drydock/tests/unit/test_auth_middleware.py

# Copyright 2017 AT&T Intellectual Property.  All other rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import uuid
import falcon
import sys

from drydock_provisioner.control.base import DrydockRequest
from drydock_provisioner.control.middleware import AuthMiddleware


class TestAuthMiddleware():

    # the WSGI env for a request processed by keystone middleware
    # with user token
    ks_user_env = {
        'REQUEST_METHOD': 'GET',
        'SCRIPT_NAME': '/foo',
        'PATH_INFO': '',
        'QUERY_STRING': '',
        'CONTENT_TYPE': '',
        'CONTENT_LENGTH': 0,
        'SERVER_NAME': 'localhost',
        'SERVER_PORT': '9000',
        'SERVER_PROTOCOL': 'HTTP/1.1',
        'HTTP_X_IDENTITY_STATUS': 'Confirmed',
        'HTTP_X_PROJECT_ID': '',
        'HTTP_X_USER_ID': '',
        'HTTP_X_AUTH_TOKEN': '',
        'HTTP_X_ROLES': '',
        'wsgi.version': (1, 0),
        'wsgi.url_scheme': 'http',
        'wsgi.input': sys.stdin,
        'wsgi.errors': sys.stderr,
        'wsgi.multithread': False,
        'wsgi.multiprocess': False,
        'wsgi.run_once': False,
    }

    # the WSGI env for a request processed by keystone middleware
    # with service token
    ks_service_env = {
        'REQUEST_METHOD': 'GET',
        'SCRIPT_NAME': '/foo',
        'PATH_INFO': '',
        'QUERY_STRING': '',
        'CONTENT_TYPE': '',
        'CONTENT_LENGTH': 0,
        'SERVER_NAME': 'localhost',
        'SERVER_PORT': '9000',
        'SERVER_PROTOCOL': 'HTTP/1.1',
        'HTTP_X_SERVICE_IDENTITY_STATUS': 'Confirmed',
        'HTTP_X_SERVICE_PROJECT_ID': '',
        'HTTP_X_SERVICE_USER_ID': '',
        'HTTP_X_SERVICE_TOKEN': '',
        'HTTP_X_ROLES': '',
        'wsgi.version': (1, 0),
        'wsgi.url_scheme': 'http',
        'wsgi.input': sys.stdin,
        'wsgi.errors': sys.stderr,
        'wsgi.multithread': False,
        'wsgi.multiprocess': False,
        'wsgi.run_once': False,
    }

    def test_process_request_user(self):
        ''' AuthMiddleware is expected to correctly identify the headers
            added to an authenticated request by keystonemiddleware in a
            PasteDeploy configuration
        '''

        req_env = TestAuthMiddleware.ks_user_env

        project_id = str(uuid.uuid4().hex)
        req_env['HTTP_X_PROJECT_ID'] = project_id
        user_id = str(uuid.uuid4().hex)
        req_env['HTTP_X_USER_ID'] = user_id
        token = str(uuid.uuid4().hex)
        req_env['HTTP_X_AUTH_TOKEN'] = token

        middleware = AuthMiddleware()
        request = DrydockRequest(req_env)
        response = falcon.Response()

        middleware.process_request(request, response)

        assert request.context.authenticated
        assert request.context.user_id == user_id

    def test_process_request_user_noauth(self):
        ''' AuthMiddleware is expected to correctly identify the headers
            added to an unauthenticated (no token, bad token) request by
            keystonemiddleware in a PasteDeploy configuration
        '''

        req_env = TestAuthMiddleware.ks_user_env

        req_env['HTTP_X_IDENTITY_STATUS'] = 'Invalid'

        middleware = AuthMiddleware()
        request = DrydockRequest(req_env)
        response = falcon.Response()

        middleware.process_request(request, response)

        assert request.context.authenticated is False