hazza/jupyterhub
1
0
Fork 0
mirror of https://github.com/jupyterhub/jupyterhub.git synced 2025-10-18 07:23:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add tests for authentication blacklist

Browse Source
This commit is contained in:
Richard Darst
2018-04-26 14:56:32 +03:00
parent ea7b1caa4e
commit 95a9b97649
2 changed files with 60 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
jupyterhub/auth.py
View File

@@ -274,13 +274,13 @@ class Authenticator(LoggingConfigurable):
return return
blacklist_pass = await maybe_future(self.check_blacklist(username)) blacklist_pass = await maybe_future(self.check_blacklist(username))
whitelist_pass = await maybe_future(self.check_whitelist(username))
if blacklist_pass: if blacklist_pass:
pass pass
else: else:
self.log.warning("User %r in blacklist. Stop authentication", username) self.log.warning("User %r in blacklist. Stop authentication", username)
return return
whitelist_pass = await maybe_future(self.check_whitelist(username))
if whitelist_pass: if whitelist_pass:
return authenticated return authenticated
else: else:

59
jupyterhub/tests/test_auth.py
View File

@@ -103,6 +103,65 @@ def test_pam_auth_group_whitelist():
assert authorized is None assert authorized is None
@pytest.mark.gen_test
def test_pam_auth_blacklist():
# Null case compared to next case
authenticator = MockPAMAuthenticator()
authorized = yield authenticator.get_authenticated_user(None, {
'username': 'wash',
'password': 'wash',
})
assert authorized['name'] == 'wash'
# Blacklist basics
authenticator = MockPAMAuthenticator(blacklist={'wash'})
authorized = yield authenticator.get_authenticated_user(None, {
'username': 'wash',
'password': 'wash',
})
assert authorized is None
# User in both white and blacklists: default deny. Make error someday?
authenticator = MockPAMAuthenticator(blacklist={'wash'}, whitelist={'wash', 'kaylee'})
authorized = yield authenticator.get_authenticated_user(None, {
'username': 'wash',
'password': 'wash',
})
assert authorized is None
# User not in blacklist can log in
authenticator = MockPAMAuthenticator(blacklist={'wash'}, whitelist={'wash', 'kaylee'})
authorized = yield authenticator.get_authenticated_user(None, {
'username': 'kaylee',
'password': 'kaylee',
})
assert authorized['name'] == 'kaylee'
# User in whitelist, blacklist irrelevent
authenticator = MockPAMAuthenticator(blacklist={'mal'}, whitelist={'wash', 'kaylee'})
authorized = yield authenticator.get_authenticated_user(None, {
'username': 'wash',
'password': 'wash',
})
assert authorized['name'] == 'wash'
# User in neither list
authenticator = MockPAMAuthenticator(blacklist={'mal'}, whitelist={'wash', 'kaylee'})
authorized = yield authenticator.get_authenticated_user(None, {
'username': 'simon',
'password': 'simon',
})
assert authorized is None
# blacklist == {}
authenticator = MockPAMAuthenticator(blacklist=set(), whitelist={'wash', 'kaylee'})
authorized = yield authenticator.get_authenticated_user(None, {
'username': 'kaylee',
'password': 'kaylee',
})
assert authorized['name'] == 'kaylee'
@pytest.mark.gen_test @pytest.mark.gen_test
def test_pam_auth_no_such_group(): def test_pam_auth_no_such_group():
authenticator = MockPAMAuthenticator(group_whitelist={'nosuchcrazygroup'}) authenticator = MockPAMAuthenticator(group_whitelist={'nosuchcrazygroup'})