source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/integration/openidrelyingparty_withapp/securedapp.py @ 5543

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/integration/openidrelyingparty_withapp/securedapp.py@5543
Revision 5543, 7.9 KB checked in by pjkersha, 11 years ago (diff)

Fixes for testing OpenID Relying Party running in the application code stack instead of the separate services stack.

Line 
1#!/usr/bin/env python
2"""NDG Security test harness for authorisation middleware used to secure an
3application
4
5NERC DataGrid Project
6"""
7__author__ = "P J Kershaw"
8__date__ = "20/11/08"
9__copyright__ = "(C) 2009 Science and Technology Facilities Council"
10__license__ = "BSD - See top-level directory for LICENSE file"
11__contact__ = "Philip.Kershaw@stfc.ac.uk"
12__revision__ = "$Id$"
13
14   
15def app_factory(globalConfig, **localConfig):
16    '''AuthZTestApp factory for Paste app pattern'''
17    return AuthZTestApp(None, globalConfig, **localConfig)
18
19def filter_app_factory(app, globalConfig, **localConfig):
20    '''AuthZTestApp factory for Paste filter app pattern'''
21    return AuthZTestApp(app, globalConfig, **localConfig)
22
23class AuthZTestApp(object):
24    """This class simulates the application to be secured by the NDG Security
25    authorization middleware
26    """
27    method = {
28"/": 'default',
29"/test_401": "test_401",
30"/test_403": "test_403",
31"/test_securedURI": "test_securedURI",
32"/test_accessDeniedToSecuredURI": "test_accessDeniedToSecuredURI"
33    }
34    header = """        <h1>Authorisation Integration Tests:</h1>
35        <p>Test Authorisation middleware with no Session Manager running.
36        See the authz/ integration test directory for a configuration including
37        a Session Manager</p>
38        <p>These tests use require the security services application to be
39        running.  See securityserviceapp.py and securityservices.ini in the
40        authz_lite/ integration test directory.</p>
41        <h2>To Run:</h2>
42        <p>Try any of the links below.  When prompt for username and password,
43        enter one of the sets of credentials from securityservices.ini
44        openid.provider.authN.userCreds section.  The defaults are:
45        </p>
46        <p>pjk/testpassword</p>
47        <p>another/testpassword</p>
48        <p>The attributeinterface.py AttributeAuthority plugin is configured to
49        grant access to 'pjk' for all URLs below apart from
50        'test_accessDeniedToSecuredURI'.  The 'another' account will be denied
51        access from all URLs apart from 'test_401'</p>
52"""
53
54    def __init__(self, app, globalConfig, **localConfig):
55        self.beakerSessionKeyName = globalConfig['beakerSessionKeyName']
56        self.app = app
57           
58    def __call__(self, environ, start_response):
59       
60        methodName = self.method.get(environ['PATH_INFO'], '').rstrip()
61        if methodName:
62            action = getattr(self, methodName)
63            return action(environ, start_response)
64        elif environ['PATH_INFO'] == '/logout':
65            return self.default(environ, start_response)
66       
67        elif self.app is not None:
68            return self.app(environ, start_response)
69        else:
70            start_response('404 Not Found', [('Content-type', 'text/plain')])
71            return "Authorisation integration tests: invalid URI"
72           
73    def default(self, environ, start_response):
74        if 'username' in environ.get(self.beakerSessionKeyName, {}):
75            response = """<html>
76    <head/>
77    <body>
78        %s
79        <ul>%s</ul>
80        <p>You are logged in with OpenID [%s].  <a href="/logout">Logout</a></p>
81    </body>
82</html>
83""" % (AuthZTestApp.header,
84       '\n'.join(['<li><a href="%s">%s</a></li>' % (link, name) 
85                 for link,name in self.method.items() if name != 'default']),
86       environ[self.beakerSessionKeyName]['username'])
87       
88            start_response('200 OK', 
89                           [('Content-type', 'text/html'),
90                            ('Content-length', str(len(response)))])
91        else:
92            response = """<html>
93    <head/>
94    <body>
95        %s
96        <ul>%s</ul>
97    </body>
98</html>
99""" % (AuthZTestApp.header,
100       '\n'.join(['<li><a href="%s">%s</a></li>' % (link, name) 
101                 for link,name in self.method.items() if name != 'default'])
102       )
103
104            start_response('200 OK', 
105                           [('Content-type', 'text/html'),
106                            ('Content-length', str(len(response)))])
107        return response
108
109    def test_401(self, environ, start_response):
110        response = """<html>
111    <head/>
112    <body>
113        <h1>Authenticated!</h1>
114        <ul>%s</ul>
115        <p>You are logged in.  <a href="/logout">Logout</a></p>
116    </body>
117</html>
118""" % '\n'.join(['<li><a href="%s">%s</a></li>' % (link, name) 
119                 for link,name in self.method.items() if name != 'default'])
120
121        start_response('200 OK', 
122                       [('Content-type', 'text/html'),
123                        ('Content-length', str(len(response)))])
124        return response
125
126    def test_403(self, environ, start_response):
127        """Trigger the Authorization middleware by returning a 403 Forbidden
128        HTTP status code from this URI"""
129       
130        response = """<html>
131    <head/>
132    <body>
133        <h1>Authorised!</h1>
134        <ul>%s</ul>
135        <p>You are logged in with OpenID [%s].  <a href="/logout">Logout</a></p>
136    </body>
137</html>
138""" % ('\n'.join(['<li><a href="%s">%s</a></li>' % (link, name) 
139                 for link,name in self.method.items() if name != 'default']),
140       environ[self.beakerSessionKeyName]['username'])
141
142        start_response('200 OK', 
143                       [('Content-type', 'text/html'),
144                        ('Content-length', str(len(response)))])
145        return response
146
147    def test_securedURI(self, environ, start_response):
148        """To be secured, the Authorization middleware must have this URI in
149        its policy"""
150        response = """<html>
151    <head/>
152    <body>
153        <h1>Authorised for path [%s]!</h1>
154        <ul>%s</ul>
155        <p>You are logged in with OpenID [%s].  <a href="/logout">Logout</a></p>
156    </body>
157</html>
158""" % (environ['PATH_INFO'],
159       '\n'.join(['<li><a href="%s">%s</a></li>' % (link, name) 
160                 for link,name in self.method.items() if name != 'default']),
161       environ[self.beakerSessionKeyName]['username'])
162
163
164        start_response('200 OK', 
165                       [('Content-type', 'text/html'),
166                        ('Content-length', str(len(response)))])
167        return response
168
169
170    def test_accessDeniedToSecuredURI(self, environ, start_response):
171        """To be secured, the Authorization middleware must have this URI in
172        its policy and the user must not have the required role as specified
173        in the policy.  See ndg.security.test.config.attributeauthority.sitea
174        for user role settings retrieved from the attribute authority"""
175        response = """<html>
176    <head/>
177    <body>
178        <h1>Authorised for path [%s]!</h1>
179        <ul>%s</ul>
180        <p>You are logged in with OpenID [%s].  <a href="/logout">Logout</a></p>
181    </body>
182</html>
183""" % (environ['PATH_INFO'],
184       '\n'.join(['<li><a href="%s">%s</a></li>' % (link, name) 
185                 for link,name in self.method.items() if name != 'default']),
186       environ[self.beakerSessionKeyName]['username'])
187
188
189        start_response('200 OK', 
190                       [('Content-type', 'text/html'),
191                        ('Content-length', str(len(response)))])
192        return response
193   
194    @classmethod
195    def app_factory(cls, globalConfig, **localConfig):
196        return cls(None, globalConfig, **localConfig)
197   
198    @classmethod
199    def filter_app_factory(cls, app, globalConfig, **localConfig):
200        return cls(app, globalConfig, **localConfig)
201   
202# To start run
203# $ paster serve services.ini or run this file as a script
204# $ ./securedapp.py [port #]
205if __name__ == '__main__':
206    import sys
207    import os
208    from os.path import dirname, abspath
209    import logging
210    logging.basicConfig(level=logging.DEBUG)
211
212    if len(sys.argv) > 1:
213        port = int(sys.argv[1])
214    else:
215        port = 7080
216       
217    cfgFilePath = os.path.join(dirname(abspath(__file__)), 'securedapp.ini')
218       
219    from paste.httpserver import serve
220    from paste.deploy import loadapp
221   
222    app = loadapp('config:%s' % cfgFilePath)
223    serve(app, host='0.0.0.0', port=port)
Note: See TracBrowser for help on using the repository browser.