1
Copyright 2010 Canonical Ltd. This software is licensed under the
2
GNU Affero General Public License version 3 (see the file LICENSE).
4
===============================================
5
Testing Authentication Requirements For Methods
6
===============================================
9
Check that authentication restrictions are enforced for given api
10
methods. This is done for every type of user there is in the system
11
and for every exposed method.
13
First of all import all required bits here:
15
>>> from lazr.restfulclient.resource import ServiceRoot
16
>>> from lazr.restfulclient.errors import HTTPError
17
>>> from lazr.restfulclient.authorize import BasicHttpAuthorizer
18
>>> from oauth.oauth import OAuthToken
19
>>> from lazr.restfulclient.authorize.oauth import OAuthAuthorizer
21
Test When No Credentials Are Supplied
22
=====================================
24
Check that user without any credentials (`None`) can access
25
methods: ``registrations.register`` and ``captchas.new``
27
>>> credentials = None
28
>>> api = ServiceRoot(credentials, 'http://localhost:8000/api/1.0')
29
>>> api.registrations.register
30
<lazr.restfulclient.resource.NamedOperation ...>
32
<lazr.restfulclient.resource.NamedOperation ...>
34
But all other methods are inaccessible:
36
>>> methods = ['api.authentications.authenticate',
37
... 'api.authentications.invalidate_token',
38
... 'api.authentications.validate_token',
39
... 'api.authentications.list_tokens',
40
... 'api.accounts.me',
41
... 'api.accounts.validate_email']
42
>>> for method_name in methods:
45
... except HTTPError, e:
46
... print "%s %s" % (method_name, e.response.status)
47
api.authentications.authenticate 401
48
api.authentications.invalidate_token 401
49
api.authentications.validate_token 401
50
api.authentications.list_tokens 401
52
api.accounts.validate_email 401
55
Test When Basic Auth Credentials For Normal Users Are Supplied
56
==============================================================
58
Basic Authentication credentials are only good for accessing
59
``authentications.authenticate`` method:
61
>>> authorizer = BasicHttpAuthorizer('bla', 'logdf3D')
62
>>> api = ServiceRoot(authorizer, 'http://localhost:8000/api/1.0')
63
>>> api.authentications.authenticate
64
<lazr.restfulclient.resource.NamedOperation ...>
66
But rest of ``authentications`` calls are protected
67
(``registrations.register`` is not protected by anything which means
68
that it doesn't care about ``WWW-Authenticate`` header so it is always
69
accessible, no matter which ahtuentication mechanism you're using).
71
>>> methods = ['api.authentications.list_tokens',
72
... 'api.accounts.me',
73
... 'api.accounts.validate_email']
74
>>> for method_name in methods:
76
... exec 'print ' + method_name
77
... except HTTPError, e:
78
... print "%s %s" % (method_name, e.response.status)
79
api.authentications.list_tokens 401
81
api.accounts.validate_email 401
84
Test When OAuth Auth Credentials For Normal Users Are Supplied
85
==============================================================
87
After going through ``authentications.authenticate`` you'll have ``OAuth``
88
token and be able to access only ``accounts.me`` and
89
``accounts.validate_email``.
91
>>> token = {"token": "this-is-valid-token",
92
... "token_secret": "this-is-valid-token-secret",
93
... "consumer_key": "consumer",
94
... "consumer_secret": "big-secret"}
95
>>> oauth_token = OAuthToken(token['token'], token['token_secret'])
96
>>> authorizer = OAuthAuthorizer(token['consumer_key'],
97
... token['consumer_secret'], oauth_token)
98
>>> api = ServiceRoot(authorizer, 'http://localhost:8000/api/1.0')
101
Now only ``accounts.me`` and ``accounts.validate_email`` should be
105
<lazr.restfulclient.resource.NamedOperation ...>
106
>>> api.accounts.validate_email
107
<lazr.restfulclient.resource.NamedOperation ...>
109
Rest of the API calls should return 401 error:
110
>>> methods = ['api.authentications.authenticate',
111
... 'api.authentications.invalidate_token']
112
>>> for method_name in methods:
115
... except HTTPError, e:
116
... print "%s %s" % (method_name, e.response.status)
117
api.authentications.authenticate 401
118
api.authentications.invalidate_token 401
121
Test When Basic Auth Credentials For Server API User Are Supplied
122
=================================================================
124
By providing credentials for API user you should get access to
125
different set of API calls:
127
>>> authorizer = BasicHttpAuthorizer('MyUsername', 'password')
128
>>> api = ServiceRoot(authorizer, 'http://localhost:8000/api/1.0')
129
>>> api.authentications.validate_token
130
<lazr.restfulclient.resource.NamedOperation ...>
131
>>> api.authentications.list_tokens
132
<lazr.restfulclient.resource.NamedOperation ...>
133
>>> api.authentications.invalidate_token
134
<lazr.restfulclient.resource.NamedOperation ...>
136
Rest of the methods should be inaccessible:
138
>>> methods = ['api.authentications.authenticate',
139
... 'api.accounts.me',
140
... 'api.accounts.validate_email']
141
>>> for method_name in methods:
144
... except HTTPError, e:
145
... print "%s %s" % (method_name, e.response.status)
146
api.auathntications.authenticate 401
148
api.accounts.validate_email 401