本文整理汇总了Python中esapi.core.ESAPI.authenticator方法的典型用法代码示例。如果您正苦于以下问题:Python ESAPI.authenticator方法的具体用法?Python ESAPI.authenticator怎么用?Python ESAPI.authenticator使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类esapi.core.ESAPI的用法示例。
在下文中一共展示了ESAPI.authenticator方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: test_get_user_from_token
# 需要导入模块: from esapi.core import ESAPI [as 别名]
# 或者: from esapi.core.ESAPI import authenticator [as 别名]
def test_get_user_from_token(self):
instance = ESAPI.authenticator()
instance.logout()
account_name = "testUserFromToken"
password = instance.generate_strong_password()
user = instance.create_user(account_name, password, password)
user.enable()
###
request = MockHttpRequest()
response = MockHttpResponse()
ESAPI.http_utilities().set_current_http(request, response)
m = Morsel()
m.key = HTTPUtilities.REMEMBER_TOKEN_COOKIE_NAME
m.value = "ridiculous"
request.cookies[m.key] = m
# Wrong cookie should fail
self.assertRaises(AuthenticationException, instance.login, request, response)
user.logout()
###
request = MockHttpRequest()
response = MockHttpResponse()
ESAPI.authenticator().current_user = user
new_token = ESAPI.http_utilities().set_remember_token(
password, 10000, "test.com", request.path, request, response )
request.set_cookie( key=HTTPUtilities.REMEMBER_TOKEN_COOKIE_NAME, value=new_token )
ESAPI.http_utilities().set_current_http(request, response)
# Logout the current user so we can log them in with the remember cookie
user2 = instance.login(request, response)
self.assertEquals(user, user2)示例2: create_test_user
# 需要导入模块: from esapi.core import ESAPI [as 别名]
# 或者: from esapi.core.ESAPI import authenticator [as 别名]
def create_test_user(self, username=None, password=None):
"""
Creates a test user.
@return: the test user
@raises AuthenticationException:
"""
if username is None:
username = ESAPI.randomizer().get_random_string(8, DefaultEncoder.CHAR_ALPHANUMERICS)
if password is None:
password = ESAPI.randomizer().get_random_string(8, DefaultEncoder.CHAR_ALPHANUMERICS)
while True:
try:
ESAPI.authenticator().verify_password_strength(password)
except:
password = ESAPI.randomizer().get_random_string(8, DefaultEncoder.CHAR_ALPHANUMERICS)
else:
break
caller = inspect.stack()[2][3]
print (_("Creating user %(username)s for %(caller)s") %
{'username' : username,
'caller' : caller})
# Not sure if User tests should be coupled with Authenticator...
user = ESAPI.authenticator().create_user(username, password, password)
return user示例3: set_remember_token
# 需要导入模块: from esapi.core import ESAPI [as 别名]
# 或者: from esapi.core.ESAPI import authenticator [as 别名]
def set_remember_token(self, password, max_age, domain, path, request=None, response=None):
if request is None:
request = self.current_request
if response is None:
response = self.current_response
user = ESAPI.authenticator().current_user
try:
self.kill_cookie(self.REMEMBER_TOKEN_COOKIE_NAME, request, response)
# Seal already contains random data
clear_token = user.account_name + "|" + password
expiry = datetime.now() + timedelta(seconds=max_age)
crypt_token = ESAPI.encryptor().seal(clear_token, expiry)
morsel = Cookie.Morsel()
morsel.value = crypt_token
morsel['max-age'] = max_age
morsel['domain'] = domain
morsel['path'] = path
response.cookies[self.REMEMBER_TOKEN_COOKIE_NAME] = morsel
self.logger.info( Logger.SECURITY_SUCCESS,
_("Enabled remember me token for %(user)s") %
{'user' : user.account_name} )
return crypt_token
except IntegrityException, extra:
self.logger.warning( Logger.SECURITY_FAILURE,
_("Attempt to set remember me token failed for %(user)s") %
{'user' : user.account_name}, extra )示例4: test_is_authorized_for_service
# 需要导入模块: from esapi.core import ESAPI [as 别名]
# 或者: from esapi.core.ESAPI import authenticator [as 别名]
def test_is_authorized_for_service(self):
instance = ESAPI.access_controller()
auth = ESAPI.authenticator()
auth.current_user = auth.get_user("ACAlice")
self.assertTrue(instance.is_authorized_for_service("/services/ServiceA"))
self.assertFalse(instance.is_authorized_for_service("/services/ServiceB"))
self.assertTrue(instance.is_authorized_for_service("/services/ServiceC"))
self.assertFalse(instance.is_authorized_for_service("/test/ridiculous"))
auth.current_user = auth.get_user("ACBob")
self.assertFalse(instance.is_authorized_for_service("/services/ServiceA"))
self.assertTrue(instance.is_authorized_for_service("/services/ServiceB"))
self.assertFalse(instance.is_authorized_for_service("/services/ServiceF"))
self.assertFalse(instance.is_authorized_for_service("/test/ridiculous"))
auth.current_user = auth.get_user("ACMitch")
self.assertTrue(instance.is_authorized_for_service("/services/ServiceA"))
self.assertTrue(instance.is_authorized_for_service("/services/ServiceB"))
self.assertFalse(instance.is_authorized_for_service("/services/ServiceE"))
self.assertFalse(instance.is_authorized_for_service("/test/ridiculous"))
instance.assert_authorized_for_service("/services/ServiceD")
self.assertRaises(AccessControlException, instance.assert_authorized_for_service, "/test/ridiculous" )示例5: add_exception
# 需要导入模块: from esapi.core import ESAPI [as 别名]
# 或者: from esapi.core.ESAPI import authenticator [as 别名]
def add_exception(self, exception):
# Log the exception
if hasattr(exception, 'get_log_message'):
self.logger.warning( Logger.SECURITY_FAILURE,
exception.get_log_message(),
exception )
else:
self.logger.warning( Logger.SECURITY_FAILURE,
exception.message,
exception )
if isinstance(exception, IntrusionException):
return
# Add the exception to the current user, which may trigger a
# dector
user = ESAPI.authenticator().current_user
event_name = exception.__class__.__name__
try:
self.add_security_event(user, event_name)
except IntrusionException, extra:
quota = ESAPI.security_configuration().get_quota(event_name)
for action in quota.actions:
message = (_("User exceeded quota of %(count)s per %(interval)s seconds for event %(event_name)s. Taking actions %(actions)s") %
{'count' : quota.count,
'interval' : quota.interval,
'event_name' : event_name,
'actions' : quota.actions,})
self.take_security_action(action, message)示例6: test_is_authorized_for_function
# 需要导入模块: from esapi.core import ESAPI [as 别名]
# 或者: from esapi.core.ESAPI import authenticator [as 别名]
def test_is_authorized_for_function(self):
instance = ESAPI.access_controller()
auth = ESAPI.authenticator()
auth.current_user = auth.get_user("ACAlice")
self.assertTrue(instance.is_authorized_for_function("/FunctionA"))
self.assertFalse(instance.is_authorized_for_function("/FunctionAdeny"))
self.assertFalse(instance.is_authorized_for_function("/FunctionB"))
self.assertFalse(instance.is_authorized_for_function("/FunctionBdeny"))
self.assertTrue(instance.is_authorized_for_function("/FunctionC"))
self.assertFalse(instance.is_authorized_for_function("/FunctionCdeny"))
auth.current_user = auth.get_user("ACBob")
self.assertFalse(instance.is_authorized_for_function("/FunctionA"))
self.assertFalse(instance.is_authorized_for_function("/FunctionAdeny"))
self.assertTrue(instance.is_authorized_for_function("/FunctionB"))
self.assertFalse(instance.is_authorized_for_function("/FunctionBdeny"))
self.assertTrue(instance.is_authorized_for_function("/FunctionD"))
self.assertFalse(instance.is_authorized_for_function("/FunctionDdeny"))
auth.current_user = auth.get_user("ACMitch")
self.assertTrue(instance.is_authorized_for_function("/FunctionA"))
self.assertFalse(instance.is_authorized_for_function("/FunctionAdeny"))
self.assertTrue(instance.is_authorized_for_function("/FunctionB"))
self.assertFalse(instance.is_authorized_for_function("/FunctionBdeny"))
self.assertTrue(instance.is_authorized_for_function("/FunctionC"))
self.assertFalse(instance.is_authorized_for_function("/FunctionCdeny"))
instance.assert_authorized_for_function("/FunctionA")
self.assertRaises(AccessControlException, instance.assert_authorized_for_function, "/FunctionDdeny" )示例7: test_change_password
# 需要导入模块: from esapi.core import ESAPI [as 别名]
# 或者: from esapi.core.ESAPI import authenticator [as 别名]
def test_change_password(self):
instance = ESAPI.authenticator()
old_password = '[email protected]'
user = self.create_test_user(password=old_password)
print (_("Hash of %(old_password)s = %(hash)s") %
{'old_password' : old_password,
'hash' : instance.get_hashed_password(user)})
password1 = "SomethingElse34#$"
user.change_password(old_password, password1, password1)
print (_("Hash of %(password)s = %(hash)s") %
{'password' : password1,
'hash' : instance.get_hashed_password(user)})
self.assertTrue(user.verify_password(password1))
self.assertFalse(user.verify_password(old_password))
password2 = "YetAnother56%^"
user.change_password(password1, password2, password2)
print (_("Hash of %(password)s = %(hash)s") %
{'password' : password2,
'hash' : instance.get_hashed_password(user)})
self.assertTrue(user.verify_password(password2))
self.assertFalse(user.verify_password(password1))
try:
user.change_password(password2, password1, password1)
# Should not be able to re-use a password
self.fail()
except AuthenticationException:
pass
self.assertFalse(user.verify_password("badpass"))示例8: test_create_user
# 需要导入模块: from esapi.core import ESAPI [as 别名]
# 或者: from esapi.core.ESAPI import authenticator [as 别名]
def test_create_user(self):
instance = ESAPI.authenticator()
account_name = "awesomebob"
password = "a1b2c3d4e5f6g7h8"
user = instance.create_user(account_name, password, password)
# duplicate user
self.assertRaises(AuthenticationException, instance.create_user, account_name,
password, password)
# passwords don't match
self.assertRaises(AuthenticationException, instance.create_user, "nonmatchuser",
"a1b2c3d4e5f6g7h8", "z1b2c3d4e5f6g7h8")
# Weak password
self.assertRaises(AuthenticationException, instance.create_user, "weakuser",
"weak1", "weak1")
# None username
self.assertRaises(AuthenticationException, instance.create_user, None,
"comPl3xPass", "comPl3xPass")
# None password
self.assertRaises(AuthenticationException, instance.create_user, "nopassword",
None, None)示例9: test_get_user
# 需要导入模块: from esapi.core import ESAPI [as 别名]
# 或者: from esapi.core.ESAPI import authenticator [as 别名]
def test_get_user(self):
instance = ESAPI.authenticator()
account_name = "testGetUser"
password = "a1b2c3d4e5f6g7h8"
instance.create_user(account_name, password, password)
self.assertTrue( instance.get_user(account_name) )
self.assertFalse( instance.get_user("ridiculous") )示例10: test_add_exception
# 需要导入模块: from esapi.core import ESAPI [as 别名]
# 或者: from esapi.core.ESAPI import authenticator [as 别名]
def test_add_exception(self):
ESAPI.intrusion_detector().add_exception( RuntimeError('message') )
ESAPI.intrusion_detector().add_exception(
ValidationException("user message", "log message") )
ESAPI.intrusion_detector().add_exception(
IntrusionException("user message", "log message") )
username = "testAddException"
password = "addException"
auth = ESAPI.authenticator()
user = auth.create_user(username, password, password)
user.enable()
request = MockHttpRequest()
response = MockHttpResponse()
ESAPI.http_utilities().set_current_http(request, response)
user.login_with_password(password)
# Generate some exceptions to disable the account
for i in range(15):
IntegrityException(
"IntegrityException %s" % i,
"IntegrityException %s" % i )
self.assertFalse(user.is_logged_in())
self.assertTrue(user.is_locked())示例11: test_hash_password
# 需要导入模块: from esapi.core import ESAPI [as 别名]
# 或者: from esapi.core.ESAPI import authenticator [as 别名]
def test_hash_password(self):
instance = ESAPI.authenticator()
username = "Jeff"
password = "test"
result1 = instance.hash_password(password, username)
result2 = instance.hash_password(password, username)
self.assertEquals(result1, result2)示例12: log
# 需要导入模块: from esapi.core import ESAPI [as 别名]
# 或者: from esapi.core.ESAPI import authenticator [as 别名]
def log(self, level, event_type, message, exception=None):
"""
Log the message after optionally encoding any special characters
that might be dangerous when viewed by an HTML based log viewer.
Also encode any carriage returns and line feeds to prevent log
injection attacks. This logs all the supplied parameters plus the
user ID, user's source IP, a logging specific session ID, and the
current date/time.
It will only log the message if the current logging level is
enabled, otherwise it will discard the message.
@param level: the severity level of the security event
@param event_type: the event_type of the event
(SECURITY, FUNCTIONALITY, etc.)
@param message: the message
@param exception: an exception
"""
# Before we waste all kinds of time preparing this event for the
# log, let check to see if its loggable
if not self.pyLogger.isEnabledFor(level):
return
user = ESAPI.authenticator().current_user
# create a random session number for the user to represent the
# user's 'session', if it doesn't exist already
sid = _("unknown")
request = ESAPI.http_utilities().current_request
if request is not None:
session = request.session
if session is not None:
sid = session.get('ESAPI_SESSION', None)
# if there is no session id for the user yet, create one
# and store it in the user's session
if sid is None:
sid = str(ESAPI.randomizer().get_random_integer(0, 1000000))
session['ESAPI_SESSION'] = sid
# ensure there's something to log
if message is None:
message = ""
# ensure no CRLF injection into logs for forging records
clean = message.replace('\n', '_').replace('\r', '_')
if ESAPI.security_configuration().get_log_encoding_required():
clean = ESAPI.encoder().encode_for_html(message)
if message != clean:
clean += " (Encoded)"
extra = {
'eventType' : str(event_type),
'eventSuccess' : [_("SUCCESS"),_("FAILURE")][event_type.is_success()],
'user' : user.account_name,
'hostname' : user.last_host_address,
'sessionID' : sid,
}
self.pyLogger.log(level, clean, extra=extra) 示例13: test_csrf_token
# 需要导入模块: from esapi.core import ESAPI [as 别名]
# 或者: from esapi.core.ESAPI import authenticator [as 别名]
def test_csrf_token(self):
username = "testCSRFUser"
password = "addCSRFToken"
user = ESAPI.authenticator().create_user(username, password, password)
ESAPI.authenticator().current_user = user
token = ESAPI.http_utilities().get_csrf_token()
self.assertEquals(8, len(token))
request = MockHttpRequest()
try:
ESAPI.http_utilities().verify_csrf_token(request)
self.fail()
except:
# expected
pass
request.GET[HTTPUtilities.CSRF_TOKEN_NAME] = token
ESAPI.http_utilities().verify_csrf_token(request)示例14: test_exists
# 需要导入模块: from esapi.core import ESAPI [as 别名]
# 或者: from esapi.core.ESAPI import authenticator [as 别名]
def test_exists(self):
instance = ESAPI.authenticator()
account_name = "testExists"
password = instance.generate_strong_password()
instance.create_user( account_name, password, password )
self.assertTrue(instance.exists(account_name))
instance.remove_user(account_name)
self.assertFalse(instance.exists(account_name))示例15: test_generate_strong_password
# 需要导入模块: from esapi.core import ESAPI [as 别名]
# 或者: from esapi.core.ESAPI import authenticator [as 别名]
def test_generate_strong_password(self):
instance = ESAPI.authenticator()
old_password = 'iiiiiiiiiii'
for i in range(100):
try:
new_password = instance.generate_strong_password()
instance.verify_password_strength(new_password, old_password)
except AuthenticationException, extra:
print "FAILED >> " + new_password
raise