Browse Source

Merge "Check if user A can access user B's resource"

Jenkins 3 years ago
parent
commit
27c64bb526

+ 7
- 0
examples/configs/keystone.config View File

@@ -1,10 +1,17 @@
1 1
 [syntribos]
2 2
 endpoint=<yourapiendpoint>
3
+#version=v2    # used for cross auth tests (-t AUTH_WITH_SOMEONE_ELSE_TOKEN)
3 4
 
4 5
 [user]
5 6
 username=<yourusername>
6 7
 password=<yourpassword>
7 8
 user_id=<youruserid>
8 9
 
10
+# used for cross auth tests (-t AUTH_WITH_SOMEONE_ELSE_TOKEN)
11
+#[alt_user]
12
+#username=<alt_username>
13
+#password=<alt_password>
14
+#user_id=<alt_userid>
15
+
9 16
 [auth]
10 17
 endpoint=<yourkeystoneurl>

+ 3
- 0
examples/payloads/keystone/user_xauth_get.txt View File

@@ -0,0 +1,3 @@
1
+GET /v2.0/users/USER_ID HTTP/1.1
2
+Accept: application/json
3
+X-Auth-Token: CALL_EXTERNAL|syntribos.extensions.identity.client:get_token_v2:["user"]|

+ 4
- 0
syntribos/config.py View File

@@ -23,3 +23,7 @@ class MainConfig(data_interfaces.ConfigSectionInterface):
23 23
     @property
24 24
     def endpoint(self):
25 25
         return self.get("endpoint")
26
+
27
+    @property
28
+    def version(self):
29
+        return self.get("version")

+ 15
- 0
syntribos/tests/auth/__init__.py View File

@@ -0,0 +1,15 @@
1
+"""
2
+Copyright 2015 Rackspace
3
+
4
+Licensed under the Apache License, Version 2.0 (the "License");
5
+you may not use this file except in compliance with the License.
6
+You may obtain a copy of the License at
7
+
8
+   http://www.apache.org/licenses/LICENSE-2.0
9
+
10
+Unless required by applicable law or agreed to in writing, software
11
+distributed under the License is distributed on an "AS IS" BASIS,
12
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
+See the License for the specific language governing permissions and
14
+limitations under the License.
15
+"""

+ 122
- 0
syntribos/tests/auth/base_auth.py View File

@@ -0,0 +1,122 @@
1
+"""
2
+Copyright 2016 Rackspace
3
+Licensed under the Apache License, Version 2.0 (the "License");
4
+you may not use this file except in compliance with the License.
5
+You may obtain a copy of the License at
6
+   http://www.apache.org/licenses/LICENSE-2.0
7
+Unless required by applicable law or agreed to in writing, software
8
+distributed under the License is distributed on an "AS IS" BASIS,
9
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
10
+See the License for the specific language governing permissions and
11
+limitations under the License.
12
+"""
13
+
14
+import os
15
+
16
+from syntribos.clients.http import client
17
+from syntribos.issue import Issue
18
+import syntribos.tests.auth.datagen
19
+from syntribos.tests import base
20
+
21
+data_dir = os.environ.get("CAFE_DATA_DIR_PATH")
22
+
23
+
24
+class BaseAuthTestCase(base.BaseTestCase):
25
+    client = client()
26
+    failure_keys = None
27
+    success_keys = None
28
+
29
+    @classmethod
30
+    def data_driven_failure_cases(cls):
31
+        failure_assertions = []
32
+        if cls.failure_keys is None:
33
+            return []
34
+        for line in cls.failure_keys:
35
+            failure_assertions.append((cls.assertNotIn,
36
+                                      line, cls.resp.content))
37
+        return failure_assertions
38
+
39
+    @classmethod
40
+    def data_driven_pass_cases(cls):
41
+        if cls.success_keys is None:
42
+            return True
43
+        for s in cls.success_keys:
44
+            if s in cls.resp.content:
45
+                return True
46
+        return False
47
+
48
+    @classmethod
49
+    def setUpClass(cls):
50
+        super(BaseAuthTestCase, cls).setUpClass()
51
+        cls.issues = []
52
+        cls.failures = []
53
+        cls.resp = cls.client.request(
54
+            method=cls.request.method, url=cls.request.url,
55
+            headers=cls.request.headers, params=cls.request.params,
56
+            data=cls.request.data)
57
+
58
+    @classmethod
59
+    def tearDownClass(cls):
60
+        super(BaseAuthTestCase, cls).tearDownClass()
61
+        for issue in cls.issues:
62
+            if issue.failure:
63
+                cls.failures.append(issue.as_dict())
64
+
65
+    def test_case(self):
66
+        text = ("This request did not fail with 404 (User not found)"
67
+                " therefore it indicates that authentication with"
68
+                " another user's token was successful.")
69
+        self.register_issue(
70
+            Issue(test="try_alt_user_token",
71
+                  severity="High",
72
+                  text=text,
73
+                  assertions=[(self.assertTrue, self.resp.status_code == 404)])
74
+        )
75
+        self.test_issues()
76
+
77
+    @classmethod
78
+    def get_test_cases(cls, filename, file_content):
79
+        """Generates the test cases
80
+
81
+        For this particular test, only a single test
82
+        is created (in addition to the base case, that is)
83
+        """
84
+
85
+        alt_user_config = syntribos.extensions.identity.config.UserConfig(
86
+            section_name='alt_user')
87
+        alt_user_id = alt_user_config.user_id
88
+        if alt_user_id is None:
89
+            return
90
+
91
+        request_obj = syntribos.tests.auth.datagen.AuthParser.create_request(
92
+            file_content, os.environ.get("SYNTRIBOS_ENDPOINT"))
93
+
94
+        prepared_copy = request_obj.get_prepared_copy()
95
+        cls.init_response = cls.client.send_request(prepared_copy)
96
+
97
+        prefix_name = "{filename}_{test_name}_{fuzz_file}_".format(
98
+            filename=filename, test_name=cls.test_name, fuzz_file='auth')
99
+
100
+        main_config = syntribos.config.MainConfig()
101
+        version = main_config.version
102
+
103
+        if version is None or version == 'v2':
104
+            alt_token = syntribos.extensions.identity.client.get_token_v2(
105
+                'alt_user', 'auth')
106
+        else:
107
+            alt_token = syntribos.extensions.identity.client.get_token_v3(
108
+                'alt_user', 'auth')
109
+        alt_user_token_request = request_obj.get_prepared_copy()
110
+        for h in alt_user_token_request.headers:
111
+            if 'x-auth-token' == h.lower():
112
+                alt_user_token_request.headers[h] = alt_token
113
+
114
+        test_name = prefix_name + 'another_users_token'
115
+
116
+        def test_gen(test_name, request):
117
+            yield (test_name, request)
118
+
119
+        for name, req in test_gen(test_name, alt_user_token_request):
120
+            c = cls.extend_class(test_name,
121
+                                 {"request": alt_user_token_request})
122
+            yield c

+ 58
- 0
syntribos/tests/auth/datagen.py View File

@@ -0,0 +1,58 @@
1
+"""
2
+Copyright 2016 Rackspace
3
+
4
+Licensed under the Apache License, Version 2.0 (the "License");
5
+you may not use this file except in compliance with the License.
6
+You may obtain a copy of the License at
7
+
8
+   http://www.apache.org/licenses/LICENSE-2.0
9
+
10
+Unless required by applicable law or agreed to in writing, software
11
+distributed under the License is distributed on an "AS IS" BASIS,
12
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
+See the License for the specific language governing permissions and
14
+limitations under the License.
15
+"""
16
+
17
+from syntribos.clients.http.models import RequestHelperMixin
18
+from syntribos.clients.http.models import RequestObject
19
+from syntribos.clients.http import parser
20
+from syntribos.extensions.identity.config import UserConfig
21
+
22
+
23
+class AuthMixin(object):
24
+    """AuthMixin Class
25
+
26
+    AuthBehavior provides utility methods to manipulate data before
27
+    a request object is created.
28
+    """
29
+
30
+    @staticmethod
31
+    def remove_braces(string):
32
+        return string.replace("}", "").replace("{", "")
33
+
34
+
35
+class AuthRequest(RequestObject, AuthMixin, RequestHelperMixin):
36
+    """AuthRequest Class
37
+
38
+    This class specializes the generic RequestObject to
39
+    create an auth test specific class.
40
+    """
41
+
42
+    def prepare_request(self, auth_type=None):
43
+        super(AuthRequest, self).prepare_request()
44
+        if auth_type != "url":
45
+            self.url = self.remove_braces(self.url)
46
+        user_config = UserConfig(section_name='user')
47
+        user_id = user_config.user_id
48
+        self.url = self.url.replace('USER_ID', user_id)
49
+
50
+
51
+class AuthParser(parser):
52
+    """AuthParser Class
53
+
54
+    This class is a container class to hold
55
+    an auth request object type.
56
+    """
57
+
58
+    request_model_type = AuthRequest

+ 27
- 0
syntribos/tests/auth/user1_tries_user2s_token.py View File

@@ -0,0 +1,27 @@
1
+"""
2
+Copyright 2016 Rackspace
3
+
4
+Licensed under the Apache License, Version 2.0 (the "License");
5
+you may not use this file except in compliance with the License.
6
+You may obtain a copy of the License at
7
+
8
+   http://www.apache.org/licenses/LICENSE-2.0
9
+
10
+Unless required by applicable law or agreed to in writing, software
11
+distributed under the License is distributed on an "AS IS" BASIS,
12
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
+See the License for the specific language governing permissions and
14
+limitations under the License.
15
+"""
16
+
17
+from syntribos.tests.auth import base_auth
18
+
19
+
20
+class AuthWithSomeoneElsesToken(base_auth.BaseAuthTestCase):
21
+    """AuthWithSomeoneElsesToken Class
22
+
23
+    This is just a specialization of the base auth test class
24
+    which supplies the test name and type.
25
+    """
26
+    test_name = "AUTH_WITH_SOMEONE_ELSE_TOKEN"
27
+    test_type = "headers"

Loading…
Cancel
Save