Test for server-side secret handling.

2025-01-31 16:36:20 +00:00 · 2021-12-16 11:17:32 -05:00 · 2021-12-16 11:17:32 -05:00 · da52a9aede
commit da52a9aede
parent 87fa9ac2a8
1 changed files with 75 additions and 13 deletions
--- a/src/allmydata/test/test_storage_http.py
+++ b/src/allmydata/test/test_storage_http.py
@ -21,10 +21,14 @@ from twisted.trial.unittest import TestCase
 from twisted.internet.defer import inlineCallbacks

 from treq.testing import StubTreq
+from klein import Klein
 from hyperlink import DecodedURL

 from ..storage.server import StorageServer
-from ..storage.http_server import HTTPServer, _extract_secrets, Secrets, ClientSecretsException
+from ..storage.http_server import (
+    HTTPServer, _extract_secrets, Secrets, ClientSecretsException,
+    _authorized_route,
+)
 from ..storage.http_client import StorageClient, ClientException


@ -98,23 +102,81 @@ class ExtractSecretsTests(TestCase):
            _extract_secrets(["lease-renew-secret x"], {Secrets.LEASE_RENEW})


-class HTTPTests(TestCase):
-    """
-    Tests of HTTP client talking to the HTTP server.
-    """
+SWISSNUM_FOR_TEST = b"abcd"

+
+class TestApp(object):
+    """HTTP API for testing purposes."""
+
+    _app = Klein()
+    _swissnum = SWISSNUM_FOR_TEST  # Match what the test client is using
+
+    @_authorized_route(_app, {Secrets.UPLOAD}, "/upload_secret", methods=["GET"])
+    def validate_upload_secret(self, request, authorization):
+        if authorization == {Secrets.UPLOAD: b"abc"}:
+            return "OK"
+        else:
+            return "BAD: {}".format(authorization)
+
+
+class RoutingTests(TestCase):
+    """
+    Tests for the HTTP routing infrastructure.
+    """
    def setUp(self):
+        self._http_server = TestApp()
+        self.client = StorageClient(
+        DecodedURL.from_text("http://127.0.0.1"),
+        SWISSNUM_FOR_TEST,
+        treq=StubTreq(self._http_server._app.resource()),
+    )
+
+    @inlineCallbacks
+    def test_authorization_enforcement(self):
+        """
+        The requirement for secrets is enforced; if they are not given, a 400
+        response code is returned.
+        """
+        secret = b"abc"
+
+        # Without secret, get a 400 error.
+        response = yield self.client._request(
+            "GET", "http://127.0.0.1/upload_secret", {}
+        )
+        self.assertEqual(response.code, 400)
+
+        # With secret, we're good.
+        response = yield self.client._request(
+            "GET", "http://127.0.0.1/upload_secret", {Secrets.UPLOAD, b"abc"}
+        )
+        self.assertEqual(response.code, 200)
+
+
+def setup_http_test(self):
+    """
+    Setup HTTP tests; call from ``setUp``.
+    """
    if PY2:
        raise SkipTest("Not going to bother supporting Python 2")
    self.storage_server = StorageServer(self.mktemp(), b"\x00" * 20)
    # TODO what should the swissnum _actually_ be?
-        self._http_server = HTTPServer(self.storage_server, b"abcd")
+    self._http_server = HTTPServer(self.storage_server, SWISSNUM_FOR_TEST)
    self.client = StorageClient(
        DecodedURL.from_text("http://127.0.0.1"),
-            b"abcd",
+        SWISSNUM_FOR_TEST,
        treq=StubTreq(self._http_server.get_resource()),
    )

+
+class GenericHTTPAPITests(TestCase):
+    """
+    Tests of HTTP client talking to the HTTP server, for generic HTTP API
+    endpoints and concerns.
+    """
+
+    def setUp(self):
+        setup_http_test(self)
+
    @inlineCallbacks
    def test_bad_authentication(self):
        """