[feat] use twisted web http auth and creds

author: drebs <drebs@leap.se> 2016-12-18 16:36:39 -0200
committer: Kali Kaneko <kali@leap.se> 2017-02-09 17:41:35 +0100
commit: 260805b9967184841c4499f94713a9a48c49a813 (patch)
tree: 043914710bfbc29f8d7bc7668b38ca3a546e8c86 /testing
parent: e73d36621052a69aae327200c063ac1689bcf9e0 (diff)
3 files changed, 39 insertions, 132 deletions
diff --git a/testing/test_soledad/util.py b/testing/test_soledad/util.py
index 57f8199b..e44a165d 100644
--- a/testing/test_soledad/util.py
+++ b/testing/test_soledad/util.py
@@ -52,7 +52,6 @@ from leap.soledad.client.sqlcipher import SQLCipherOptions
 from leap.soledad.client._crypto import is_symmetrically_encrypted
 
 from leap.soledad.server import SoledadApp
-from leap.soledad.server.auth import SoledadTokenAuthMiddleware
 
 
 PASSWORD = '123456'
@@ -108,7 +107,7 @@ def make_soledad_app(state):
 
 
 def make_token_soledad_app(state):
-    app = SoledadApp(state)
+    application = SoledadApp(state)
 
     def _verify_authentication_data(uuid, auth_data):
         if uuid.startswith('user-') and auth_data == 'auth-token':
@@ -119,7 +118,6 @@ def make_token_soledad_app(state):
     def _verify_authorization(uuid, environ):
         return True
 
-    application = SoledadTokenAuthMiddleware(app)
     application._verify_authentication_data = _verify_authentication_data
     application._verify_authorization = _verify_authorization
     return application
diff --git a/testing/tests/client/test_http_client.py b/testing/tests/client/test_http_client.py
index a107930a..691c7576 100644
--- a/testing/tests/client/test_http_client.py
+++ b/testing/tests/client/test_http_client.py
@@ -24,7 +24,6 @@ from testscenarios import TestWithScenarios
 from leap.soledad.client import auth
 from leap.soledad.common.l2db.remote import http_client
 from test_soledad.u1db_tests import test_http_client
-from leap.soledad.server.auth import SoledadTokenAuthMiddleware
 
 
 # -----------------------------------------------------------------------------
@@ -67,7 +66,7 @@ class TestSoledadClientBase(
             return res
         # mime solead application here.
         if '/token' in environ['PATH_INFO']:
-            auth = environ.get(SoledadTokenAuthMiddleware.HTTP_AUTH_KEY)
+            auth = environ.get('HTTP_AUTHORIZATION')
             if not auth:
                 start_response("401 Unauthorized",
                                [('Content-Type', 'application/json')])
diff --git a/testing/tests/server/test_server.py b/testing/tests/server/test_server.py
index 09242736..12f6fb20 100644
--- a/testing/tests/server/test_server.py
+++ b/testing/tests/server/test_server.py
@@ -18,11 +18,9 @@
 Tests for server-related functionality.
 """
 import binascii
-import mock
 import os
 import pytest
 
-from hashlib import sha512
 from pkg_resources import resource_filename
 from urlparse import urljoin
 from uuid import uuid4
@@ -46,36 +44,6 @@ from leap.soledad.client import Soledad
 from leap.soledad.server.config import load_configuration
 from leap.soledad.server.config import CONFIG_DEFAULTS
 from leap.soledad.server.auth import URLMapper
-from leap.soledad.server.auth import SoledadTokenAuthMiddleware
-
-
-class ServerAuthenticationMiddlewareTestCase(CouchDBTestCase):
-
-    def setUp(self):
-        super(ServerAuthenticationMiddlewareTestCase, self).setUp()
-        app = mock.Mock()
-        self._state = CouchServerState(self.couch_url)
-        app.state = self._state
-        self.auth_middleware = SoledadTokenAuthMiddleware(app)
-        self._authorize('valid-uuid', 'valid-token')
-
-    def _authorize(self, uuid, token):
-        token_doc = {}
-        token_doc['_id'] = sha512(token).hexdigest()
-        token_doc[self._state.TOKENS_USER_ID_KEY] = uuid
-        token_doc[self._state.TOKENS_TYPE_KEY] = \
-            self._state.TOKENS_TYPE_DEF
-        dbname = self._state._tokens_dbname()
-        db = self.couch_server.create(dbname)
-        db.save(token_doc)
-        self.addCleanup(self.delete_db, db.name)
-
-    def test_authorized_user(self):
-        is_authorized = self.auth_middleware._verify_authentication_data
-        self.assertTrue(is_authorized('valid-uuid', 'valid-token'))
-        self.assertFalse(is_authorized('valid-uuid', 'invalid-token'))
-        self.assertFalse(is_authorized('invalid-uuid', 'valid-token'))
-        self.assertFalse(is_authorized('eve', 'invalid-token'))
 
 
 class ServerAuthorizationTestCase(BaseSoledadTest):
@@ -90,12 +58,6 @@ class ServerAuthorizationTestCase(BaseSoledadTest):
     def tearDown(self):
         pass
 
-    def _make_environ(self, path_info, request_method):
-        return {
-            'PATH_INFO': path_info,
-            'REQUEST_METHOD': request_method,
-        }
-
     def test_verify_action_with_correct_dbnames(self):
         """
         Test encrypting and decrypting documents.
@@ -120,146 +82,94 @@ class ServerAuthorizationTestCase(BaseSoledadTest):
         dbname = 'user-%s' % uuid
 
         # test global auth
-        match = urlmap.match(self._make_environ('/', 'GET'))
+        match = urlmap.match('/', 'GET')
+        self.assertIsNotNone(match)
 
         # test shared-db database resource auth
-        match = urlmap.match(
-            self._make_environ('/shared', 'GET'))
+        match = urlmap.match('/shared', 'GET')
         self.assertIsNotNone(match)
 
-        self.assertIsNone(
-            urlmap.match(
-                self._make_environ('/shared', 'PUT')))
+        match = urlmap.match('/shared', 'PUT')
+        self.assertIsNone(match)
 
-        self.assertIsNone(
-            urlmap.match(
-                self._make_environ('/shared', 'DELETE')))
+        match = urlmap.match('/shared', 'DELETE')
+        self.assertIsNone(match)
 
-        self.assertIsNone(
-            urlmap.match(
-                self._make_environ('/shared', 'POST')))
+        match = urlmap.match('/shared', 'POST')
+        self.assertIsNone(match)
 
         # test shared-db docs resource auth
-        self.assertIsNone(
-            urlmap.match(
-                self._make_environ('/shared/docs', 'GET')))
+        self.assertIsNone(urlmap.match('/shared/docs', 'GET'))
 
-        self.assertIsNone(
-            urlmap.match(
-                self._make_environ('/shared/docs', 'PUT')))
+        self.assertIsNone(urlmap.match('/shared/docs', 'PUT'))
 
-        self.assertIsNone(
-            urlmap.match(
-                self._make_environ('/shared/docs', 'DELETE')))
+        self.assertIsNone(urlmap.match('/shared/docs', 'DELETE'))
 
-        self.assertIsNone(
-            urlmap.match(
-                self._make_environ('/shared/docs', 'POST')))
+        self.assertIsNone(urlmap.match('/shared/docs', 'POST'))
 
         # test shared-db doc resource auth
-        match = urlmap.match(
-            self._make_environ('/shared/doc/x', 'GET'))
+        match = urlmap.match('/shared/doc/x', 'GET')
         self.assertIsNotNone(match)
         self.assertEqual('x', match.get('id'))
 
-        match = urlmap.match(
-            self._make_environ('/shared/doc/x', 'PUT'))
+        match = urlmap.match('/shared/doc/x', 'PUT')
         self.assertIsNotNone(match)
         self.assertEqual('x', match.get('id'))
 
-        match = urlmap.match(
-            self._make_environ('/shared/doc/x', 'DELETE'))
+        match = urlmap.match('/shared/doc/x', 'DELETE')
         self.assertEqual('x', match.get('id'))
 
-        self.assertIsNone(
-            urlmap.match(
-                self._make_environ('/shared/doc/x', 'POST')))
+        self.assertIsNone(urlmap.match('/shared/doc/x', 'POST'))
 
         # test shared-db sync resource auth
-        self.assertIsNone(
-            urlmap.match(
-                self._make_environ('/shared/sync-from/x', 'GET')))
+        self.assertIsNone(urlmap.match('/shared/sync-from/x', 'GET'))
 
-        self.assertIsNone(
-            urlmap.match(
-                self._make_environ('/shared/sync-from/x', 'PUT')))
+        self.assertIsNone(urlmap.match('/shared/sync-from/x', 'PUT'))
 
-        self.assertIsNone(
-            urlmap.match(
-                self._make_environ('/shared/sync-from/x', 'DELETE')))
+        self.assertIsNone(urlmap.match('/shared/sync-from/x', 'DELETE'))
 
-        self.assertIsNone(
-            urlmap.match(
-                self._make_environ('/shared/sync-from/x', 'POST')))
+        self.assertIsNone(urlmap.match('/shared/sync-from/x', 'POST'))
 
         # test user-db database resource auth
-        self.assertIsNone(
-            urlmap.match(
-                self._make_environ('/%s' % dbname, 'GET')))
+        self.assertIsNone(urlmap.match('/%s' % dbname, 'GET'))
 
-        self.assertIsNone(
-            urlmap.match(
-                self._make_environ('/%s' % dbname, 'PUT')))
+        self.assertIsNone(urlmap.match('/%s' % dbname, 'PUT'))
 
-        self.assertIsNone(
-            urlmap.match(
-                self._make_environ('/%s' % dbname, 'DELETE')))
+        self.assertIsNone(urlmap.match('/%s' % dbname, 'DELETE'))
 
-        self.assertIsNone(
-            urlmap.match(
-                self._make_environ('/%s' % dbname, 'POST')))
+        self.assertIsNone(urlmap.match('/%s' % dbname, 'POST'))
 
         # test user-db docs resource auth
-        self.assertIsNone(
-            urlmap.match(
-                self._make_environ('/%s/docs' % dbname, 'GET')))
+        self.assertIsNone(urlmap.match('/%s/docs' % dbname, 'GET'))
 
-        self.assertIsNone(
-            urlmap.match(
-                self._make_environ('/%s/docs' % dbname, 'PUT')))
+        self.assertIsNone(urlmap.match('/%s/docs' % dbname, 'PUT'))
 
-        self.assertIsNone(
-            urlmap.match(
-                self._make_environ('/%s/docs' % dbname, 'DELETE')))
+        self.assertIsNone(urlmap.match('/%s/docs' % dbname, 'DELETE'))
 
-        self.assertIsNone(
-            urlmap.match(
-                self._make_environ('/%s/docs' % dbname, 'POST')))
+        self.assertIsNone(urlmap.match('/%s/docs' % dbname, 'POST'))
 
         # test user-db doc resource auth
-        self.assertIsNone(
-            urlmap.match(
-                self._make_environ('/%s/doc/x' % dbname, 'GET')))
+        self.assertIsNone(urlmap.match('/%s/doc/x' % dbname, 'GET'))
 
-        self.assertIsNone(
-            urlmap.match(
-                self._make_environ('/%s/doc/x' % dbname, 'PUT')))
+        self.assertIsNone(urlmap.match('/%s/doc/x' % dbname, 'PUT'))
 
-        self.assertIsNone(
-            urlmap.match(
-                self._make_environ('/%s/doc/x' % dbname, 'DELETE')))
+        self.assertIsNone(urlmap.match('/%s/doc/x' % dbname, 'DELETE'))
 
-        self.assertIsNone(
-            urlmap.match(
-                self._make_environ('/%s/doc/x' % dbname, 'POST')))
+        self.assertIsNone(urlmap.match('/%s/doc/x' % dbname, 'POST'))
 
         # test user-db sync resource auth
-        match = urlmap.match(
-            self._make_environ('/%s/sync-from/x' % dbname, 'GET'))
+        match = urlmap.match('/%s/sync-from/x' % dbname, 'GET')
         self.assertEqual(uuid, match.get('uuid'))
         self.assertEqual('x', match.get('source_replica_uid'))
 
-        match = urlmap.match(
-            self._make_environ('/%s/sync-from/x' % dbname, 'PUT'))
+        match = urlmap.match('/%s/sync-from/x' % dbname, 'PUT')
         self.assertEqual(uuid, match.get('uuid'))
         self.assertEqual('x', match.get('source_replica_uid'))
 
-        match = urlmap.match(
-            self._make_environ('/%s/sync-from/x' % dbname, 'DELETE'))
+        match = urlmap.match('/%s/sync-from/x' % dbname, 'DELETE')
         self.assertIsNone(match)
 
-        match = urlmap.match(
-            self._make_environ('/%s/sync-from/x' % dbname, 'POST'))
+        match = urlmap.match('/%s/sync-from/x' % dbname, 'POST')
         self.assertEqual(uuid, match.get('uuid'))
         self.assertEqual('x', match.get('source_replica_uid'))
author	drebs <drebs@leap.se>	2016-12-18 16:36:39 -0200
committer	Kali Kaneko <kali@leap.se>	2017-02-09 17:41:35 +0100
commit	260805b9967184841c4499f94713a9a48c49a813 (patch)
tree	043914710bfbc29f8d7bc7668b38ca3a546e8c86 /testing
parent	e73d36621052a69aae327200c063ac1689bcf9e0 (diff)