YunoHost/moulinette
1
0
Fork 0
mirror of https://github.com/YunoHost/moulinette.git synced 2024-09-03 20:06:31 +02:00
Code Issues Projects Releases Packages Wiki Activity

Propagate changes on tests

Browse source
This commit is contained in:
Alexandre Aubin 2021-12-22 19:22:49 +01:00
parent 2fc9611b53
commit ee1e63c7a1
4 changed files with 108 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
test/actionsmap/moulitest.yml
View file

@ -4,7 +4,6 @@
############################# #############################
_global: _global:
namespace: moulitest namespace: moulitest
cookie_name: moulitest
authentication: authentication:
api: dummy api: dummy
cli: dummy cli: dummy

54
test/src/authenticators/dummy.py
View file

@ -1,13 +1,16 @@
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
import logging import logging
from moulinette.core import MoulinetteError from moulinette.utils.text import random_ascii
from moulinette.core import MoulinetteError, MoulinetteAuthenticationError
from moulinette.authentication import BaseAuthenticator from moulinette.authentication import BaseAuthenticator
logger = logging.getLogger("moulinette.authenticator.dummy") logger = logging.getLogger("moulinette.authenticator.yoloswag")
# Dummy authenticator implementation # Dummy authenticator implementation
session_secret = random_ascii()
class Authenticator(BaseAuthenticator): class Authenticator(BaseAuthenticator):
@ -24,3 +27,50 @@ class Authenticator(BaseAuthenticator):
raise MoulinetteError("invalid_password", raw_msg=True) raise MoulinetteError("invalid_password", raw_msg=True)
return return
def set_session_cookie(self, infos):
from bottle import response
assert isinstance(infos, dict)
# This allows to generate a new session id or keep the existing one
current_infos = self.get_session_cookie(raise_if_no_session_exists=False)
new_infos = {"id": current_infos["id"]}
new_infos.update(infos)
response.set_cookie(
"moulitest",
new_infos,
secure=True,
secret=session_secret,
httponly=True,
# samesite="strict", # Bottle 0.12 doesn't support samesite, to be added in next versions
)
def get_session_cookie(self, raise_if_no_session_exists=True):
from bottle import request
try:
infos = request.get_cookie(
"moulitest", secret=session_secret, default={}
)
except Exception:
if not raise_if_no_session_exists:
return {"id": random_ascii()}
raise MoulinetteAuthenticationError("unable_authenticate")
if "id" not in infos:
infos["id"] = random_ascii()
return infos
@staticmethod
def delete_session_cookie(self):
from bottle import response
response.set_cookie("moulitest", "", max_age=-1)
response.delete_cookie("moulitest")

52
test/src/authenticators/yoloswag.py
View file

@ -1,13 +1,16 @@
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
import logging import logging
from moulinette.core import MoulinetteError from moulinette.utils.text import random_ascii
from moulinette.core import MoulinetteError, MoulinetteAuthenticationError
from moulinette.authentication import BaseAuthenticator from moulinette.authentication import BaseAuthenticator
logger = logging.getLogger("moulinette.authenticator.yoloswag") logger = logging.getLogger("moulinette.authenticator.yoloswag")
# Dummy authenticator implementation # Dummy authenticator implementation
session_secret = random_ascii()
class Authenticator(BaseAuthenticator): class Authenticator(BaseAuthenticator):
@ -24,3 +27,50 @@ class Authenticator(BaseAuthenticator):
raise MoulinetteError("invalid_password", raw_msg=True) raise MoulinetteError("invalid_password", raw_msg=True)
return return
def set_session_cookie(self, infos):
from bottle import response
assert isinstance(infos, dict)
# This allows to generate a new session id or keep the existing one
current_infos = self.get_session_cookie(raise_if_no_session_exists=False)
new_infos = {"id": current_infos["id"]}
new_infos.update(infos)
response.set_cookie(
"moulitest",
new_infos,
secure=True,
secret=session_secret,
httponly=True,
# samesite="strict", # Bottle 0.12 doesn't support samesite, to be added in next versions
)
def get_session_cookie(self, raise_if_no_session_exists=True):
from bottle import request
try:
infos = request.get_cookie(
"moulitest", secret=session_secret, default={}
)
except Exception:
if not raise_if_no_session_exists:
return {"id": random_ascii()}
raise MoulinetteAuthenticationError("unable_authenticate")
if "id" not in infos:
infos["id"] = random_ascii()
return infos
@staticmethod
def delete_session_cookie(self):
from bottle import response
response.set_cookie("moulitest", "", max_age=-1)
response.delete_cookie("moulitest")

10
test/test_auth.py
View file

@ -66,7 +66,7 @@ class TestAuthAPI:
def test_login(self, moulinette_webapi): def test_login(self, moulinette_webapi):
assert self.login(moulinette_webapi).text == "Logged in" assert self.login(moulinette_webapi).text == "Logged in"
assert "session.moulitest" in moulinette_webapi.cookies assert "moulitest" in moulinette_webapi.cookies
def test_login_bad_password(self, moulinette_webapi): def test_login_bad_password(self, moulinette_webapi):
assert ( assert (
@ -74,7 +74,7 @@ class TestAuthAPI:
== "invalid_password" == "invalid_password"
) )
assert "session.moulitest" not in moulinette_webapi.cookies assert "moulitest" not in moulinette_webapi.cookies
def test_login_csrf_attempt(self, moulinette_webapi): def test_login_csrf_attempt(self, moulinette_webapi):
# C.f. # C.f.
@ -86,7 +86,7 @@ class TestAuthAPI:
in self.login(moulinette_webapi, csrf=True, status=403).text in self.login(moulinette_webapi, csrf=True, status=403).text
) )
assert not any( assert not any(
c.name == "session.moulitest" for c in moulinette_webapi.cookiejar c.name == "moulitest" for c in moulinette_webapi.cookiejar
) )
def test_login_then_legit_request_without_cookies(self, moulinette_webapi): def test_login_then_legit_request_without_cookies(self, moulinette_webapi):
@ -99,7 +99,7 @@ class TestAuthAPI:
def test_login_then_legit_request(self, moulinette_webapi): def test_login_then_legit_request(self, moulinette_webapi):
self.login(moulinette_webapi) self.login(moulinette_webapi)
assert "session.moulitest" in moulinette_webapi.cookies assert "moulitest" in moulinette_webapi.cookies
assert ( assert (
moulinette_webapi.get("/test-auth/default", status=200).text moulinette_webapi.get("/test-auth/default", status=200).text
@ -124,7 +124,7 @@ class TestAuthAPI:
def test_login_other_profile(self, moulinette_webapi): def test_login_other_profile(self, moulinette_webapi):
self.login(moulinette_webapi, profile="yoloswag", password="yoloswag") self.login(moulinette_webapi, profile="yoloswag", password="yoloswag")
assert "session.moulitest" in moulinette_webapi.cookies assert "moulitest" in moulinette_webapi.cookies
def test_login_wrong_profile(self, moulinette_webapi): def test_login_wrong_profile(self, moulinette_webapi):
self.login(moulinette_webapi) self.login(moulinette_webapi)