Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
def test_auth_plugin(self):
class TestPlugin(auth_plugins.BasePlugin):
def authenticate(self, headers, target_host, target_port):
if target_host == self.source:
raise auth_plugins.AuthenticationError(response_msg="some_error")
self.stubs.Set(websocketproxy.ProxyRequestHandler, 'send_auth_error',
staticmethod(lambda *args, **kwargs: None))
self.handler.server.auth_plugin = TestPlugin("somehost")
self.handler.server.target_host = "somehost"
self.handler.server.target_port = "someport"
self.assertRaises(auth_plugins.AuthenticationError,
self.handler.auth_connection)
self.handler.server.target_host = "someotherhost"
self.handler.auth_connection()
def test_auth_plugin(self):
class TestPlugin(auth_plugins.BasePlugin):
def authenticate(self, headers, target_host, target_port):
if target_host == self.source:
raise auth_plugins.AuthenticationError(response_msg="some_error")
self.stubs.Set(websocketproxy.ProxyRequestHandler, 'send_auth_error',
staticmethod(lambda *args, **kwargs: None))
self.handler.server.auth_plugin = TestPlugin("somehost")
self.handler.server.target_host = "somehost"
self.handler.server.target_port = "someport"
self.assertRaises(auth_plugins.AuthenticationError,
self.handler.auth_connection)
self.handler.server.target_host = "someotherhost"
self.handler.auth_connection()
def validate_connection(self):
if self.server.token_plugin:
(self.server.target_host, self.server.target_port) = self.get_target(self.server.token_plugin, self.path)
if self.server.auth_plugin:
try:
self.server.auth_plugin.authenticate(
headers=self.headers, target_host=self.server.target_host,
target_port=self.server.target_port)
except auth.AuthenticationError:
ex = sys.exc_info()[1]
self.send_auth_error(ex)
raise
def validate_connection(self):
if self.server.token_plugin:
host, port = self.get_target(self.server.token_plugin, self.path)
if host == 'unix_socket':
self.server.unix_target = port
else:
self.server.target_host = host
self.server.target_port = port
if self.server.auth_plugin:
try:
self.server.auth_plugin.authenticate(
headers=self.headers, target_host=self.server.target_host,
target_port=self.server.target_port)
except auth.AuthenticationError:
ex = sys.exc_info()[1]
self.send_auth_error(ex)
raise
def validate_connection(self):
if self.server.token_plugin:
host, port = self.get_target(self.server.token_plugin, self.path)
if host == 'unix_socket':
self.server.unix_target = port
else:
self.server.target_host = host
self.server.target_port = port
if self.server.auth_plugin:
try:
self.server.auth_plugin.authenticate(
headers=self.headers, target_host=self.server.target_host,
target_port=self.server.target_port)
except auth.AuthenticationError:
ex = sys.exc_info()[1]
self.send_auth_error(ex)
raise
def validate_connection(self):
if self.server.token_plugin:
host, port = self.get_target(self.server.token_plugin, self.path)
if host == 'unix_socket':
self.server.unix_target = port
else:
self.server.target_host = host
self.server.target_port = port
if self.server.auth_plugin:
try:
self.server.auth_plugin.authenticate(
headers=self.headers, target_host=self.server.target_host,
target_port=self.server.target_port)
except auth.AuthenticationError:
ex = sys.exc_info()[1]
self.send_auth_error(ex)
raise
# find free display
def checkDisplayNumber(n):
# this should be more sophisticated, see file vncserver function CheckDisplayNumber from package tigervnc
return not os.path.exists('/tmp/.X11-unix/X%d'%(n))
display=-1
for i in range(10,31):
if checkDisplayNumber(i):
display=i
break
if display==-1:
raise RuntimeError("No free display found")
# return port of free display
return ('localhost', 5900+display)
# the Websockify auth plugin
class MBSimWebappAuth(websockify.auth_plugins.BasePlugin):
def authenticate(self, headers, target_host, target_port):
# check authentification
if 'Cookie' not in headers: # error if not Cookie is defined
raise websockify.auth_plugins.AuthenticationError(log_msg="No cookie provided.")
# get cookie and get the mbsimenvsessionid form the cookie
cookie=headers['Cookie']
c=Cookie.SimpleCookie(cookie)
if 'mbsimenvsessionid' not in c:
raise websockify.auth_plugins.AuthenticationError(log_msg="No mbsimenvsessionid provided in cookie.")
sessionid=c['mbsimenvsessionid'].value
# call www.mbsim-env.de to check to session ID (we can do this my checking the config file of the server directly
# but this file is not readable for this user for security reasons)
response=requests.post('https://www.mbsim-env.de/cgi-bin/mbsimBuildServiceServer.py/checkmbsimenvsessionid',
json={'mbsimenvsessionid': sessionid})
# if the response is OK and success is true than continue
if response.status_code!=200:
def authenticate(self, headers, target_host, target_port):
# check authentification
if 'Cookie' not in headers: # error if not Cookie is defined
raise websockify.auth_plugins.AuthenticationError(log_msg="No cookie provided.")
# get cookie and get the mbsimenvsessionid form the cookie
cookie=headers['Cookie']
c=Cookie.SimpleCookie(cookie)
if 'mbsimenvsessionid' not in c:
raise websockify.auth_plugins.AuthenticationError(log_msg="No mbsimenvsessionid provided in cookie.")
sessionid=c['mbsimenvsessionid'].value
# call www.mbsim-env.de to check to session ID (we can do this my checking the config file of the server directly
# but this file is not readable for this user for security reasons)
response=requests.post('https://www.mbsim-env.de/cgi-bin/mbsimBuildServiceServer.py/checkmbsimenvsessionid',
json={'mbsimenvsessionid': sessionid})
# if the response is OK and success is true than continue
if response.status_code!=200:
raise websockify.auth_plugins.AuthenticationError(log_msg="Checking session ID failed.")
d=response.json()
if 'success' not in d:
raise websockify.auth_plugins.AuthenticationError(log_msg="Invalid response from mbsim server.")
if not d['success']:
raise websockify.auth_plugins.AuthenticationError(log_msg=d['message'])
token=globalToken
display=target_port-5900
client_cert_data = self.request.getpeercert()
# extract subject information
client_cert_subject = client_cert_data['subject']
# flatten data structure
client_cert_subject = dict([x[0] for x in client_cert_subject])
# add common name to headers (apache +StdEnvVars style)
self.headers['SSL_CLIENT_S_DN_CN'] = client_cert_subject['commonName']
except (TypeError, AttributeError, KeyError):
# not a SSL connection or client presented no certificate with valid data
pass
try:
self.server.auth_plugin.authenticate(
headers=self.headers, target_host=self.server.target_host,
target_port=self.server.target_port)
except auth.AuthenticationError:
ex = sys.exc_info()[1]
self.send_auth_error(ex)
raise