Home Explore Help
Sign In
RISCI_ATOM
/
synapse
mirror of https://github.com/matrix-org/synapse.git
1
0
Fork 0
Files Issues 3 Wiki
Tree: a8945d24d1
Branches Tags
synapse
/
tests
/
handlers
/
test_auth.py

test_auth.py 2.4 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970 
  1. # -*- coding: utf-8 -*-
    2. 

  2. # Copyright 2015 OpenMarket Ltd
    3. 

  3. #
    4. 

  4. # Licensed under the Apache License, Version 2.0 (the "License");
    5. 

  5. # you may not use this file except in compliance with the License.
    6. 

  6. # You may obtain a copy of the License at
    7. 

  7. #
    8. 

  8. #     http://www.apache.org/licenses/LICENSE-2.0
    9. 

  9. #
    10. 

  10. # Unless required by applicable law or agreed to in writing, software
    11. 

  11. # distributed under the License is distributed on an "AS IS" BASIS,
    12. 

  12. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13. 

  13. # See the License for the specific language governing permissions and
    14. 

  14. # limitations under the License.
    15. 

  15. 

  16. import pymacaroons
    17. 

  17. 

  18. from mock import Mock, NonCallableMock
    19. 

  19. from synapse.handlers.auth import AuthHandler
    20. 

  20. from tests import unittest
    21. 

  21. from tests.utils import setup_test_homeserver
    22. 

  22. from twisted.internet import defer
    23. 

  23. 

  24. 

  25. class AuthHandlers(object):
    26. 

  26.     def __init__(self, hs):
    27. 

  27.         self.auth_handler = AuthHandler(hs)
    28. 

  28. 

  29. 

  30. class AuthTestCase(unittest.TestCase):
    31. 

  31.     @defer.inlineCallbacks
    32. 

  32.     def setUp(self):
    33. 

  33.         self.hs = yield setup_test_homeserver(handlers=None)
    34. 

  34.         self.hs.handlers = AuthHandlers(self.hs)
    35. 

  35. 

  36.     def test_token_is_a_macaroon(self):
    37. 

  37.         self.hs.config.macaroon_secret_key = "this key is a huge secret"
    38. 

  38. 

  39.         token = self.hs.handlers.auth_handler.generate_access_token("some_user")
    40. 

  40.         # Check that we can parse the thing with pymacaroons
    41. 

  41.         macaroon = pymacaroons.Macaroon.deserialize(token)
    42. 

  42.         # The most basic of sanity checks
    43. 

  43.         if "some_user" not in macaroon.inspect():
    44. 

  44.             self.fail("some_user was not in %s" % macaroon.inspect())
    45. 

  45. 

  46.     def test_macaroon_caveats(self):
    47. 

  47.         self.hs.config.macaroon_secret_key = "this key is a massive secret"
    48. 

  48.         self.hs.clock.now = 5000
    49. 

  49. 

  50.         token = self.hs.handlers.auth_handler.generate_access_token("a_user")
    51. 

  51.         macaroon = pymacaroons.Macaroon.deserialize(token)
    52. 

  52. 

  53.         def verify_gen(caveat):
    54. 

  54.             return caveat == "gen = 1"
    55. 

  55. 

  56.         def verify_user(caveat):
    57. 

  57.             return caveat == "user_id = a_user"
    58. 

  58. 

  59.         def verify_type(caveat):
    60. 

  60.             return caveat == "type = access"
    61. 

  61. 

  62.         def verify_expiry(caveat):
    63. 

  63.             return caveat == "time < 8600000"
    64. 

  64. 

  65.         v = pymacaroons.Verifier()
    66. 

  66.         v.satisfy_general(verify_gen)
    67. 

  67.         v.satisfy_general(verify_user)
    68. 

  68.         v.satisfy_general(verify_type)
    69. 

  69.         v.satisfy_general(verify_expiry)
    70. 

  70.         v.verify(macaroon, self.hs.config.macaroon_secret_key)
    71.