Show More
@@ -492,6 +492,31 b' class TestLoginController(object):' | |||
|
492 | 492 | params=dict(api_key=auth_token)), |
|
493 | 493 | status=code) |
|
494 | 494 | |
|
495 | @pytest.mark.parametrize("test_name, auth_token, code", [ | |
|
496 | ('proper_auth_token', None, 200), | |
|
497 | ('wrong_auth_token', '123456', 302), | |
|
498 | ]) | |
|
499 | def test_access_whitelisted_page_via_auth_token_bound_to_token( | |
|
500 | self, test_name, auth_token, code, user_admin): | |
|
501 | ||
|
502 | expected_token = auth_token | |
|
503 | if test_name == 'proper_auth_token': | |
|
504 | auth_token = user_admin.api_key | |
|
505 | expected_token = auth_token | |
|
506 | assert auth_token | |
|
507 | ||
|
508 | whitelist = self._get_api_whitelist([ | |
|
509 | 'RepoCommitsView:repo_commit_raw@{}'.format(expected_token)]) | |
|
510 | ||
|
511 | with mock.patch.dict('rhodecode.CONFIG', whitelist): | |
|
512 | ||
|
513 | with fixture.anon_access(False): | |
|
514 | self.app.get( | |
|
515 | route_path('repo_commit_raw', | |
|
516 | repo_name=HG_REPO, commit_id='tip', | |
|
517 | params=dict(api_key=auth_token)), | |
|
518 | status=code) | |
|
519 | ||
|
495 | 520 | def test_access_page_via_extra_auth_token(self): |
|
496 | 521 | whitelist = self._get_api_whitelist(whitelist_view) |
|
497 | 522 | with mock.patch.dict('rhodecode.CONFIG', whitelist): |
@@ -754,7 +754,7 b' class PermissionCalculator(object):' | |||
|
754 | 754 | } |
|
755 | 755 | |
|
756 | 756 | |
|
757 |
def allowed_auth_token_access(view_name, |
|
|
757 | def allowed_auth_token_access(view_name, auth_token, whitelist=None): | |
|
758 | 758 | """ |
|
759 | 759 | Check if given controller_name is in whitelist of auth token access |
|
760 | 760 | """ |
@@ -762,12 +762,19 b' def allowed_auth_token_access(view_name,' | |||
|
762 | 762 | from rhodecode import CONFIG |
|
763 | 763 | whitelist = aslist( |
|
764 | 764 | CONFIG.get('api_access_controllers_whitelist'), sep=',') |
|
765 | ||
|
765 | 766 |
|
|
766 |
|
|
|
767 | 'Allowed views for AUTH TOKEN access: %s' % (whitelist,)) | |
|
768 | auth_token_access_valid = False | |
|
767 | 769 | |
|
768 | auth_token_access_valid = False | |
|
769 | 770 | for entry in whitelist: |
|
770 | if fnmatch.fnmatch(view_name, entry): | |
|
771 | token_match = True | |
|
772 | if '@' in entry: | |
|
773 | # specific AuthToken | |
|
774 | entry, allowed_token = entry.split('@', 1) | |
|
775 | token_match = auth_token == allowed_token | |
|
776 | ||
|
777 | if fnmatch.fnmatch(view_name, entry) and token_match: | |
|
771 | 778 | auth_token_access_valid = True |
|
772 | 779 | break |
|
773 | 780 |
General Comments 0
You need to be logged in to leave comments.
Login now