from oncall.auth import login_required from oncall.app import ReqBodyMiddleware import falcon import falcon.testing import time import hmac import hashlib import base64 class DummyAPI(object): @login_required def on_get(self, req, resp): resp.content = 'GOOD' @login_required def on_post(self, req, resp): resp.status = falcon.HTTP_201 def test_application_auth(mocker): # Mock DB to get 'abc' as the dummy app key connect = mocker.MagicMock(name='dummyDB') cursor = mocker.MagicMock(name='dummyCursor', rowcount=1) cursor.fetchone.return_value = ['abc'] connect.cursor.return_value = cursor db = mocker.MagicMock() db.connect.return_value = connect mocker.patch('oncall.auth.db', db) # Set up dummy API for auth testing api = falcon.API(middleware=[ReqBodyMiddleware()]) api.add_route('/dummy_path', DummyAPI()) # Test bad auth client = falcon.testing.TestClient(api) re = client.simulate_get('/dummy_path', headers={'AUTHORIZATION': 'hmac dummy:abc'}) assert re.status_code == 401 re = client.simulate_post('/dummy_path', json={'example': 'test'}, headers={'AUTHORIZATION': 'hmac dummy:abc'}) assert re.status_code == 401 # Test good auth for GET request window = int(time.time()) // 5 text = '%s %s %s %s' % (window, 'GET', '/dummy_path?abc=123', '') HMAC = hmac.new(b'abc', text.encode('utf-8'), hashlib.sha512) digest = base64.urlsafe_b64encode(HMAC.digest()).decode('utf-8') auth = 'hmac dummy:%s' % digest re = client.simulate_get('/dummy_path', params={'abc': 123}, headers={'AUTHORIZATION': auth}) assert re.status_code == 200 window = int(time.time()) // 5 body = '{"example": "test"}' text = '%s %s %s %s' % (window, 'POST', '/dummy_path', body) HMAC = hmac.new(b'abc', text.encode('utf-8'), hashlib.sha512) digest = base64.urlsafe_b64encode(HMAC.digest()).decode('utf-8') auth = 'hmac dummy:%s' % digest re = client.simulate_post('/dummy_path', body=body, headers={'AUTHORIZATION': auth}) assert re.status_code == 201