Changeset 6060
- Timestamp:
- 27/11/09 09:32:13 (11 years ago)
- Location:
- TI12-security/trunk/python/ndg_security_test/ndg/security/test/unit/wsgi/authz
- Files:
-
- 2 edited
-
test.ini (modified) (1 diff)
-
test_authz.py (modified) (6 diffs)
Legend:
- Unmodified
- Added
- Removed
-
TI12-security/trunk/python/ndg_security_test/ndg/security/test/unit/wsgi/authz/test.ini
r6050 r6060 19 19 20 20 [filter:AuthZFilter] 21 paste.filter_app_factory=ndg.security.server.wsgi.authz: AuthorizationMiddleware.filter_app_factory21 paste.filter_app_factory=ndg.security.server.wsgi.authz:SAMLAuthorizationMiddleware.filter_app_factory 22 22 prefix = authz. 23 23 policy.filePath = %(here)s/policy.xml -
TI12-security/trunk/python/ndg_security_test/ndg/security/test/unit/wsgi/authz/test_authz.py
r6050 r6060 25 25 from paste.deploy import loadapp 26 26 from ndg.security.server.wsgi import NDGSecurityMiddlewareBase 27 from ndg.security.server.wsgi.authz import (SamlPIPMiddlewareConfigError, 27 from ndg.security.server.wsgi.authz import (NdgPIPMiddlewareConfigError, 28 SamlPIPMiddlewareConfigError, 28 29 PEPResultHandlerMiddleware) 29 30 from ndg.security.common.authz.msi import Response 31 30 32 31 33 class RedirectFollowingAccessDenied(PEPResultHandlerMiddleware): … … 48 50 environ, 49 51 start_response) 52 50 53 51 54 class TestAuthZMiddleware(object): … … 83 86 return [TestAuthZMiddleware.response] 84 87 88 85 89 class BeakerSessionStub(dict): 86 90 """Emulate beaker.session session object for purposes of the unit tests … … 88 92 def save(self): 89 93 pass 90 91 class WSGIAuthZTestCase(unittest.TestCase): 94 95 96 class NdgWSGIAuthZTestCase(unittest.TestCase): 92 97 93 98 def __init__(self, *args, **kwargs): … … 105 110 try: 106 111 response = self.app.get('/test_200') 107 except SamlPIPMiddlewareConfigError, e:112 except NdgPIPMiddlewareConfigError, e: 108 113 print("PASS - expected: %s exception: %s" % (e.__class__, e)) 109 114 … … 205 210 print response 206 211 212 213 214 215 class TestAuthZMiddleware(object): 216 '''Test Application for the Authentication handler to protect''' 217 response = "Test Authorization application" 218 219 def __init__(self, app_conf, **local_conf): 220 pass 221 222 def __call__(self, environ, start_response): 223 224 if environ['PATH_INFO'] == '/test_401': 225 status = "401 Unauthorized" 226 227 elif environ['PATH_INFO'] == '/test_403': 228 status = "403 Forbidden" 229 230 elif environ['PATH_INFO'] == '/test_200': 231 status = "200 OK" 232 233 elif environ['PATH_INFO'] == '/test_accessDeniedToSecuredURI': 234 # Nb. AuthZ middleware should intercept the request and bypass this 235 # response 236 status = "200 OK" 237 238 elif environ['PATH_INFO'] == '/test_accessGrantedToSecuredURI': 239 status = "200 OK" 240 else: 241 status = "404 Not found" 242 243 start_response(status, 244 [('Content-length', 245 str(len(TestAuthZMiddleware.response))), 246 ('Content-type', 'text/plain')]) 247 return [TestAuthZMiddleware.response] 248 249 250 class BeakerSessionStub(dict): 251 """Emulate beaker.session session object for purposes of the unit tests 252 """ 253 def save(self): 254 pass 255 256 257 class SamlWSGIAuthZTestCase(unittest.TestCase): 258 259 def __init__(self, *args, **kwargs): 260 here_dir = os.path.dirname(os.path.abspath(__file__)) 261 wsgiapp = loadapp('config:saml-test.ini', relative_to=here_dir) 262 self.app = paste.fixture.TestApp(wsgiapp) 263 264 unittest.TestCase.__init__(self, *args, **kwargs) 265 266 267 def test01CatchNoBeakerSessionFound(self): 268 269 # PEPFilterConfigError is raised if no beaker.session is set in 270 # environ 271 try: 272 response = self.app.get('/test_200') 273 except SamlPIPMiddlewareConfigError, e: 274 print("PASS - expected: %s exception: %s" % (e.__class__, e)) 275 276 def test02Ensure200WithNotLoggedInAndUnsecuredURI(self): 277 278 # Check the authZ middleware leaves the response alone if the URI 279 # is not matched in the policy 280 281 # Simulate a beaker.session in the environ 282 extra_environ={'beaker.session.ndg.security':BeakerSessionStub()} 283 response = self.app.get('/test_200', 284 extra_environ=extra_environ) 285 286 def test03Catch401WithLoggedIn(self): 287 288 # Check that the application being secured can raise a HTTP 401 289 # response and that this respected by the Authorization middleware 290 # even though a user is set in the session 291 292 extra_environ={'beaker.session.ndg.security': 293 BeakerSessionStub(username='testuser')} 294 response = self.app.get('/test_401', 295 extra_environ=extra_environ, 296 status=401) 297 298 def test04Catch403WithLoggedIn(self): 299 300 # Check that the application being secured can raise a HTTP 403 301 # response and that this respected by the Authorization middleware 302 # even though a user is set in the session 303 304 extra_environ={'beaker.session.ndg.security': 305 BeakerSessionStub(username='testuser')} 306 response = self.app.get('/test_403', 307 extra_environ=extra_environ, 308 status=403) 309 310 def test05Catch401WithNotLoggedInAndSecuredURI(self): 311 312 # AuthZ middleware grants access because the URI requested is not 313 # targeted in the policy 314 315 # AuthZ middleware checks for username key in session set by AuthN 316 # handler 317 extra_environ={'beaker.session.ndg.security':BeakerSessionStub()} 318 response = self.app.get('/test_accessDeniedToSecuredURI', 319 extra_environ=extra_environ, 320 status=401) 321 322 def test06AccessDeniedForSecuredURI(self): 323 324 # User is logged in but doesn't have the required credentials for 325 # access 326 extra_environ={'beaker.session.ndg.security': 327 BeakerSessionStub(username='testuser')} 328 329 response = self.app.get('/test_accessDeniedToSecuredURI', 330 extra_environ=extra_environ, 331 status=403) 332 self.assert_("Insufficient privileges to access the " 333 "resource" in response) 334 print response 335 336 def test07AccessGrantedForSecuredURI(self): 337 338 # User is logged in and has credentials for access to a URI secured 339 # by the policy file 340 extra_environ={'beaker.session.ndg.security': 341 BeakerSessionStub(username='testuser')} 342 343 response = self.app.get('/test_accessGrantedToSecuredURI', 344 extra_environ=extra_environ, 345 status=200) 346 self.assert_(TestAuthZMiddleware.response in response) 347 print response 348 349 def test08AccessDeniedForAdminQueryArg(self): 350 351 # User is logged in but doesn't have the required credentials for 352 # access 353 extra_environ={'beaker.session.ndg.security': 354 BeakerSessionStub(username='testuser')} 355 356 # Try this URI with the query arg admin=1. This will be picked up 357 # by the policy as a request requiring admin rights. The request is 358 # denied as the user doesn't have these rights but this then calls 359 # into play the PEP result handler defined in this module, 360 # RedirectFollowingAccessDenied. This class reinvokes the request 361 # but without the admin query argument. Access is then granted for 362 # the redirected request 363 response = self.app.get('/test_accessGrantedToSecuredURI', 364 params={'admin': 1}, 365 extra_environ=extra_environ, 366 status=302) 367 try: 368 redirectResponse = response.follow(extra_environ=extra_environ) 369 except paste.fixture.AppError, e: 370 self.failIf(TestAuthZMiddleware.response not in response) 371 print response 372 373 207 374 if __name__ == "__main__": 208 375 unittest.main()
Note: See TracChangeset
for help on using the changeset viewer.
