Projet

Général

Profil

0001-fix-key-type-in-request-signing-7866.patch

Serghei Mihai, 22 juillet 2015 14:20

Télécharger (5,08 ko)

Voir les différences: 

Subject: [PATCH] fix key type in request signing (#7866)

Tests for api access and signature check added

 passerelle/base/signature.py |  2 ++
 tests/test_api_access.py     | 81 ++++++++++++++++++++++++++++++++++++++++++++
 tests/test_signature.py      | 23 +++++++++++++
 3 files changed, 106 insertions(+)
 create mode 100644 tests/test_api_access.py
 create mode 100644 tests/test_signature.py
passerelle/base/signature.py
33 33 

  		




  34
  34
  
    
def sign_string(s, key, algo='sha256', timedelta=30):

  		




  35
  35
  
    
    digestmod = getattr(hashlib, algo)

  		




  
  36
  
    
    if isinstance(key, unicode):

  		




  
  37
  
    
        key = key.encode('utf-8')

  		




  36
  38
  
    
    hash = hmac.HMAC(key, digestmod=digestmod, msg=s)

  		




  37
  39
  
    
    return hash.digest()

  		




  38
  40
  
    

  		












  

    
      tests/test_api_access.py
    
  





  
  1
  
    
import re

  		




  
  2
  
    
import sys

  		




  
  3
  
    
import mock

  		




  
  4
  
    

  		




  
  5
  
    
from django.contrib.auth.models import User

  		




  
  6
  
    
from django.core.wsgi import get_wsgi_application

  		




  
  7
  
    
import pytest

  		




  
  8
  
    
from webtest import TestApp

  		




  
  9
  
    

  		




  
  10
  
    
from passerelle.base import signature

  		




  
  11
  
    

  		




  
  12
  
    
pytestmark = pytest.mark.django_db

  		




  
  13
  
    

  		




  
  14
  
    
@pytest.fixture

  		




  
  15
  
    
def admin_user():

  		




  
  16
  
    
    try:

  		




  
  17
  
    
        user = User.objects.get(username='admin')

  		




  
  18
  
    
    except User.DoesNotExist:

  		




  
  19
  
    
        user = User.objects.create_superuser('admin', email=None, password='admin')

  		




  
  20
  
    
    return user

  		




  
  21
  
    

  		




  
  22
  
    
def login(app, username='admin', password='admin'):

  		




  
  23
  
    
    login_page = app.get('/login/')

  		




  
  24
  
    
    login_form = login_page.forms[0]

  		




  
  25
  
    
    login_form['username'] = username

  		




  
  26
  
    
    login_form['password'] = password

  		




  
  27
  
    
    resp = login_form.submit()

  		




  
  28
  
    
    assert resp.status_int == 302

  		




  
  29
  
    
    return app

  		




  
  30
  
    

  		




  
  31
  
    
def create_api_user(app):

  		




  
  32
  
    
    # go to "Access Management" page

  		




  
  33
  
    
    resp = app.get('/manage/access/', status=200)

  		




  
  34
  
    
    assert 'Add API User' in resp.body

  		




  
  35
  
    
    resp = resp.click('Add API User')

  		




  
  36
  
    
    resp.forms[0]['username'] = 'eservices'

  		




  
  37
  
    
    resp.forms[0]['fullname'] = 'Eservices User'

  		




  
  38
  
    
    resp.forms[0]['keytype'] = 'SIGN'

  		




  
  39
  
    
    resp.forms[0]['key'] = '12345'

  		




  
  40
  
    
    resp = resp.forms[0].submit()

  		




  
  41
  
    
    assert resp.status_int == 302

  		




  
  42
  
    
    assert resp.location == 'http://localhost:80/manage/access/'

  		




  
  43
  
    
    resp = resp.follow()

  		




  
  44
  
    
    assert 'Eservices User' in resp.body

  		




  
  45
  
    
    assert 'SIGN' in resp.body

  		




  
  46
  
    
    return app

  		




  
  47
  
    

  		




  
  48
  
    
@mock.patch('bdp.models.requests.get')

  		




  
  49
  
    
def test_connector_access(mock_get, admin_user):

  		




  
  50
  
    
    app = login(TestApp(get_wsgi_application()))

  		




  
  51
  
    
    app = create_api_user(app)

  		




  
  52
  
    
    resp = app.get('/manage/', status=200)

  		




  
  53
  
    
    resp = resp.click('Add Connector')

  		




  
  54
  
    
    assert 'Business Process Connectors' in resp.body

  		




  
  55
  
    
    assert 'BDP Web Service' in resp.body

  		




  
  56
  
    
    resp = resp.click('BDP Web Service')

  		




  
  57
  
    
    resp.forms[0]['title'] = 'Test Connector'

  		




  
  58
  
    
    resp.forms[0]['description'] = 'Connector for a simple test'

  		




  
  59
  
    
    resp.forms[0]['service_url'] = 'http://service.url'

  		




  
  60
  
    
    resp.forms[0]['username'] = 'username'

  		




  
  61
  
    
    resp.forms[0]['password'] = 'password'

  		




  
  62
  
    
    resp = resp.forms[0].submit()

  		




  
  63
  
    
    assert resp.status_int == 302

  		




  
  64
  
    
    assert resp.location == 'http://localhost:80/bdp/test-connector/'

  		




  
  65
  
    
    resp = resp.follow()

  		




  
  66
  
    
    assert 'BDP - Test Connector' in resp.body

  		




  
  67
  
    
    resp = app.get('/manage/', status=200)

  		




  
  68
  
    
    assert 'Test Connector' in resp.body

  		




  
  69
  
    
    resp = resp.click('Test Connector')

  		




  
  70
  
    
    assert 'Add' in resp.body

  		




  
  71
  
    
    resp = resp.click('Add')

  		




  
  72
  
    
    resp.forms[0]['apiuser'] = 1

  		




  
  73
  
    
    resp.forms[0].submit()

  		




  
  74
  
    
    # call with no signature

  		




  
  75
  
    
    resp = app.get('/bdp/test-connector/resources/', status=403)

  		




  
  76
  
    
    # sign url

  		




  
  77
  
    
    url = signature.sign_url('/bdp/test-connector/resources/?orig=eservices', '12345')

  		




  
  78
  
    
    response = mock.Mock()

  		




  
  79
  
    
    response.json.return_value = {}

  		




  
  80
  
    
    mock_get.return_value = response

  		




  
  81
  
    
    resp = app.get(url, status=200)

  		












  

    
      tests/test_signature.py
    
  





  
  1
  
    
import base64

  		




  
  2
  
    

  		




  
  3
  
    
from django.test import TestCase

  		




  
  4
  
    

  		




  
  5
  
    
from passerelle.base import signature

  		




  
  6
  
    

  		




  
  7
  
    
class SignatureTestCase(TestCase):

  		




  
  8
  
    
    def setUp(self):

  		




  
  9
  
    
        self.key = '12345'

  		




  
  10
  
    
        self.message = 'orig=passerelle&NameID=secret'

  		




  
  11
  
    
        self.algo = 'sha1'

  		




  
  12
  
    

  		




  
  13
  
    
    def test_sign_string_with_string_key(self):

  		




  
  14
  
    
        encoded = base64.b64encode(signature.sign_string(self.message, self.key))

  		




  
  15
  
    
        self.assertEqual(encoded, 'JC6K3+PCt3YKxZ9eCtEOoF+JfzQBmMeZvvxJ6VhXUXY=')

  		




  
  16
  
    

  		




  
  17
  
    
    def test_sign_string_with_string_key_sha1(self):

  		




  
  18
  
    
        encoded = base64.b64encode(signature.sign_string(self.message, self.key, algo=self.algo))

  		




  
  19
  
    
        self.assertEqual(encoded, 'lOt5eyEvLJDTVl11pSqOPDJImgM=')

  		




  
  20
  
    

  		




  
  21
  
    
    def test_sign_string_with_unicode_key(self):

  		




  
  22
  
    
        encoded = base64.b64encode(signature.sign_string(self.message, unicode(self.key)))

  		




  
  23
  
    
        self.assertEqual(encoded, 'JC6K3+PCt3YKxZ9eCtEOoF+JfzQBmMeZvvxJ6VhXUXY=')

  		




  0
  
  
    
-