diff --git a/djblets/webapi/tests/test_api_auth_backend.py b/djblets/webapi/tests/test_api_auth_backend.py new file mode 100644 index 0000000000000000000000000000000000000000..699730e55f7a58ea5ee7c955a4a0a943ae41493f --- /dev/null +++ b/djblets/webapi/tests/test_api_auth_backend.py @@ -0,0 +1,95 @@ +"""Unit tests for the web API token auth backend.""" + +from __future__ import unicode_literals + +import logging + +from django.contrib.auth.models import User +from django.contrib.sessions.middleware import SessionMiddleware +from django.db import models +from django.test.client import RequestFactory +from django.test.utils import override_settings +from kgb import SpyAgency + +from djblets.testing.testcases import TestCase, TestModelsLoaderMixin +from djblets.webapi.auth.backends.api_tokens import (TokenAuthBackendMixin, + WebAPITokenAuthBackend) + + +class TestWebAPITokenModel(models.Model): + """Mock WebAPI Token Model for testing purposes.""" + + user = models.ForeignKey(User, related_name='webapi_tokens') + token = models.CharField(max_length=40, unique=True) + + +class TestTokenAuthBackend(TokenAuthBackendMixin): + """Mock Token Auth Backend for testing purposes.""" + + api_token_model = TestWebAPITokenModel + + +@override_settings(AUTHENTICATION_BACKENDS=( + 'djblets.webapi.tests.test_api_auth_backend.TestTokenAuthBackend', +)) +class WebAPITokenAuthBackendTests(SpyAgency, TestModelsLoaderMixin, TestCase): + """Unit tests for the WebAPITokenAuthBackend.""" + + tests_app = 'djblets.webapi.tests' + + def setUp(self): + super(WebAPITokenAuthBackendTests, self).setUp() + + self.api_token_auth_backend = WebAPITokenAuthBackend() + self.request = RequestFactory().get('/') + SessionMiddleware().process_request(self.request) + + def test_get_credentials_no_token_realm(self): + """Testing Token Auth get_credentials with non-token realm""" + self.request.META['HTTP_AUTHORIZATION'] = 'NotTokenRealm tokenHere' + result = self.api_token_auth_backend.get_credentials(self.request) + self.assertIsNone(result) + + def test_get_credentials_missing_credentials(self): + """Testing Token Auth get_credentials with missing token""" + self.request.META['HTTP_AUTHORIZATION'] = 'token' + self.spy_on(logging.warning) + + result = self.api_token_auth_backend.get_credentials(self.request) + self.assertIsNone(result) + + warning_message = logging.warning.spy.last_call.args[0] + self.assertTrue(warning_message.startswith( + 'WebAPITokenAuthBackend: Missing token in HTTP_AUTHORIZATION ' + 'header')) + + def test_get_credentials_valid_credentials(self): + """Testing Token Auth get_credentials with valid credentials""" + token = 'myToken' + self.request.META['HTTP_AUTHORIZATION'] = 'token %s' % token + + result = self.api_token_auth_backend.get_credentials(self.request) + self.assertEqual(result, {'token': token}) + + def test_authenticate_valid_credentials(self): + """Testing Token Auth authenticate succeeds""" + token = 'invalidtoken123' + self.user = User.objects.create_user(username='testuser') + TestWebAPITokenModel.objects.create(user=self.user, token=token) + self.request.user = User() + self.request.META['HTTP_AUTHORIZATION'] = 'token %s' % token + + result = self.api_token_auth_backend.authenticate(self.request) + self.assertEqual(result, (True, None, None)) + self.assertNotEqual(self.request.META['CSRF_COOKIE'], '') + + def test_authenticate_wrong_token(self): + """Testing Token Auth authenticate failed with wrong token""" + token = 'invalidtoken123' + self.user = User.objects.create_user(username='testuser') + TestWebAPITokenModel.objects.create(user=self.user, token=token) + self.request.user = User() + self.request.META['HTTP_AUTHORIZATION'] = 'token bad_token' + + result = self.api_token_auth_backend.authenticate(self.request) + self.assertEqual(result, (False, None, None)) diff --git a/djblets/webapi/tests/test_basic_auth_backend.py b/djblets/webapi/tests/test_basic_auth_backend.py new file mode 100644 index 0000000000000000000000000000000000000000..52554d9b179ff266a079705381b598218b18e49b --- /dev/null +++ b/djblets/webapi/tests/test_basic_auth_backend.py @@ -0,0 +1,189 @@ +"""Unit tests for the web API basic auth backend.""" + +from __future__ import unicode_literals + +import base64 +import logging + +from django.contrib.auth.models import AnonymousUser, User +from django.contrib.sessions.middleware import SessionMiddleware +from django.test.client import RequestFactory +from kgb import SpyAgency + +from djblets.testing.testcases import TestCase +from djblets.webapi.auth.backends.basic import WebAPIBasicAuthBackend + + +class WebAPIBasicAuthBackendTests(SpyAgency, TestCase): + """Unit tests for the WebAPIBasicAuthBackend.""" + + def setUp(self): + super(WebAPIBasicAuthBackendTests, self).setUp() + + self.basic_auth_backend = WebAPIBasicAuthBackend() + self.request = RequestFactory().get('/') + SessionMiddleware().process_request(self.request) + self.request.user = AnonymousUser() + self.user = User.objects.create_user( + username='testuser', + email='testcase@test.com', + password='testpassword') + + def test_get_credentials_no_basic_realm(self): + """Testing Basic Auth get_credentials with non-basic realm""" + self.request.META['HTTP_AUTHORIZATION'] = 'Token tokenHere' + result = self.basic_auth_backend.get_credentials(self.request) + self.assertIsNone(result) + + def test_get_credentials_valid_credentials(self): + """Testing Basic Auth get_credentials with credentials""" + username = 'username' + password = 'password' + encoded_credentials = base64.b64encode('%s:%s' % (username, password)) + header = 'Basic ' + encoded_credentials + self.request.META['HTTP_AUTHORIZATION'] = header + + result = self.basic_auth_backend.get_credentials(self.request) + + self.assertEqual(result, { + 'username': username, + 'password': password, + }) + + def test_get_credentials_malformed_credentials(self): + """Testing Basic Auth get_credentials with malformed credentials""" + header = 'Basic ' + base64.b64encode('Some malfomred credentials') + self.request.META['HTTP_AUTHORIZATION'] = header + self.spy_on(logging.warning) + + result = self.basic_auth_backend.get_credentials(self.request) + warning_message = logging.warning.spy.last_call.args[0] + + self.assertIsNone(result) + self.assertTrue(warning_message.startswith( + 'Failed to parse HTTP_AUTHORIZATION header')) + + def test_authenticate_valid_credentials(self): + """Testing Basic Auth authenicate with valid credentials""" + credentials = '%s:%s' % ('testuser', 'testpassword') + header = 'Basic ' + base64.b64encode(credentials) + self.request.META['HTTP_AUTHORIZATION'] = header + + result = self.basic_auth_backend.authenticate(self.request) + + self.assertEqual(result, (True, None, None)) + + def test_authenticate_wrong_header(self): + """Testing Basic Auth authenicate with wrong header""" + credentials = '%s:%s' % ('testuser', 'testpassword') + header = 'Token ' + base64.b64encode(credentials) + self.request.META['HTTP_AUTHORIZATION'] = header + + result = self.basic_auth_backend.authenticate(self.request) + + self.assertIsNone(result) + + def test_authenticate_wrong_password(self): + """Testing Basic Auth authenicate with invalid credentials""" + credentials = '%s:%s' % ('testuser', 'wrongpassword') + header = 'Basic ' + base64.b64encode(credentials) + self.request.META['HTTP_AUTHORIZATION'] = header + + result = self.basic_auth_backend.authenticate(self.request) + + self.assertEqual(result, (False, None, None)) + + def test_login_with_credentials_valid_credentials(self): + """Testing Basic Auth login_with_credentials with valid credentials""" + username = 'testuser' + password = 'testpassword' + encoded_credentials = base64.b64encode('%s:%s' % (username, password)) + header = 'Basic ' + encoded_credentials + self.request.META['HTTP_AUTHORIZATION'] = header + + result = self.basic_auth_backend.login_with_credentials( + self.request, username=username, password=password) + + self.assertEqual(result, (True, None, None)) + + def test_login_bypass_authentication(self): + """Testing Basic Auth login_with_credentials with currently logged in + user""" + username = 'testuser' + password = 'testpassword' + encoded_credentials = base64.b64encode('%s:%s' % (username, password)) + header = 'Basic ' + encoded_credentials + self.request.META['HTTP_AUTHORIZATION'] = header + self.request.user = self.user + + result = self.basic_auth_backend.login_with_credentials( + self.request, username=username, password=password) + + self.assertEqual(result, (True, None, None)) + + def test_login_with_credentials_incorrect_pass(self): + """Testing Basic Auth login_with_credentials with incorrect password""" + username = 'testuser' + password = 'wrongpassword' + encoded_credentials = base64.b64encode('%s:%s' % (username, password)) + header = 'Basic ' + encoded_credentials + self.request.META['HTTP_AUTHORIZATION'] = header + + result = self.basic_auth_backend.login_with_credentials( + self.request, username=username, password=password) + + self.assertEqual(result, (False, None, None)) + + def test_login_with_credentials_incorrect_user(self): + """Testing Basic Auth login_with_credentials with invalid user""" + username = 'wronguser' + password = 'testpassword' + encoded_credentials = base64.b64encode('%s:%s' % (username, password)) + header = 'Basic ' + encoded_credentials + self.request.META['HTTP_AUTHORIZATION'] = header + self.request.user = self.user + + result = self.basic_auth_backend.login_with_credentials( + self.request, username=username, password=password) + + self.assertEqual(result, (False, None, None)) + + def test_validate_credentials_valid(self): + """Testing Basic Auth validate_credentials with valid credentials""" + self.request.user = self.user + result = self.basic_auth_backend.validate_credentials( + self.request, username='testuser', password='testpassword') + + self.assertEqual(result, (True, None, None)) + + def test_validate_credentials_invalid_user(self): + """Testing Basic Auth validate_credentials with invalid user""" + result = self.basic_auth_backend.validate_credentials( + self.request, username='testuser', password='testpassword') + + self.assertIsNone(result) + + def test_validate_credentials_invalid_credentials(self): + """Testing Basic Auth validate_credentials with invalid credentials""" + self.request.user = self.user + result = self.basic_auth_backend.validate_credentials( + self.request, username='differentuser', password='testpassword') + + self.assertIsNone(result) + + def test_clean_credentials_for_display_removes_credentials(self): + """Testing Basic Auth clean_credentials_for_display""" + credentials = { + 'api': 'has exact match', + 'oauth2_token': 'has partial match', + 'apikey2': 'no match as word but contains match sub string', + 'secre': 'no match, similar only', + } + removed_credential = '************' + clean_credentials = \ + self.basic_auth_backend.clean_credentials_for_display(credentials) + + self.assertEqual(clean_credentials['api'], removed_credential) + self.assertEqual(clean_credentials['oauth2_token'], removed_credential) + self.assertEqual(clean_credentials['apikey2'], removed_credential) + self.assertEqual(clean_credentials['secre'], credentials['secre'])