self-hosted/oncall
1
0
Fork 0
mirror of https://github.com/linkedin/oncall.git synced 2025-11-28 23:20:23 +02:00
Code Issues Releases Activity
Files
787eceefb8ca44cbedd0f0d2d63a3f1c89c0e589
oncall/test/test_auth.py

61 lines
2.1 KiB
Python
Raw Normal View History

Py3 (#290) * Py3 migration * Update to Python 3 for CircleCI * Fix auth bugs for python 3 Also fix notifier bug to check for active users * Update notifier exception handling Ignore role:target lookup failures from Iris, since these don't represent problems with the underlying system, just that people have inactive users on-call in the future. * Add get_id param option (#246) * add get_id param option * removed superfluous select and simplified logic * Flake8 typo (#247) * Hide confusing team settings in an advanced dropdown * Fix test fixtures * Add "allow duplicate" scheduler in UI Already in backend, so enable in FE too * Add Dockerfile to run oncall in a container * Move deps into a virtualenv. Run app not as super user. Mimick prod setup by using uwsgi * Fix issue with Dockerfile not having MANIFEST.in and wrong passwords in (#257) config * Update to ubuntu:18.04 and python3 packages and executables * Open config file as utf8 The default configuration file has utf8 characters, and python3 attempts to open the file as ASCII unless an alternate encoding is specified * Switch to the python3 uwsgi plugin * Update print and os.execv statements for python3 Python3 throws an exception when the first argument to os.execv is empty: ValueError: execv() arg 2 first element cannot be empty The module documentation suggests that the first element should be the name of the executed program: https://docs.python.org/3.7/library/os.html#os.execv * Map config.docker.yaml in to the container as a volume ./ops/entrypoint.py has the start of environment variable support to specify a configuration file, but it is incomplete until we update ./ops/daemons/uwsgi-docker.yaml or add environment support to oncall-notifier and oncall-scheduler. This commit allows users to map a specific configuration file in to their container and have it used by all oncall programs. * Convert line endings to match the rest of the project. * Add mysql port to docker configuration * Assume localhost mysql for default config.yaml * Update python-dev package and MySQL root password * Use password when configuring mysql The project has started using a password on the mysql instance. Once password auth is consistently working we can consider extracting the hardcoded password into an env file that is optionally randomly generated on initial startup. * Fix preview for round-robin (#269) * #275 fix for Python3 and Gunicorn load config * Fixed E303 flake8 * Change encoding & collation + test unicode name Co-authored-by: Daniel Wang <dwang159@gmail.com> Co-authored-by: ahm3djafri <42748963+ahm3djafri@users.noreply.github.com> Co-authored-by: TK <tkahnoski+github@gmail.com> Co-authored-by: Tim Freund <tim@freunds.net> Co-authored-by: Rafał Zawadzki <bluszcz@bluszcz.net>
2020-01-15 15:38:25 -08:00
from oncall.auth import login_required
from oncall.app import ReqBodyMiddleware
import falcon
import falcon.testing
import time
import hmac
import hashlib
import base64
class DummyAPI(object):
@login_required
def on_get(self, req, resp):
resp.content = 'GOOD'
@login_required
def on_post(self, req, resp):
resp.status = falcon.HTTP_201
def test_application_auth(mocker):
# Mock DB to get 'abc' as the dummy app key
connect = mocker.MagicMock(name='dummyDB')
cursor = mocker.MagicMock(name='dummyCursor', rowcount=1)
cursor.fetchone.return_value = ['abc']
connect.cursor.return_value = cursor
db = mocker.MagicMock()
db.connect.return_value = connect
mocker.patch('oncall.auth.db', db)
# Set up dummy API for auth testing
api = falcon.API(middleware=[ReqBodyMiddleware()])
api.add_route('/dummy_path', DummyAPI())
# Test bad auth
client = falcon.testing.TestClient(api)
re = client.simulate_get('/dummy_path', headers={'AUTHORIZATION': 'hmac dummy:abc'})
assert re.status_code == 401
re = client.simulate_post('/dummy_path', json={'example': 'test'}, headers={'AUTHORIZATION': 'hmac dummy:abc'})
assert re.status_code == 401
# Test good auth for GET request
window = int(time.time()) // 5
text = '%s %s %s %s' % (window, 'GET', '/dummy_path?abc=123', '')
HMAC = hmac.new(b'abc', text.encode('utf-8'), hashlib.sha512)
digest = base64.urlsafe_b64encode(HMAC.digest()).decode('utf-8')
auth = 'hmac dummy:%s' % digest
re = client.simulate_get('/dummy_path', params={'abc': 123}, headers={'AUTHORIZATION': auth})
assert re.status_code == 200
window = int(time.time()) // 5
body = '{"example": "test"}'
text = '%s %s %s %s' % (window, 'POST', '/dummy_path', body)
HMAC = hmac.new(b'abc', text.encode('utf-8'), hashlib.sha512)
digest = base64.urlsafe_b64encode(HMAC.digest()).decode('utf-8')
auth = 'hmac dummy:%s' % digest
re = client.simulate_post('/dummy_path', body=body, headers={'AUTHORIZATION': auth})
assert re.status_code == 201
Reference in New Issue Copy Permalink