Show More
| @@ -492,6 +492,31 b' class TestLoginController(object):' | |||||
| 492 | params=dict(api_key=auth_token)), |
|
492 | params=dict(api_key=auth_token)), | |
| 493 | status=code) |
|
493 | status=code) | |
| 494 |
|
494 | |||
|
|
495 | @pytest.mark.parametrize("test_name, auth_token, code", [ | |||
|
|
496 | ('proper_auth_token', None, 200), | |||
|
|
497 | ('wrong_auth_token', '123456', 302), | |||
|
|
498 | ]) | |||
|
|
499 | def test_access_whitelisted_page_via_auth_token_bound_to_token( | |||
|
|
500 | self, test_name, auth_token, code, user_admin): | |||
|
|
501 | ||||
|
|
502 | expected_token = auth_token | |||
|
|
503 | if test_name == 'proper_auth_token': | |||
|
|
504 | auth_token = user_admin.api_key | |||
|
|
505 | expected_token = auth_token | |||
|
|
506 | assert auth_token | |||
|
|
507 | ||||
|
|
508 | whitelist = self._get_api_whitelist([ | |||
|
|
509 | 'RepoCommitsView:repo_commit_raw@{}'.format(expected_token)]) | |||
|
|
510 | ||||
|
|
511 | with mock.patch.dict('rhodecode.CONFIG', whitelist): | |||
|
|
512 | ||||
|
|
513 | with fixture.anon_access(False): | |||
|
|
514 | self.app.get( | |||
|
|
515 | route_path('repo_commit_raw', | |||
|
|
516 | repo_name=HG_REPO, commit_id='tip', | |||
|
|
517 | params=dict(api_key=auth_token)), | |||
|
|
518 | status=code) | |||
|
|
519 | ||||
| 495 | def test_access_page_via_extra_auth_token(self): |
|
520 | def test_access_page_via_extra_auth_token(self): | |
| 496 | whitelist = self._get_api_whitelist(whitelist_view) |
|
521 | whitelist = self._get_api_whitelist(whitelist_view) | |
| 497 | with mock.patch.dict('rhodecode.CONFIG', whitelist): |
|
522 | with mock.patch.dict('rhodecode.CONFIG', whitelist): | |
| @@ -754,7 +754,7 b' class PermissionCalculator(object):' | |||||
| 754 | } |
|
754 | } | |
| 755 |
|
755 | |||
| 756 |
|
756 | |||
| 757 |
def allowed_auth_token_access(view_name, |
|
757 | def allowed_auth_token_access(view_name, auth_token, whitelist=None): | |
| 758 | """ |
|
758 | """ | |
| 759 | Check if given controller_name is in whitelist of auth token access |
|
759 | Check if given controller_name is in whitelist of auth token access | |
| 760 | """ |
|
760 | """ | |
| @@ -762,12 +762,19 b' def allowed_auth_token_access(view_name,' | |||||
| 762 | from rhodecode import CONFIG |
|
762 | from rhodecode import CONFIG | |
| 763 | whitelist = aslist( |
|
763 | whitelist = aslist( | |
| 764 | CONFIG.get('api_access_controllers_whitelist'), sep=',') |
|
764 | CONFIG.get('api_access_controllers_whitelist'), sep=',') | |
| 765 | log.debug( |
|
765 | ||
| 766 | 'Allowed controllers for AUTH TOKEN access: %s' % (whitelist,)) |
|
766 | log.debug( | |
|
|
767 | 'Allowed views for AUTH TOKEN access: %s' % (whitelist,)) | |||
|
|
768 | auth_token_access_valid = False | |||
| 767 |
|
769 | |||
| 768 | auth_token_access_valid = False |
|
|||
| 769 | for entry in whitelist: |
|
770 | for entry in whitelist: | |
| 770 | if fnmatch.fnmatch(view_name, entry): |
|
771 | token_match = True | |
|
|
772 | if '@' in entry: | |||
|
|
773 | # specific AuthToken | |||
|
|
774 | entry, allowed_token = entry.split('@', 1) | |||
|
|
775 | token_match = auth_token == allowed_token | |||
|
|
776 | ||||
|
|
777 | if fnmatch.fnmatch(view_name, entry) and token_match: | |||
| 771 | auth_token_access_valid = True |
|
778 | auth_token_access_valid = True | |
| 772 | break |
|
779 | break | |
| 773 |
|
780 | |||
General Comments 0
You need to be logged in to leave comments.
Login now