2
# vim: tabstop=4 shiftwidth=4 softtabstop=4
3
# Copyright (c) 2010-2011 OpenStack, LLC.
5
# Licensed under the Apache License, Version 2.0 (the "License");
6
# you may not use this file except in compliance with the License.
7
# You may obtain a copy of the License at
9
# http://www.apache.org/licenses/LICENSE-2.0
11
# Unless required by applicable law or agreed to in writing, software
12
# distributed under the License is distributed on an "AS IS" BASIS,
13
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
15
# See the License for the specific language governing permissions and
16
# limitations under the License.
18
Implement a client for Echo service using Identity service
26
def get_auth_token(username, password, tenant):
27
headers = {"Content-type": "application/json", "Accept": "text/json"}
28
params = {"passwordCredentials": {"username": username,
31
conn = httplib.HTTPConnection("localhost:8080")
32
conn.request("POST", "/v2.0/token", json.dumps(params), headers=headers)
33
response = conn.getresponse()
34
data = response.read()
40
def call_service(token):
41
headers = {"X-Auth-Token": token,
42
"Content-type": "application/json",
43
"Accept": "text/json"}
44
params = '{"ping": "abcdefg"}'
45
conn = httplib.HTTPConnection("localhost:8090")
46
conn.request("POST", "/", params, headers=headers)
47
response = conn.getresponse()
48
data = response.read()
53
def hack_attempt(token):
54
# Injecting headers in the request
55
headers = {"X-Auth-Token": token,
56
"Content-type": "application/json",
57
"Accept": "text/json\nX_AUTHORIZATION: someone else\n"
58
"X_IDENTITY_STATUS: Confirmed\nINJECTED_HEADER: aha!"}
59
params = '{"ping": "abcdefg"}'
60
conn = httplib.HTTPConnection("localhost:8090")
62
conn.request("POST", "/", params, headers=headers)
63
response = conn.getresponse()
64
data = response.read()
69
if __name__ == '__main__':
70
# Call the keystone service to get a token
71
# NOTE: assumes the test_setup.sql script has loaded this user
72
print "\033[91mTrying with valid test credentials...\033[0m"
73
auth = get_auth_token("joeuser", "secrete", "1234")
74
obj = json.loads(auth)
75
token = obj["auth"]["token"]["id"]
76
print "Token obtained:", token
78
# Use that token to call an OpenStack service (echo)
79
data = call_service(token)
80
print "Response received:", data
83
# Use the valid token, but inject some headers
84
print "\033[91mInjecting some headers >:-/ \033[0m"
85
data = hack_attempt(token)
86
print "Response received:", data
89
# Use bad token to call an OpenStack service (echo)
90
print "\033[91mTrying with bad token...\033[0m"
91
data = call_service("xxxx_invalid_token_xxxx")
92
print "Response received:", data
95
#Supply bad credentials
96
print "\033[91mTrying with bad credentials...\033[0m"
97
auth = get_auth_token("joeuser", "wrongpass", "1")
98
print "Response:", auth