Home Explore Help
Sign In
RISCI_ATOM
/
synapse
mirror of https://github.com/matrix-org/synapse.git
1
0
Fork 0
Files Issues 3 Wiki
Tree: a5974f89d6
Branches Tags
synapse
/
tests
/
handlers
/
test_auth.py

test_auth.py 2.4 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869 
  1. # -*- coding: utf-8 -*-
    2. 

  2. # Copyright 2015, 2016 OpenMarket Ltd
    3. 

  3. #
    4. 

  4. # Licensed under the Apache License, Version 2.0 (the "License");
    5. 

  5. # you may not use this file except in compliance with the License.
    6. 

  6. # You may obtain a copy of the License at
    7. 

  7. #
    8. 

  8. #     http://www.apache.org/licenses/LICENSE-2.0
    9. 

  9. #
    10. 

  10. # Unless required by applicable law or agreed to in writing, software
    11. 

  11. # distributed under the License is distributed on an "AS IS" BASIS,
    12. 

  12. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13. 

  13. # See the License for the specific language governing permissions and
    14. 

  14. # limitations under the License.
    15. 

  15. 

  16. import pymacaroons
    17. 

  17. 

  18. from synapse.handlers.auth import AuthHandler
    19. 

  19. from tests import unittest
    20. 

  20. from tests.utils import setup_test_homeserver
    21. 

  21. from twisted.internet import defer
    22. 

  22. 

  23. 

  24. class AuthHandlers(object):
    25. 

  25.     def __init__(self, hs):
    26. 

  26.         self.auth_handler = AuthHandler(hs)
    27. 

  27. 

  28. 

  29. class AuthTestCase(unittest.TestCase):
    30. 

  30.     @defer.inlineCallbacks
    31. 

  31.     def setUp(self):
    32. 

  32.         self.hs = yield setup_test_homeserver(handlers=None)
    33. 

  33.         self.hs.handlers = AuthHandlers(self.hs)
    34. 

  34. 

  35.     def test_token_is_a_macaroon(self):
    36. 

  36.         self.hs.config.macaroon_secret_key = "this key is a huge secret"
    37. 

  37. 

  38.         token = self.hs.handlers.auth_handler.generate_access_token("some_user")
    39. 

  39.         # Check that we can parse the thing with pymacaroons
    40. 

  40.         macaroon = pymacaroons.Macaroon.deserialize(token)
    41. 

  41.         # The most basic of sanity checks
    42. 

  42.         if "some_user" not in macaroon.inspect():
    43. 

  43.             self.fail("some_user was not in %s" % macaroon.inspect())
    44. 

  44. 

  45.     def test_macaroon_caveats(self):
    46. 

  46.         self.hs.config.macaroon_secret_key = "this key is a massive secret"
    47. 

  47.         self.hs.clock.now = 5000
    48. 

  48. 

  49.         token = self.hs.handlers.auth_handler.generate_access_token("a_user")
    50. 

  50.         macaroon = pymacaroons.Macaroon.deserialize(token)
    51. 

  51. 

  52.         def verify_gen(caveat):
    53. 

  53.             return caveat == "gen = 1"
    54. 

  54. 

  55.         def verify_user(caveat):
    56. 

  56.             return caveat == "user_id = a_user"
    57. 

  57. 

  58.         def verify_type(caveat):
    59. 

  59.             return caveat == "type = access"
    60. 

  60. 

  61.         def verify_expiry(caveat):
    62. 

  62.             return caveat == "time < 8600000"
    63. 

  63. 

  64.         v = pymacaroons.Verifier()
    65. 

  65.         v.satisfy_general(verify_gen)
    66. 

  66.         v.satisfy_general(verify_user)
    67. 

  67.         v.satisfy_general(verify_type)
    68. 

  68.         v.satisfy_general(verify_expiry)
    69. 

  69.         v.verify(macaroon, self.hs.config.macaroon_secret_key)
    70.