do http auth checking in solitude (bug 880363)

mozilla · Jun 6, 2013 · c02c730 · c02c730
1 parent ec51193
commit c02c730
Show file tree

Hide file tree

Showing 4 changed files with 44 additions and 2 deletions.
diff --git a/lib/bango/forms.py b/lib/bango/forms.py
@@ -304,6 +304,16 @@ def clean_moz_transaction(self):
 
 class EventForm(forms.Form):
     notification = forms.CharField(required=True)
+    username = forms.CharField(required=True)
+    password = forms.CharField(required=True)
+
+    def clean(self):
+        username = self.cleaned_data.get('username', '')
+        password = self.cleaned_data.get('password', '')
+        if (username != settings.BANGO_BASIC_AUTH['USER'] or
+            password != settings.BANGO_BASIC_AUTH['PASSWORD']):
+            raise forms.ValidationError('Auth incorrect')
+        return self.cleaned_data
 
     def clean_notification(self):
         try:

diff --git a/lib/bango/tests/test_forms.py b/lib/bango/tests/test_forms.py
@@ -1,5 +1,7 @@
 import json
 
+from django.conf import settings
+
 import mock
 from nose.tools import eq_, ok_
 
@@ -93,6 +95,8 @@ def test_change(self):
         eq_(form.bango_meta['method'], 'SetVATNumber')
 
 
+@mock.patch.object(settings, 'BANGO_BASIC_AUTH',
+                   {'USER': 'f', 'PASSWORD': 'b'})
 class TestEvent(APITest):
 
     def test_empty(self):
@@ -132,9 +136,17 @@ def create(self):
 
     def test_check_good(self):
         self.create()
-        form = EventForm({'notification': event_notification})
+        form = EventForm({'notification': event_notification,
+                          'username': 'f', 'password': 'b'})
         ok_(form.is_valid(), form.errors)
 
+    def test_check_wrong(self):
+        self.create()
+        form = EventForm({'notification': event_notification,
+                          'username': 'f', 'password': 'x'})
+        ok_(not form.is_valid())
+        ok_('__all__' in form.errors)
+
     def test_wierd(self):
         self.create()
         self.trans.status = constants.STATUS_CANCELLED

diff --git a/lib/bango/tests/test_notification.py b/lib/bango/tests/test_notification.py
@@ -3,6 +3,9 @@
 from datetime import datetime, timedelta
 from decimal import Decimal
 
+from django.conf import settings
+
+from mock import patch
 from nose.tools import eq_, ok_
 
 from lib.sellers.models import Seller, SellerProduct
@@ -119,6 +122,7 @@ def test_expired_transaction(self):
             self.post(self.data(), expected_status=400)
 
 
+@patch.object(settings, 'BANGO_BASIC_AUTH', {'USER': 'f', 'PASSWORD': 'b'})
 class TestEvent(APITest):
     api_name = 'bango'
 
@@ -137,7 +141,11 @@ def setUp(self):
 
     def post(self, data=None, expected=201):
         if data is None:
-            data = {'notification': samples.event_notification}
+            data = {
+                'notification': samples.event_notification,
+                'password': 'b',
+                'username': 'f'
+            }
         res = self.client.post(self.url, data=data)
         eq_(res.status_code, expected)
         return json.loads(res.content)
@@ -156,3 +164,9 @@ def test_not_changed(self):
         self.post()
         trans = self.trans.reget()
         eq_(trans.status, STATUS_COMPLETED)
+
+    def test_wrong_auth(self):
+        data = {'notification': samples.event_notification,
+                'password': 'nope',
+                'username': 'yes'}
+        self.post(data, expected=400)
diff --git a/solitude/settings/base.py b/solitude/settings/base.py
@@ -194,13 +194,19 @@
 CLIENT_OAUTH_KEYS = {}
 
 # Bango API settings.
+# These are the credentials for calling Bango.
 BANGO_AUTH = {'USER': 'Mozilla', 'PASSWORD': ''}
+
 # The Bango API environment. This value must be an existing subdirectory
 # under lib/bango/wsdl.
 BANGO_ENV = 'test'
 BANGO_MOCK = False
 BANGO_PROXY = ''
 
+# Notification end points use basic auth.
+# These are the credentials for Bango calling us.
+BANGO_BASIC_AUTH = {'USER': '', 'PASSWORD': ''}
+
 # Anything less than this USD price will be considerd a micro
 # payment. Purchases at these prices cannot be made with credit cards.
 BANGO_MAX_MICRO_AMOUNT = Decimal('0.99')