mirror of
https://github.com/YunoHost/moulinette.git
synced 2024-09-03 20:06:31 +02:00
add more test for auth
This commit is contained in:
parent
535f4bcb3b
commit
fdb4db0124
3 changed files with 204 additions and 63 deletions
|
@ -1,3 +1,5 @@
|
||||||
{
|
{
|
||||||
"foo": "bar"
|
"foo": "bar",
|
||||||
|
"Dummy Password": "Dummy Password",
|
||||||
|
"Dummy Yoloswag Password": "Dummy Yoloswag Password"
|
||||||
}
|
}
|
||||||
|
|
|
@ -24,3 +24,11 @@ def testauth_other_profile():
|
||||||
|
|
||||||
def testauth_subcat_other_profile():
|
def testauth_subcat_other_profile():
|
||||||
return "some_data_from_subcat_other_profile"
|
return "some_data_from_subcat_other_profile"
|
||||||
|
|
||||||
|
|
||||||
|
def testauth_only_api():
|
||||||
|
return "some_data_from_only_api"
|
||||||
|
|
||||||
|
|
||||||
|
def testauth_only_cli():
|
||||||
|
return "some_data_from_only_cli"
|
||||||
|
|
|
@ -1,91 +1,222 @@
|
||||||
import os
|
import os
|
||||||
|
import pytest
|
||||||
|
import json
|
||||||
|
|
||||||
|
from moulinette import MoulinetteError
|
||||||
|
from moulinette import m18n
|
||||||
|
|
||||||
|
|
||||||
def login(webapi, csrf=False, profile=None, status=200):
|
class TestAuthAPI:
|
||||||
|
def login(self, webapi, csrf=False, profile=None, status=200, password="default"):
|
||||||
|
data = {"password": password}
|
||||||
|
if profile:
|
||||||
|
data["profile"] = profile
|
||||||
|
|
||||||
data = {"password": "Yoloswag"}
|
return webapi.post(
|
||||||
if profile:
|
"/login",
|
||||||
data["profile"] = profile
|
data,
|
||||||
|
status=status,
|
||||||
|
headers=None if csrf else {"X-Requested-With": ""},
|
||||||
|
)
|
||||||
|
|
||||||
return webapi.post(
|
def test_request_no_auth_needed(self, moulinette_webapi):
|
||||||
"/login",
|
assert (
|
||||||
data,
|
moulinette_webapi.get("/test-auth/none", status=200).text
|
||||||
status=status,
|
== '"some_data_from_none"'
|
||||||
headers=None if csrf else {"X-Requested-With": ""},
|
)
|
||||||
)
|
|
||||||
|
def test_request_no_auth_needed_subcategories(self, moulinette_webapi):
|
||||||
|
assert (
|
||||||
|
moulinette_webapi.get("/test-auth/subcat/none", status=200).text
|
||||||
|
== '"some_data_from_subcat_none"'
|
||||||
|
)
|
||||||
|
|
||||||
|
def test_request_with_auth_but_not_logged(self, moulinette_webapi):
|
||||||
|
assert (
|
||||||
|
moulinette_webapi.get("/test-auth/default", status=401).text
|
||||||
|
== "Authentication required"
|
||||||
|
)
|
||||||
|
|
||||||
|
def test_request_with_auth_subcategories_but_not_logged(self, moulinette_webapi):
|
||||||
|
assert (
|
||||||
|
moulinette_webapi.get("/test-auth/subcat/default", status=401).text
|
||||||
|
== "Authentication required"
|
||||||
|
)
|
||||||
|
|
||||||
|
def test_request_not_logged_only_api(self, moulinette_webapi):
|
||||||
|
assert (
|
||||||
|
moulinette_webapi.get("/test-auth/only-api", status=401).text
|
||||||
|
== "Authentication required"
|
||||||
|
)
|
||||||
|
|
||||||
|
def test_request_only_api(self, moulinette_webapi):
|
||||||
|
self.login(moulinette_webapi)
|
||||||
|
assert (
|
||||||
|
moulinette_webapi.get("/test-auth/only-api", status=200).text
|
||||||
|
== '"some_data_from_only_api"'
|
||||||
|
)
|
||||||
|
|
||||||
|
def test_request_not_logged_only_cli(self, moulinette_webapi):
|
||||||
|
assert (
|
||||||
|
moulinette_webapi.get("/test-auth/only-cli", status=200).text
|
||||||
|
== '"some_data_from_only_cli"'
|
||||||
|
)
|
||||||
|
|
||||||
|
def test_login(self, moulinette_webapi):
|
||||||
|
assert self.login(moulinette_webapi).text == "Logged in"
|
||||||
|
|
||||||
|
assert "session.id" in moulinette_webapi.cookies
|
||||||
|
assert "session.tokens" in moulinette_webapi.cookies
|
||||||
|
|
||||||
|
cache_session_default = os.environ["MOULINETTE_CACHE_DIR"] + "/session/default/"
|
||||||
|
assert moulinette_webapi.cookies["session.id"] + ".asc" in os.listdir(
|
||||||
|
cache_session_default
|
||||||
|
)
|
||||||
|
|
||||||
|
def test_login_bad_password(self, moulinette_webapi):
|
||||||
|
assert self.login(moulinette_webapi, password="Bad Password", status=401).text == "Invalid password"
|
||||||
|
|
||||||
|
assert "session.id" not in moulinette_webapi.cookies
|
||||||
|
assert "session.tokens" not in moulinette_webapi.cookies
|
||||||
|
|
||||||
|
|
||||||
def test_request_no_auth_needed(moulinette_webapi):
|
def test_login_csrf_attempt(self, moulinette_webapi):
|
||||||
|
# C.f.
|
||||||
|
# https://security.stackexchange.com/a/58308
|
||||||
|
# https://stackoverflow.com/a/22533680
|
||||||
|
|
||||||
assert (
|
assert "CSRF protection" in self.login(moulinette_webapi, csrf=True, status=403).text
|
||||||
moulinette_webapi.get("/test-auth/none", status=200).text
|
assert not any(c.name == "session.id" for c in moulinette_webapi.cookiejar)
|
||||||
== '"some_data_from_none"'
|
assert not any(c.name == "session.tokens" for c in moulinette_webapi.cookiejar)
|
||||||
)
|
|
||||||
|
def test_login_then_legit_request_without_cookies(self, moulinette_webapi):
|
||||||
|
self.login(moulinette_webapi)
|
||||||
|
|
||||||
|
moulinette_webapi.cookiejar.clear()
|
||||||
|
|
||||||
|
moulinette_webapi.get("/test-auth/default", status=401)
|
||||||
|
|
||||||
|
def test_login_then_legit_request(self, moulinette_webapi):
|
||||||
|
self.login(moulinette_webapi)
|
||||||
|
|
||||||
|
assert (
|
||||||
|
moulinette_webapi.get("/test-auth/default", status=200).text
|
||||||
|
== '"some_data_from_default"'
|
||||||
|
)
|
||||||
|
|
||||||
|
assert (
|
||||||
|
moulinette_webapi.get("/test-auth/subcat/default", status=200).text
|
||||||
|
== '"some_data_from_subcat_default"'
|
||||||
|
)
|
||||||
|
|
||||||
|
def test_login_then_logout(self, moulinette_webapi):
|
||||||
|
self.login(moulinette_webapi)
|
||||||
|
|
||||||
|
moulinette_webapi.get("/logout", status=200)
|
||||||
|
|
||||||
|
cache_session_default = os.environ["MOULINETTE_CACHE_DIR"] + "/session/default/"
|
||||||
|
assert not moulinette_webapi.cookies["session.id"] + ".asc" in os.listdir(
|
||||||
|
cache_session_default
|
||||||
|
)
|
||||||
|
|
||||||
|
assert (
|
||||||
|
moulinette_webapi.get("/test-auth/default", status=401).text
|
||||||
|
== "Authentication required"
|
||||||
|
)
|
||||||
|
|
||||||
|
def test_login_other_profile(self, moulinette_webapi):
|
||||||
|
self.login(moulinette_webapi, profile="yoloswag", password="yoloswag")
|
||||||
|
|
||||||
|
assert "session.id" in moulinette_webapi.cookies
|
||||||
|
assert "session.tokens" in moulinette_webapi.cookies
|
||||||
|
|
||||||
|
cache_session_default = os.environ["MOULINETTE_CACHE_DIR"] + "/session/yoloswag/"
|
||||||
|
assert moulinette_webapi.cookies["session.id"] + ".asc" in os.listdir(
|
||||||
|
cache_session_default
|
||||||
|
)
|
||||||
|
|
||||||
|
def test_login_wrong_profile(self, moulinette_webapi):
|
||||||
|
self.login(moulinette_webapi)
|
||||||
|
|
||||||
|
assert (
|
||||||
|
moulinette_webapi.get("/test-auth/other-profile", status=401).text
|
||||||
|
== "Authentication required"
|
||||||
|
)
|
||||||
|
|
||||||
|
moulinette_webapi.get("/logout", status=200)
|
||||||
|
|
||||||
|
self.login(moulinette_webapi, profile="yoloswag", password="yoloswag")
|
||||||
|
|
||||||
|
assert (
|
||||||
|
moulinette_webapi.get("/test-auth/default", status=401).text
|
||||||
|
== "Authentication required"
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
def test_request_with_auth_but_not_logged(moulinette_webapi):
|
class TestAuthCLI:
|
||||||
|
def test_login(self, moulinette_cli, capsys, mocker):
|
||||||
|
mocker.patch('getpass.getpass', return_value='default')
|
||||||
|
moulinette_cli.run(['testauth', 'default'], output_as="plain")
|
||||||
|
message = capsys.readouterr()
|
||||||
|
|
||||||
assert (
|
assert "some_data_from_default" in message.out
|
||||||
moulinette_webapi.get("/test-auth/default", status=401).text
|
|
||||||
== "Authentication required"
|
|
||||||
)
|
|
||||||
|
|
||||||
|
moulinette_cli.run(['testauth', 'default'], output_as="plain", password="default")
|
||||||
|
message = capsys.readouterr()
|
||||||
|
|
||||||
def test_login(moulinette_webapi):
|
assert "some_data_from_default" in message.out
|
||||||
|
|
||||||
assert login(moulinette_webapi).text == "Logged in"
|
def test_login_bad_password(self, moulinette_cli, capsys, mocker):
|
||||||
|
with pytest.raises(MoulinetteError):
|
||||||
|
moulinette_cli.run(['testauth', 'default'], output_as="plain", password="Bad Password")
|
||||||
|
|
||||||
assert "session.id" in moulinette_webapi.cookies
|
mocker.patch('getpass.getpass', return_value="Bad Password")
|
||||||
assert "session.tokens" in moulinette_webapi.cookies
|
with pytest.raises(MoulinetteError):
|
||||||
|
moulinette_cli.run(['testauth', 'default'], output_as="plain")
|
||||||
|
|
||||||
cache_session_default = os.environ["MOULINETTE_CACHE_DIR"] + "/session/default/"
|
def test_login_wrong_profile(self, moulinette_cli, mocker):
|
||||||
assert moulinette_webapi.cookies["session.id"] + ".asc" in os.listdir(
|
mocker.patch('getpass.getpass', return_value='default')
|
||||||
cache_session_default
|
with pytest.raises(MoulinetteError) as exception:
|
||||||
)
|
moulinette_cli.run(['testauth', 'other-profile'], output_as="none")
|
||||||
|
|
||||||
|
translation = m18n.g("invalid_password")
|
||||||
|
expected_msg = translation.format()
|
||||||
|
assert expected_msg in str(exception)
|
||||||
|
|
||||||
def test_login_csrf_attempt(moulinette_webapi):
|
with pytest.raises(MoulinetteError) as exception:
|
||||||
|
moulinette_cli.run(['testauth', 'default'], output_as="none", password="yoloswag")
|
||||||
|
|
||||||
# C.f.
|
expected_msg = translation.format()
|
||||||
# https://security.stackexchange.com/a/58308
|
assert expected_msg in str(exception)
|
||||||
# https://stackoverflow.com/a/22533680
|
|
||||||
|
|
||||||
assert "CSRF protection" in login(moulinette_webapi, csrf=True, status=403).text
|
def test_request_no_auth_needed(self, capsys, moulinette_cli):
|
||||||
assert not any(c.name == "session.id" for c in moulinette_webapi.cookiejar)
|
moulinette_cli.run(['testauth', 'none'], output_as="plain")
|
||||||
assert not any(c.name == "session.tokens" for c in moulinette_webapi.cookiejar)
|
message = capsys.readouterr()
|
||||||
|
|
||||||
|
assert "some_data_from_none" in message.out
|
||||||
|
|
||||||
def test_login_then_legit_request_without_cookies(moulinette_webapi):
|
def test_request_not_logged_only_api(self, capsys, moulinette_cli):
|
||||||
|
moulinette_cli.run(['testauth', 'only-api'], output_as="plain")
|
||||||
|
message = capsys.readouterr()
|
||||||
|
|
||||||
login(moulinette_webapi)
|
assert "some_data_from_only_api" in message.out
|
||||||
|
|
||||||
moulinette_webapi.cookiejar.clear()
|
def test_request_only_cli(self, capsys, moulinette_cli, mocker):
|
||||||
|
mocker.patch('getpass.getpass', return_value='default')
|
||||||
|
moulinette_cli.run(['testauth', 'only-cli'], output_as="plain")
|
||||||
|
|
||||||
moulinette_webapi.get("/test-auth/default", status=401)
|
message = capsys.readouterr()
|
||||||
|
|
||||||
|
assert "some_data_from_only_cli" in message.out
|
||||||
|
|
||||||
def test_login_then_legit_request(moulinette_webapi):
|
def test_request_not_logged_only_cli(self, capsys, moulinette_cli, mocker):
|
||||||
|
mocker.patch('getpass.getpass')
|
||||||
|
with pytest.raises(MoulinetteError) as exception:
|
||||||
|
moulinette_cli.run(['testauth', 'only-cli'], output_as="plain")
|
||||||
|
|
||||||
login(moulinette_webapi)
|
message = capsys.readouterr()
|
||||||
|
assert "some_data_from_only_cli" not in message.out
|
||||||
|
|
||||||
assert (
|
translation = m18n.g("invalid_password")
|
||||||
moulinette_webapi.get("/test-auth/default", status=200).text
|
expected_msg = translation.format()
|
||||||
== '"some_data_from_default"'
|
assert expected_msg in str(exception)
|
||||||
)
|
|
||||||
|
|
||||||
|
|
||||||
def test_login_then_logout(moulinette_webapi):
|
|
||||||
|
|
||||||
login(moulinette_webapi)
|
|
||||||
|
|
||||||
moulinette_webapi.get("/logout", status=200)
|
|
||||||
|
|
||||||
cache_session_default = os.environ["MOULINETTE_CACHE_DIR"] + "/session/default/"
|
|
||||||
assert not moulinette_webapi.cookies["session.id"] + ".asc" in os.listdir(
|
|
||||||
cache_session_default
|
|
||||||
)
|
|
||||||
|
|
||||||
assert (
|
|
||||||
moulinette_webapi.get("/test-auth/default", status=401).text
|
|
||||||
== "Authentication required"
|
|
||||||
)
|
|
||||||
|
|
Loading…
Reference in a new issue