entrouvert
/
hobo
16
0
Fork 0
Code Issues Pull Requests 18 Releases Activity

passerelle: use shared_secret for ApiUser.key (fixes #8580)

This commit is contained in:
Benjamin Dauvergne 2015-11-12 12:59:48 +01:00
parent f36985e242
commit c85d548f44
6 changed files with 144 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
hobo/agent/passerelle/management/commands/hobo_deploy.py
View File

@ -2,6 +2,7 @@ import urlparse
from tenant_schemas.utils import tenant_context
from hobo.agent.common.management.commands import hobo_deploy
from hobo.multitenant.settings_loaders import KnownServices
from passerelle.base.models import ApiUser
@ -12,12 +13,21 @@ class Command(hobo_deploy.Command):
def deploy_specifics(self, hobo_environment, tenant):
super(Command, self).deploy_specifics(hobo_environment, tenant)
with tenant_context(tenant):
for service in hobo_environment.get('services'):
services = hobo_environment.get('services')
for service in services:
if service.get('this'):
this = service
break
else:
raise RuntimeError('unable to find this service')
our_key = this['secret_key']
for service in services:
if service.get('this') or not service.get('secret_key'):
continue
domain = urlparse.urlparse(service.get('base_url')).netloc.split(':')[0]
obj, created = ApiUser.objects.get_or_create(username=domain,
keytype='SIGN')
obj.fullname = service.get('title')
obj.key = service.get('secret_key')
their_key = service.get('secret_key')
obj.key = KnownServices.shared_secret(our_key, their_key)
obj.save()

6
jenkins.sh
View File

@ -1,5 +1,7 @@
#!/bin/sh
set -e # prevent hiding of errors
rm -f *coverage.xml
rm -f *test_results.xml
@ -10,10 +12,12 @@ pip install --upgrade tox
tox
./merge-junit-results.py hobo_server_test_results.xml multitenant_test_results.xml authentic2_agent_test_results.xml >test_results.xml
./merge-junit-results.py hobo_server_test_results.xml multitenant_test_results.xml authentic2_agent_test_results.xml passerelle_agent_test_results.xml >test_results.xml
./merge-coverage.py -o coverage.xml *_coverage.xml
test -f pylint.out && cp pylint.out pylint.out.prev
(pylint -f parseable --rcfile /var/lib/jenkins/pylint.django.rc hobo | tee pylint.out) || /bin/true
test -f pylint.out.prev && (diff pylint.out.prev pylint.out | grep '^[><]' | grep .py) || /bin/true
echo OK

15
tests_passerelle/conftest.py Normal file
View File

@ -0,0 +1,15 @@
import os
import tempfile
import shutil
import json
import pytest
@pytest.fixture
def tenant_base(request, settings):
base = tempfile.mkdtemp('passerelle-tenant-base')
settings.TENANT_BASE = base
def fin():
shutil.rmtree(base)
request.addfinalizer(fin)
return tenant_base

25
tests_passerelle/settings.py Normal file
View File

@ -0,0 +1,25 @@
import os.path
import __builtin__ as builtin
from mock import mock_open, patch
import os
# Debian defaults
DEBUG = False
PROJECT_NAME = 'passerelle'
#
# hobotization (multitenant)
#
with patch.object(builtin, 'file', mock_open(read_data='xxx')):
execfile(os.environ['DEBIAN_CONFIG_COMMON'])
# suds logs are buggy
LOGGING['loggers']['suds'] = {
'level': 'ERROR',
'handlers': ['mail_admins', 'sentry'],
'propagate': True,
}
# Add passerelle hobo agent
INSTALLED_APPS = ('hobo.agent.passerelle',) + INSTALLED_APPS

57
tests_passerelle/test_deploy.py Normal file
View File

@ -0,0 +1,57 @@
import json
import sys
import time
from tenant_schemas.utils import tenant_context
from hobo.multitenant.middleware import TenantMiddleware
from django.core.management import call_command
import StringIO
def test_deploy_specifics(db, tenant_base):
from django.conf import settings
from passerelle.base.models import ApiUser
hobo_json = {
'variables': {
'hobo_test_variable': True,
'other_variable': 'foo',
},
'services': [
{
'slug': 'test',
'title': 'Test',
'service-id': 'welco',
'this': True,
'secret_key': '12345',
'base_url': 'http://passerelle.example.net',
'saml-sp-metadata-url': 'http://passerelle.example.net/saml/metadata',
'variables': {
'other_variable': 'bar',
}
},
{
'slug': 'other',
'title': 'Other',
'secret_key': 'abcde',
'service-id': 'wcs',
'base_url': 'http://wcs.example.net'
},
]
}
old_stdin = sys.stdin
sys.stdin = StringIO.StringIO(json.dumps(hobo_json))
try:
call_command('hobo_deploy', 'http://passerelle.example.net', '-')
finally:
sys.stdin = old_stdin
assert len(list(TenantMiddleware.get_tenants())) == 1
tenant = next(TenantMiddleware.get_tenants())
with tenant_context(tenant):
# There is a 3 seconds cache now, hobo.json could be outdated
settings.clear_tenants_settings()
other = settings.KNOWN_SERVICES['wcs']['other']
secret = other['secret']
assert ApiUser.objects.filter(username=other['verif_orig'], keytype='SIGN',
key=secret).count() == 1

30
tox.ini
View File

@ -79,3 +79,33 @@ deps = django>1.7,<1.8
pylint==1.4.0
astroid==1.3.2
WebTest
[testenv:hobo-agent-passerelle]
# django.contrib.auth is not tested it does not work with our templates
whitelist_externals =
/bin/mv
env
pip
setenv =
DEBIAN_CONFIG_COMMON=debian/debian_config_common.py
PASSERELLE_SETTINGS_FILE=tests_passerelle/settings.py
commands =
./getlasso.sh
pip install http://git.entrouvert.org/passerelle.git/snapshot/passerelle-master.tar.gz
env DJANGO_SETTINGS_MODULE=passerelle.settings py.test --junitxml=passerelle_agent_test_results.xml --cov-report xml --cov=hobo/ --cov-config .coveragerc --nomigration tests_passerelle/
mv coverage.xml passerelle_agent_coverage.xml
usedevelop = True
deps = django>1.7,<1.8
coverage
pytest
pytest-cov
pytest-django
pytest-mock
mock
raven
cssselect
pylint==1.4.0
astroid==1.3.2
WebTest
suds
python-memcached