117 lines
3.8 KiB
Python
117 lines
3.8 KiB
Python
# Copyright 2017 AT&T Intellectual Property. All other rights reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
import uuid
|
|
import falcon
|
|
import sys
|
|
|
|
from drydock_provisioner.control.base import DrydockRequest
|
|
from drydock_provisioner.control.middleware import AuthMiddleware
|
|
|
|
|
|
class TestAuthMiddleware():
|
|
|
|
# the WSGI env for a request processed by keystone middleware
|
|
# with user token
|
|
ks_user_env = {
|
|
'REQUEST_METHOD': 'GET',
|
|
'SCRIPT_NAME': '/foo',
|
|
'PATH_INFO': '',
|
|
'QUERY_STRING': '',
|
|
'CONTENT_TYPE': '',
|
|
'CONTENT_LENGTH': 0,
|
|
'SERVER_NAME': 'localhost',
|
|
'SERVER_PORT': '9000',
|
|
'SERVER_PROTOCOL': 'HTTP/1.1',
|
|
'HTTP_X_IDENTITY_STATUS': 'Confirmed',
|
|
'HTTP_X_PROJECT_ID': '',
|
|
'HTTP_X_USER_ID': '',
|
|
'HTTP_X_AUTH_TOKEN': '',
|
|
'HTTP_X_ROLES': '',
|
|
'wsgi.version': (1, 0),
|
|
'wsgi.url_scheme': 'http',
|
|
'wsgi.input': sys.stdin,
|
|
'wsgi.errors': sys.stderr,
|
|
'wsgi.multithread': False,
|
|
'wsgi.multiprocess': False,
|
|
'wsgi.run_once': False,
|
|
}
|
|
|
|
# the WSGI env for a request processed by keystone middleware
|
|
# with service token
|
|
ks_service_env = {
|
|
'REQUEST_METHOD': 'GET',
|
|
'SCRIPT_NAME': '/foo',
|
|
'PATH_INFO': '',
|
|
'QUERY_STRING': '',
|
|
'CONTENT_TYPE': '',
|
|
'CONTENT_LENGTH': 0,
|
|
'SERVER_NAME': 'localhost',
|
|
'SERVER_PORT': '9000',
|
|
'SERVER_PROTOCOL': 'HTTP/1.1',
|
|
'HTTP_X_SERVICE_IDENTITY_STATUS': 'Confirmed',
|
|
'HTTP_X_SERVICE_PROJECT_ID': '',
|
|
'HTTP_X_SERVICE_USER_ID': '',
|
|
'HTTP_X_SERVICE_TOKEN': '',
|
|
'HTTP_X_ROLES': '',
|
|
'wsgi.version': (1, 0),
|
|
'wsgi.url_scheme': 'http',
|
|
'wsgi.input': sys.stdin,
|
|
'wsgi.errors': sys.stderr,
|
|
'wsgi.multithread': False,
|
|
'wsgi.multiprocess': False,
|
|
'wsgi.run_once': False,
|
|
}
|
|
|
|
def test_process_request_user(self):
|
|
''' AuthMiddleware is expected to correctly identify the headers
|
|
added to an authenticated request by keystonemiddleware in a
|
|
PasteDeploy configuration
|
|
'''
|
|
|
|
req_env = TestAuthMiddleware.ks_user_env
|
|
|
|
project_id = str(uuid.uuid4().hex)
|
|
req_env['HTTP_X_PROJECT_ID'] = project_id
|
|
user_id = str(uuid.uuid4().hex)
|
|
req_env['HTTP_X_USER_ID'] = user_id
|
|
token = str(uuid.uuid4().hex)
|
|
req_env['HTTP_X_AUTH_TOKEN'] = token
|
|
|
|
middleware = AuthMiddleware()
|
|
request = DrydockRequest(req_env)
|
|
response = falcon.Response()
|
|
|
|
middleware.process_request(request, response)
|
|
|
|
assert request.context.authenticated
|
|
assert request.context.user_id == user_id
|
|
|
|
def test_process_request_user_noauth(self):
|
|
''' AuthMiddleware is expected to correctly identify the headers
|
|
added to an unauthenticated (no token, bad token) request by
|
|
keystonemiddleware in a PasteDeploy configuration
|
|
'''
|
|
|
|
req_env = TestAuthMiddleware.ks_user_env
|
|
|
|
req_env['HTTP_X_IDENTITY_STATUS'] = 'Invalid'
|
|
|
|
middleware = AuthMiddleware()
|
|
request = DrydockRequest(req_env)
|
|
response = falcon.Response()
|
|
|
|
middleware.process_request(request, response)
|
|
|
|
assert request.context.authenticated is False
|