com', bazroot)
request = DummyRequest([b'uri', b'test'])
request.prepath = [b'bar', b'http', b'baz.com']
request.site = Site(root)
request.isSecure = lambda: False
request.host = b''
step = hr.getChild(b'baz.com', request) # Consumes rest of path
self.assertIsInstance(step, Data)
request = DummyRequest([b'uri', b'test'])
step = root.getChild(b'uri', request)
self.assertIsInstance(step, NoResource)
def setUp(self):
root = Data(b'El toro!', 'text/plain')
root.putChild(b"cookiemirror", CookieMirrorResource())
root.putChild(b"rawcookiemirror", RawCookieMirrorResource())
site = server.Site(root, timeout=None)
self.port = self._listen(site)
self.portno = self.port.getHost().port
def setUp(self):
self.avatar_content = b"avatar content"
self.child_content = b"child content"
self.grandchild_content = b"grandchild content"
grandchild = Data(self.grandchild_content, b"text/plain")
child = Data(self.child_content, b"text/plain")
child.putChild(b"grandchild", grandchild)
self.avatar = Data(self.avatar_content, b"text/plain")
self.avatar.putChild(b"child", child)
self.realm = OneIResourceAvatarRealm(self.avatar)
self.portal = Portal(
self.realm,
[AllowAnonymousAccess()],
)
self.guard = HTTPAuthSessionWrapper(
self.portal,
[BasicCredentialFactory("example.com")],
)
def _get_index_content(self):
html_template = self._get_template_filename()
ns = {}
ns['has-audio'] = _htmlbool(self._properties['has-audio'])
ns['has-video'] = _htmlbool(self._properties['has-video'])
for attribute in [
'codebase', 'width', 'height', 'stream-url', 'buffer-size'
]:
ns[attribute] = self._properties[attribute]
data = open(html_template, 'r').read()
content = data % ns
return Data(content, 'text/html')
def configuration(stripe_publishable_api_key):
"""
Create a ``Resource`` which serves up simple configuration used by
JavaScript on the website.
"""
return Data(
dumps({
# Stripe publishable key identifies a Stripe account in
# API uses. It's safe to share and required by the
# JavaScript Stripe client API.
u"stripe-publishable-api-key": stripe_publishable_api_key,
}),
b"application/json",
)
def setUp(self):
self.username = b'foo bar'
self.password = b'bar baz'
self.avatarContent = b"contents of the avatar resource itself"
self.childName = b"foo-child"
self.childContent = b"contents of the foo child of the avatar"
self.checker = InMemoryUsernamePasswordDatabaseDontUse()
self.checker.addUser(self.username, self.password)
self.avatar = Data(self.avatarContent, 'text/plain')
self.avatar.putChild(
self.childName, Data(self.childContent, 'text/plain'))
self.avatars = {self.username: self.avatar}
self.realm = Realm(self.avatars.get)
self.portal = portal.Portal(self.realm, [self.checker])
self.wrapper = SoledadSession(self.portal)
def start():
log.startLogging(sys.stdout)
fileFactory = WebSocketServerFactory()
fileFactory.protocol = GetFiles
fileFactory.startFactory()
fResource = WebSocketResource(fileFactory)
textFactory = WebSocketServerFactory()
textFactory.protocol = GetText
textFactory.startFactory()
gResource = WebSocketResource(textFactory)
submitTextFactory = WebSocketServerFactory()
submitTextFactory.protocol = SubmitText
submitTextFactory.startFactory()
sResource = WebSocketResource(submitTextFactory)
AudioFactory = WebSocketServerFactory()
AudioFactory.protocol = Audio
AudioFactory.startFactory()
aResource = WebSocketResource(AudioFactory)
# Establish a dummy root resource
root = Data("", "text/plain")
root.putChild(b"gettext", gResource)
root.putChild(b"submittext", sResource)
root.putChild(b"getfiles", fResource)
root.putChild(b"audio", aResource)
# both under one Twisted Web Site
site = Site(root)
reactor.listenTCP(9000, site)
reactor.run()
def test_renderWithUnknownHost(self):
"""
L{NameVirtualHost.render} returns the result of rendering the
instance's C{default} if it is not C{None} and there is no host
matching the value of the I{Host} header in the request.
"""
virtualHostResource = NameVirtualHost()
virtualHostResource.default = Data("correct data", "")
request = DummyRequest([''])
request.headers['host'] = 'example.com'
d = _render(virtualHostResource, request)
def cbRendered(ignored):
self.assertEqual(''.join(request.written), "correct data")
d.addCallback(cbRendered)
return d
def test_some_zones(self):
agent = RequestTraversalAgent(
static_resource({
b"2013-04-01": {
b"hostedzone":
Data(
sample_list_hosted_zones_result.xml,
b"text/xml",
),
},
}))
aws = AWSServiceRegion(access_key="abc", secret_key="def")
client = get_route53_client(agent, aws, uncooperator())
zones = self.successResultOf(client.list_hosted_zones())
expected = [HostedZone(**sample_list_hosted_zones_result.details)]
self.assertEquals(expected, zones)
def _client_for_rrsets(self, zone_id, rrsets_xml):
agent = RequestTraversalAgent(
static_resource({
b"2013-04-01": {
b"hostedzone": {
zone_id: {
b"rrset": Data(
rrsets_xml,
b"text/xml",
)
}
}
}
}))
aws = AWSServiceRegion(access_key="abc", secret_key="def")
return get_route53_client(agent, aws, uncooperator())
def setUp(self):
"""
Create a realm, portal, and L{HTTPAuthSessionWrapper} to use in the tests.
"""
self.username = '******'
self.password = '******'
self.avatarContent = "contents of the avatar resource itself"
self.childName = "foo-child"
self.childContent = "contents of the foo child of the avatar"
self.checker = InMemoryUsernamePasswordDatabaseDontUse()
self.checker.addUser(self.username, self.password)
self.avatar = Data(self.avatarContent, 'text/plain')
self.avatar.putChild(
self.childName, Data(self.childContent, 'text/plain'))
self.avatars = {self.username: self.avatar}
self.realm = Realm(self.avatars.get)
self.portal = portal.Portal(self.realm, [self.checker])
self.credentialFactories = []
self.wrapper = HTTPAuthSessionWrapper(
self.portal, self.credentialFactories)
def makeResource(expected):
resource = Data(expected, b"text/plain")
intermediate = Data(b"incorrect intermediate", b"text/plain")
intermediate.putChild(b"child", resource)
return DeferredResource(succeed(intermediate))
def render_POST(self, request):
self.posted += (request.content.read(),)
return Data.render_GET(self, request)
self.sendClose()
if __name__ == '__main__':
if len(sys.argv) > 1 and sys.argv[1] == 'debug':
log.startLogging(sys.stdout)
debug = True
else:
debug = False
factorySave = WebSocketServerFactory("ws://localhost:{0}".format(LOCAL_PROXY_PORT), debug = debug)
factorySave.protocol = RemoteControlSaveProtocol
resourceSave = WebSocketResource(factorySave)
factoryLoad = WebSocketServerFactory("ws://localhost:{0}".format(LOCAL_PROXY_PORT), debug = debug)
factoryLoad.protocol = RemoteControlLoadProtocol
resourceLoad = WebSocketResource(factoryLoad)
# Establish a dummy root resource
root = Data("", "text/plain")
# and our WebSocket servers under different paths ..
root.putChild("save", resourceSave)
root.putChild("load", resourceLoad)
# both under one Twisted Web Site
site = Site(root)
reactor.listenTCP(LOCAL_PROXY_PORT, site)
reactor.run()
class GuardTests(TestCase):
"""
Tests for interaction with L{twisted.web.guard}.
"""
def setUp(self):
self.avatar_content = b"avatar content"
self.child_content = b"child content"
self.grandchild_content = b"grandchild content"
grandchild = Data(self.grandchild_content, b"text/plain")
child = Data(self.child_content, b"text/plain")
child.putChild(b"grandchild", grandchild)
self.avatar = Data(self.avatar_content, b"text/plain")
self.avatar.putChild(b"child", child)
self.realm = OneIResourceAvatarRealm(self.avatar)
self.portal = Portal(
self.realm,
[AllowAnonymousAccess()],
)
self.guard = HTTPAuthSessionWrapper(
self.portal,
[BasicCredentialFactory("example.com")],
)
def test_avatar(self):
"""
A request for exactly the guarded resource results in the avatar returned
by cred.
"""
root = Page()
root.child_guarded = self.guard
actual = self.successResultOf(
renderResourceReturnTransport(
root,
b"/guarded",
b"GET",
),
)
self.assertIn(self.avatar_content, actual)
def test_child(self):
"""
A request for a direct child of the guarded resource results in that child
of the avatar returned by cred.
"""
root = Page()
root.child_guarded = self.guard
actual = self.successResultOf(
renderResourceReturnTransport(
root,
b"/guarded/child",
b"GET",
),
)
self.assertIn(self.child_content, actual)
def test_grandchild(self):
"""
A request for a grandchild of the guarded resource results in that
grandchild of the avatar returned by cred.
Ideally this test would be redundant with L{test_child} but the
implementation of L{IResource} support results in different codepaths
for the 1st descendant vs the Nth descendant.
"""
root = Page()
root.child_guarded = self.guard
actual = self.successResultOf(
renderResourceReturnTransport(
root,
b"/guarded/child/grandchild",
b"GET",
),
)
self.assertIn(self.grandchild_content, actual)
class HTTPAuthHeaderTests(unittest.TestCase):
"""
Tests for L{HTTPAuthSessionWrapper}.
"""
makeRequest = DummyRequest
def setUp(self):
"""
Create a realm, portal, and L{HTTPAuthSessionWrapper} to use in the tests.
"""
self.username = '******'
self.password = '******'
self.avatarContent = "contents of the avatar resource itself"
self.childName = "foo-child"
self.childContent = "contents of the foo child of the avatar"
self.checker = InMemoryUsernamePasswordDatabaseDontUse()
self.checker.addUser(self.username, self.password)
self.avatar = Data(self.avatarContent, 'text/plain')
self.avatar.putChild(
self.childName, Data(self.childContent, 'text/plain'))
self.avatars = {self.username: self.avatar}
self.realm = Realm(self.avatars.get)
self.portal = portal.Portal(self.realm, [self.checker])
self.credentialFactories = []
self.wrapper = HTTPAuthSessionWrapper(
self.portal, self.credentialFactories)
def _authorizedBasicLogin(self, request):
"""
Add an I{basic authorization} header to the given request and then
dispatch it, starting from C{self.wrapper} and returning the resulting
L{IResource}.
"""
authorization = b64encode(self.username + ':' + self.password)
request.headers['authorization'] = 'Basic ' + authorization
return getChildForRequest(self.wrapper, request)
def test_getChildWithDefault(self):
"""
Resource traversal which encounters an L{HTTPAuthSessionWrapper}
results in an L{UnauthorizedResource} instance when the request does
not have the required I{Authorization} headers.
"""
request = self.makeRequest([self.childName])
child = getChildForRequest(self.wrapper, request)
d = request.notifyFinish()
def cbFinished(result):
self.assertEquals(request.responseCode, 401)
d.addCallback(cbFinished)
request.render(child)
return d
def _invalidAuthorizationTest(self, response):
"""
Create a request with the given value as the value of an
I{Authorization} header and perform resource traversal with it,
starting at C{self.wrapper}. Assert that the result is a 401 response
code. Return a L{Deferred} which fires when this is all done.
"""
self.credentialFactories.append(BasicCredentialFactory('example.com'))
request = self.makeRequest([self.childName])
request.headers['authorization'] = response
child = getChildForRequest(self.wrapper, request)
d = request.notifyFinish()
def cbFinished(result):
self.assertEqual(request.responseCode, 401)
d.addCallback(cbFinished)
request.render(child)
return d
def test_getChildWithDefaultUnauthorizedUser(self):
"""
Resource traversal which enouncters an L{HTTPAuthSessionWrapper}
results in an L{UnauthorizedResource} when the request has an
I{Authorization} header with a user which does not exist.
"""
return self._invalidAuthorizationTest('Basic ' + b64encode('foo:bar'))
def test_getChildWithDefaultUnauthorizedPassword(self):
"""
Resource traversal which enouncters an L{HTTPAuthSessionWrapper}
results in an L{UnauthorizedResource} when the request has an
I{Authorization} header with a user which exists and the wrong
password.
"""
return self._invalidAuthorizationTest(
'Basic ' + b64encode(self.username + ':bar'))
def test_getChildWithDefaultUnrecognizedScheme(self):
"""
Resource traversal which enouncters an L{HTTPAuthSessionWrapper}
results in an L{UnauthorizedResource} when the request has an
I{Authorization} header with an unrecognized scheme.
"""
return self._invalidAuthorizationTest('Quux foo bar baz')
def test_getChildWithDefaultAuthorized(self):
"""
Resource traversal which encounters an L{HTTPAuthSessionWrapper}
results in an L{IResource} which renders the L{IResource} avatar
retrieved from the portal when the request has a valid I{Authorization}
header.
"""
self.credentialFactories.append(BasicCredentialFactory('example.com'))
request = self.makeRequest([self.childName])
child = self._authorizedBasicLogin(request)
d = request.notifyFinish()
def cbFinished(ignored):
self.assertEquals(request.written, [self.childContent])
d.addCallback(cbFinished)
request.render(child)
return d
def test_renderAuthorized(self):
"""
Resource traversal which terminates at an L{HTTPAuthSessionWrapper}
and includes correct authentication headers results in the
L{IResource} avatar (not one of its children) retrieved from the
portal being rendered.
"""
self.credentialFactories.append(BasicCredentialFactory('example.com'))
# Request it exactly, not any of its children.
request = self.makeRequest([])
child = self._authorizedBasicLogin(request)
d = request.notifyFinish()
def cbFinished(ignored):
self.assertEquals(request.written, [self.avatarContent])
d.addCallback(cbFinished)
request.render(child)
return d
def test_getChallengeCalledWithRequest(self):
"""
When L{HTTPAuthSessionWrapper} finds an L{ICredentialFactory} to issue
a challenge, it calls the C{getChallenge} method with the request as an
argument.
"""
class DumbCredentialFactory(object):
implements(ICredentialFactory)
scheme = 'dumb'
def __init__(self):
self.requests = []
def getChallenge(self, request):
self.requests.append(request)
return {}
factory = DumbCredentialFactory()
self.credentialFactories.append(factory)
request = self.makeRequest([self.childName])
child = getChildForRequest(self.wrapper, request)
d = request.notifyFinish()
def cbFinished(ignored):
self.assertEqual(factory.requests, [request])
d.addCallback(cbFinished)
request.render(child)
return d
def test_logout(self):
"""
The realm's logout callback is invoked after the resource is rendered.
"""
self.credentialFactories.append(BasicCredentialFactory('example.com'))
class SlowerResource(Resource):
def render(self, request):
return NOT_DONE_YET
self.avatar.putChild(self.childName, SlowerResource())
request = self.makeRequest([self.childName])
child = self._authorizedBasicLogin(request)
request.render(child)
self.assertEqual(self.realm.loggedOut, 0)
request.finish()
self.assertEqual(self.realm.loggedOut, 1)
def test_decodeRaises(self):
"""
Resource traversal which enouncters an L{HTTPAuthSessionWrapper}
results in an L{UnauthorizedResource} when the request has a I{Basic
Authorization} header which cannot be decoded using base64.
"""
self.credentialFactories.append(BasicCredentialFactory('example.com'))
request = self.makeRequest([self.childName])
request.headers['authorization'] = 'Basic decode should fail'
child = getChildForRequest(self.wrapper, request)
self.assertIsInstance(child, UnauthorizedResource)
def test_selectParseResponse(self):
"""
L{HTTPAuthSessionWrapper._selectParseHeader} returns a two-tuple giving
the L{ICredentialFactory} to use to parse the header and a string
containing the portion of the header which remains to be parsed.
"""
basicAuthorization = 'Basic abcdef123456'
self.assertEqual(
self.wrapper._selectParseHeader(basicAuthorization),
(None, None))
factory = BasicCredentialFactory('example.com')
self.credentialFactories.append(factory)
self.assertEqual(
self.wrapper._selectParseHeader(basicAuthorization),
(factory, 'abcdef123456'))
def test_unexpectedDecodeError(self):
"""
Any unexpected exception raised by the credential factory's C{decode}
method results in a 500 response code and causes the exception to be
logged.
"""
class UnexpectedException(Exception):
pass
class BadFactory(object):
scheme = 'bad'
def getChallenge(self, client):
return {}
def decode(self, response, request):
raise UnexpectedException()
self.credentialFactories.append(BadFactory())
request = self.makeRequest([self.childName])
request.headers['authorization'] = 'Bad abc'
child = getChildForRequest(self.wrapper, request)
request.render(child)
self.assertEqual(request.responseCode, 500)
self.assertEqual(len(self.flushLoggedErrors(UnexpectedException)), 1)
def test_unexpectedLoginError(self):
"""
Any unexpected failure from L{Portal.login} results in a 500 response
code and causes the failure to be logged.
"""
class UnexpectedException(Exception):
pass
class BrokenChecker(object):
credentialInterfaces = (IUsernamePassword,)
def requestAvatarId(self, credentials):
raise UnexpectedException()
self.portal.registerChecker(BrokenChecker())
self.credentialFactories.append(BasicCredentialFactory('example.com'))
request = self.makeRequest([self.childName])
child = self._authorizedBasicLogin(request)
request.render(child)
self.assertEqual(request.responseCode, 500)
self.assertEqual(len(self.flushLoggedErrors(UnexpectedException)), 1)
def test_anonymousAccess(self):
"""
Anonymous requests are allowed if a L{Portal} has an anonymous checker
registered.
"""
unprotectedContents = "contents of the unprotected child resource"
self.avatars[ANONYMOUS] = Resource()
self.avatars[ANONYMOUS].putChild(
self.childName, Data(unprotectedContents, 'text/plain'))
self.portal.registerChecker(AllowAnonymousAccess())
self.credentialFactories.append(BasicCredentialFactory('example.com'))
request = self.makeRequest([self.childName])
child = getChildForRequest(self.wrapper, request)
d = request.notifyFinish()
def cbFinished(ignored):
self.assertEquals(request.written, [unprotectedContents])
d.addCallback(cbFinished)
request.render(child)
return d
def __init__(self, data, type, status=OK):
Data.__init__(self, data, type)
self._status = status
def render_POST(self, request):
request.setResponseCode(self._status)
self.posted += (request.content.read(),)
return Data.render_GET(self, request)
if len(sys.argv) > 1 and sys.argv[1] == 'debug':
log.startLogging(sys.stdout)
debug = True
else:
debug = False
factory1 = WebSocketServerFactory("ws://localhost:9000",
debug = debug,
debugCodePaths = debug)
factory1.protocol = Echo1ServerProtocol
resource1 = WebSocketResource(factory1)
factory2 = WebSocketServerFactory("ws://localhost:9000",
debug = debug,
debugCodePaths = debug)
factory2.protocol = Echo2ServerProtocol
resource2 = WebSocketResource(factory2)
## Establish a dummy root resource
root = Data("", "text/plain")
## and our WebSocket servers under different paths ..
root.putChild("echo1", resource1)
root.putChild("echo2", resource2)
## both under one Twisted Web Site
site = Site(root)
reactor.listenTCP(9000, site)
reactor.run()
class SoledadSessionTestCase(unittest.TestCase):
"""
Tests adapted from for
L{twisted.web.test.test_httpauth.HTTPAuthSessionWrapper}.
"""
def makeRequest(self, *args, **kwargs):
request = DummyRequest(*args, **kwargs)
request.path = '/'
return request
def setUp(self):
self.username = b'foo bar'
self.password = b'bar baz'
self.avatarContent = b"contents of the avatar resource itself"
self.childName = b"foo-child"
self.childContent = b"contents of the foo child of the avatar"
self.checker = InMemoryUsernamePasswordDatabaseDontUse()
self.checker.addUser(self.username, self.password)
self.avatar = Data(self.avatarContent, 'text/plain')
self.avatar.putChild(
self.childName, Data(self.childContent, 'text/plain'))
self.avatars = {self.username: self.avatar}
self.realm = Realm(self.avatars.get)
self.portal = portal.Portal(self.realm, [self.checker])
self.wrapper = SoledadSession(self.portal)
def _authorizedTokenLogin(self, request):
authorization = b64encode(
self.username + b':' + self.password)
request.requestHeaders.addRawHeader(b'authorization',
b'Token ' + authorization)
return getChildForRequest(self.wrapper, request)
def test_getChildWithDefault(self):
request = self.makeRequest([self.childName])
child = getChildForRequest(self.wrapper, request)
d = request.notifyFinish()
def cbFinished(result):
self.assertEqual(request.responseCode, 401)
d.addCallback(cbFinished)
request.render(child)
return d
def _invalidAuthorizationTest(self, response):
request = self.makeRequest([self.childName])
request.requestHeaders.addRawHeader(b'authorization', response)
child = getChildForRequest(self.wrapper, request)
d = request.notifyFinish()
def cbFinished(result):
self.assertEqual(request.responseCode, 401)
d.addCallback(cbFinished)
request.render(child)
return d
def test_getChildWithDefaultUnauthorizedUser(self):
return self._invalidAuthorizationTest(
b'Basic ' + b64encode(b'foo:bar'))
def test_getChildWithDefaultUnauthorizedPassword(self):
return self._invalidAuthorizationTest(
b'Basic ' + b64encode(self.username + b':bar'))
def test_getChildWithDefaultUnrecognizedScheme(self):
return self._invalidAuthorizationTest(b'Quux foo bar baz')
def test_getChildWithDefaultAuthorized(self):
request = self.makeRequest([self.childName])
child = self._authorizedTokenLogin(request)
d = request.notifyFinish()
def cbFinished(ignored):
self.assertEqual(request.written, [self.childContent])
d.addCallback(cbFinished)
request.render(child)
return d
def test_renderAuthorized(self):
# Request it exactly, not any of its children.
request = self.makeRequest([])
child = self._authorizedTokenLogin(request)
d = request.notifyFinish()
def cbFinished(ignored):
self.assertEqual(request.written, [self.avatarContent])
d.addCallback(cbFinished)
request.render(child)
return d
def test_decodeRaises(self):
request = self.makeRequest([self.childName])
request.requestHeaders.addRawHeader(b'authorization',
b'Token decode should fail')
child = getChildForRequest(self.wrapper, request)
self.assertIsInstance(child, UnauthorizedResource)
def test_parseResponse(self):
basicAuthorization = b'Basic abcdef123456'
self.assertEqual(
self.wrapper._parseHeader(basicAuthorization),
None)
tokenAuthorization = b'Token abcdef123456'
self.assertEqual(
self.wrapper._parseHeader(tokenAuthorization),
b'abcdef123456')
def test_unexpectedDecodeError(self):
class UnexpectedException(Exception):
pass
class BadFactory(object):
scheme = b'bad'
def getChallenge(self, client):
return {}
def decode(self, response, request):
print("decode raised")
raise UnexpectedException()
self.wrapper._credentialFactory = BadFactory()
request = self.makeRequest([self.childName])
request.requestHeaders.addRawHeader(b'authorization', b'Bad abc')
child = getChildForRequest(self.wrapper, request)
request.render(child)
self.assertEqual(request.responseCode, 500)
errors = self.flushLoggedErrors(UnexpectedException)
self.assertEqual(len(errors), 1)
def test_unexpectedLoginError(self):
class UnexpectedException(Exception):
pass
class BrokenChecker(object):
credentialInterfaces = (IUsernamePassword,)
def requestAvatarId(self, credentials):
raise UnexpectedException()
self.portal.registerChecker(BrokenChecker())
request = self.makeRequest([self.childName])
child = self._authorizedTokenLogin(request)
request.render(child)
self.assertEqual(request.responseCode, 500)
self.assertEqual(len(self.flushLoggedErrors(UnexpectedException)), 1)
def test_cantAccessOtherUserPathByDefault(self):
request = self.makeRequest([])
# valid url_mapper path, but for another user
request.path = '/blobs/another-user/'
child = self._authorizedTokenLogin(request)
request.render(child)
self.assertEqual(request.responseCode, 500)
