0003-passerelle-use-shared_secret-for-ApiUser.key-fixes-8.patch

Benjamin Dauvergne, 18 décembre 2015 12:04

Voir les différences: en ligne côte à côte

Subject: [PATCH 3/3] passerelle: use shared_secret for ApiUser.key (fixes
 #8580)

 .../passerelle/management/commands/hobo_deploy.py  | 14 +++++-
 jenkins.sh                                         |  6 ++-
 tests_passerelle/conftest.py                       | 15 ++++++
 tests_passerelle/settings.py                       | 25 ++++++++++
 tests_passerelle/test_deploy.py                    | 57 ++++++++++++++++++++++
 tox.ini                                            | 28 +++++++++++
 6 files changed, 142 insertions(+), 3 deletions(-)
 create mode 100644 tests_passerelle/conftest.py
 create mode 100644 tests_passerelle/settings.py
 create mode 100644 tests_passerelle/test_deploy.py

     from tenant_schemas.utils import tenant_context
     from hobo.agent.common.management.commands import hobo_deploy
     from hobo.multitenant.settings_loaders import KnownServices
     from passerelle.base.models import ApiUser
-...
         def deploy_specifics(self, hobo_environment, tenant):
             super(Command, self).deploy_specifics(hobo_environment, tenant)
             with tenant_context(tenant):
                 for service in hobo_environment.get('services'):
                 services = hobo_environment.get('services')
                 for service in services:
                     if service.get('this'):
                         this = service
                         break
                 else:
                     raise RuntimeError('unable to find this service')
                 our_key = this['secret_key']
                 for service in services:
                     if service.get('this') or not service.get('secret_key'):
                         continue
                     domain = urlparse.urlparse(service.get('base_url')).netloc.split(':')[0]
                     obj, created = ApiUser.objects.get_or_create(username=domain,
                                                                  keytype='SIGN')
                     obj.fullname = service.get('title')
                     obj.key = service.get('secret_key')
                     their_key = service.get('secret_key')
                     obj.key = KnownServices.shared_secret(our_key, their_key)
                     obj.save()

     #!/bin/sh
     set -e # prevent hiding of errors
     rm -f *coverage.xml
     rm -f *test_results.xml
-...
     tox
     ./merge-junit-results.py hobo_server_test_results.xml multitenant_test_results.xml authentic2_agent_test_results.xml >test_results.xml
     ./merge-junit-results.py hobo_server_test_results.xml multitenant_test_results.xml authentic2_agent_test_results.xml passerelle_agent_test_results.xml >test_results.xml
     ./merge-coverage.py -o coverage.xml *_coverage.xml
     test -f pylint.out && cp pylint.out pylint.out.prev
     (pylint -f parseable --rcfile /var/lib/jenkins/pylint.django.rc hobo | tee pylint.out) || /bin/true
     test -f pylint.out.prev && (diff pylint.out.prev pylint.out | grep '^[><]' | grep .py) || /bin/true
     echo OK

     import os
     import tempfile
     import shutil
     import json
     import pytest
     @pytest.fixture
     def tenant_base(request, settings):
         base = tempfile.mkdtemp('passerelle-tenant-base')
         settings.TENANT_BASE = base
         def fin():
             shutil.rmtree(base)
         request.addfinalizer(fin)
         return tenant_base

     import os.path
     import __builtin__ as builtin
     from mock import mock_open, patch
     import os
     # Debian defaults
     DEBUG = False
     PROJECT_NAME = 'passerelle'
+    #
     # hobotization (multitenant)
+    #
     with patch.object(builtin, 'file', mock_open(read_data='xxx')):
         execfile(os.environ['DEBIAN_CONFIG_COMMON'])
     # suds logs are buggy
     LOGGING['loggers']['suds'] = {
             'level': 'ERROR',
             'handlers': ['mail_admins', 'sentry'],
             'propagate': True,
+    }
     # Add passerelle hobo agent
     INSTALLED_APPS = ('hobo.agent.passerelle',) + INSTALLED_APPS

     import json
     import sys
     import time
     from tenant_schemas.utils import tenant_context
     from hobo.multitenant.middleware import TenantMiddleware
     from django.core.management import call_command
     import StringIO
     def test_deploy_specifics(db, tenant_base):
         from django.conf import settings
         from passerelle.base.models import ApiUser
         hobo_json = {
             'variables': {
                 'hobo_test_variable': True,
                 'other_variable': 'foo',
             },
             'services': [
+                {
                     'slug': 'test',
                     'title': 'Test',
                     'service-id': 'welco',
                     'this': True,
                     'secret_key': '12345',
                     'base_url': 'http://passerelle.example.net',
                     'saml-sp-metadata-url': 'http://passerelle.example.net/saml/metadata',
                     'variables': {
                         'other_variable': 'bar',
+                    }
                 },
+                {
                     'slug': 'other',
                     'title': 'Other',
                     'secret_key': 'abcde',
                     'service-id': 'wcs',
                     'base_url': 'http://wcs.example.net'
                 },
+            ]
+        }
         old_stdin = sys.stdin
         sys.stdin = StringIO.StringIO(json.dumps(hobo_json))
         try:
             call_command('hobo_deploy', 'http://passerelle.example.net', '-')
         finally:
             sys.stdin = old_stdin
         assert len(list(TenantMiddleware.get_tenants())) == 1
         tenant = next(TenantMiddleware.get_tenants())
         with tenant_context(tenant):
             # There is a 3 seconds cache now, hobo.json could be outdated
             settings.clear_tenants_settings()
             other = settings.KNOWN_SERVICES['wcs']['other']
             secret = other['secret']
             assert ApiUser.objects.filter(username=other['verif_orig'], keytype='SIGN',
                                           key=secret).count() == 1

       pylint==1.4.0
       astroid==1.3.2
       WebTest
     [testenv:hobo-agent-passerelle]
     # django.contrib.auth is not tested it does not work with our templates
     whitelist_externals =
         /bin/mv
         pip
     setenv =
         DEBIAN_CONFIG_COMMON=debian/debian_config_common.py
         DJANGO_SETTINGS_MODULE=passerelle.settings
         PASSERELLE_SETTINGS_FILE=tests_passerelle/settings.py
     commands =
         ./getlasso.sh
         pip install http://git.entrouvert.org/passerelle.git/snapshot/passerelle-master.tar.gz
         py.test --junitxml=passerelle_agent_test_results.xml --cov-report xml --cov=hobo/ --cov-config .coveragerc --nomigration tests_passerelle/
         mv coverage.xml passerelle_agent_coverage.xml
     usedevelop = True
     deps = django>1.7,<1.8
       coverage
       pytest
       pytest-cov
       pytest-django
       pytest-mock
       mock
       raven
       cssselect
       pylint==1.4.0
       astroid==1.3.2
       WebTest
+    -

Projet

Général

Profil

Produits Entr'ouvert » Hobo

0003-passerelle-use-shared_secret-for-ApiUser.key-fixes-8.patch