Skip to content
Permalink
Browse files

[oauth] Fix tests and rebase agains current master

  • Loading branch information
elpaso committed Jun 20, 2018
1 parent b9c2c5c commit 0a67592d2c0cb345732032e499445159616a64da
@@ -124,11 +124,11 @@ IF(WITH_INTERNAL_O2 AND CMAKE_GENERATOR MATCHES "Ninja")
COMMAND
)
ENDIF()
QT4_WRAP_UI(OAUTH2_UIS_H ${OAUTH2_UIS})
QT5_WRAP_UI(OAUTH2_UIS_H ${OAUTH2_UIS})

QT4_WRAP_CPP(OAUTH2_MOC_SRCS ${OAUTH2_MOC_HDRS})
QT5_WRAP_CPP(OAUTH2_MOC_SRCS ${OAUTH2_MOC_HDRS})

QT4_ADD_RESOURCES(OAUTH2_RCC_SRCS ${OAUTH2_RCCS})
QT5_ADD_RESOURCES(OAUTH2_RCC_SRCS ${OAUTH2_RCCS})
############################################################
# Set up plugin targets

@@ -114,7 +114,7 @@ bool QgsAuthOAuth2Method::updateNetworkRequest( QNetworkRequest &request, const
if ( !o2 )
{
msg = QStringLiteral( "Update request FAILED for authcfg %1: null object for requestor" ).arg( authcfg );
QgsMessageLog::logMessage( msg, AUTH_METHOD_KEY, QgsMessageLog::WARNING );
QgsMessageLog::logMessage( msg, AUTH_METHOD_KEY, Qgis::MessageLevel::Warning );
return false;
}

@@ -125,7 +125,7 @@ bool QgsAuthOAuth2Method::updateNetworkRequest( QNetworkRequest &request, const
if ( !QFile::exists( tokencache ) )
{
msg = QStringLiteral( "Token cache removed for authcfg %1: unlinking authenticator" ).arg( authcfg );
QgsMessageLog::logMessage( msg, AUTH_METHOD_KEY, QgsMessageLog::INFO );
QgsMessageLog::logMessage( msg, AUTH_METHOD_KEY, Qgis::MessageLevel::Info );
o2->unlink();
}
}
@@ -143,7 +143,7 @@ bool QgsAuthOAuth2Method::updateNetworkRequest( QNetworkRequest &request, const
if ( expired )
{
msg = QStringLiteral( "Token expired, attempting refresh for authcfg %1" ).arg( authcfg );
QgsMessageLog::logMessage( msg, AUTH_METHOD_KEY, QgsMessageLog::INFO );
QgsMessageLog::logMessage( msg, AUTH_METHOD_KEY, Qgis::MessageLevel::Info );

// Try to get a refresh token first
// go into local event loop and wait for a fired refresh-related slot
@@ -220,15 +220,15 @@ bool QgsAuthOAuth2Method::updateNetworkRequest( QNetworkRequest &request, const
if ( !o2->linked() )
{
msg = QStringLiteral( "Update request FAILED for authcfg %1: requestor could not link app" ).arg( authcfg );
QgsMessageLog::logMessage( msg, AUTH_METHOD_KEY, QgsMessageLog::WARNING );
QgsMessageLog::logMessage( msg, AUTH_METHOD_KEY, Qgis::MessageLevel::Warning );
return false;
}
}

if ( o2->token().isEmpty() )
{
msg = QStringLiteral( "Update request FAILED for authcfg %1: access token is empty" ).arg( authcfg );
QgsMessageLog::logMessage( msg, AUTH_METHOD_KEY, QgsMessageLog::WARNING );
QgsMessageLog::logMessage( msg, AUTH_METHOD_KEY, Qgis::MessageLevel::Warning );
return false;
}

@@ -243,13 +243,13 @@ bool QgsAuthOAuth2Method::updateNetworkRequest( QNetworkRequest &request, const
case QgsAuthOAuth2Config::Header:
request.setRawHeader( O2_HTTP_AUTHORIZATION_HEADER, QStringLiteral( "Bearer %1" ).arg( o2->token() ).toAscii() );
msg = QStringLiteral( "Updated request HEADER with access token for authcfg: %1" ).arg( authcfg );
QgsMessageLog::logMessage( msg, AUTH_METHOD_KEY, QgsMessageLog::INFO );
QgsMessageLog::logMessage( msg, AUTH_METHOD_KEY, Qgis::MessageLevel::Info );
break;
case QgsAuthOAuth2Config::Form:
// FIXME: what to do here if the parent request is not POST?
// probably have to skip this until auth system support is moved into QgsNetworkAccessManager
msg = QStringLiteral( "Update request FAILED for authcfg %1: form POST token update is unsupported" ).arg( authcfg );
QgsMessageLog::logMessage( msg, AUTH_METHOD_KEY, QgsMessageLog::WARNING );
QgsMessageLog::logMessage( msg, AUTH_METHOD_KEY, Qgis::MessageLevel::Warning );
break;
case QgsAuthOAuth2Config::Query:
if ( !query.hasQueryItem( O2_OAUTH2_ACCESS_TOKEN ) )
@@ -263,7 +263,7 @@ bool QgsAuthOAuth2Method::updateNetworkRequest( QNetworkRequest &request, const
{
msg = QStringLiteral( "Updated request QUERY with access token SKIPPED (existing token) for authcfg: %1" ).arg( authcfg );
}
QgsMessageLog::logMessage( msg, AUTH_METHOD_KEY, QgsMessageLog::INFO );
QgsMessageLog::logMessage( msg, AUTH_METHOD_KEY, Qgis::MessageLevel::Info );
break;
}

@@ -284,7 +284,7 @@ bool QgsAuthOAuth2Method::updateNetworkReply( QNetworkReply *reply, const QStrin
{
QString msg = QStringLiteral( "Updated reply with token refresh connection FAILED"
" for authcfg %1: null reply object" ).arg( authcfg );
QgsMessageLog::logMessage( msg, AUTH_METHOD_KEY, QgsMessageLog::WARNING );
QgsMessageLog::logMessage( msg, AUTH_METHOD_KEY, Qgis::MessageLevel::Warning );
return false;
}
reply->setProperty( "authcfg", authcfg );
@@ -296,7 +296,7 @@ bool QgsAuthOAuth2Method::updateNetworkReply( QNetworkReply *reply, const QStrin
// this, &QgsAuthOAuth2Method::onNetworkError, Qt::QueuedConnection );

QString msg = QStringLiteral( "Updated reply with token refresh connection for authcfg: %1" ).arg( authcfg );
QgsMessageLog::logMessage( msg, AUTH_METHOD_KEY, QgsMessageLog::INFO );
QgsMessageLog::logMessage( msg, AUTH_METHOD_KEY, Qgis::MessageLevel::Info );

return true;
}
@@ -311,7 +311,7 @@ void QgsAuthOAuth2Method::onLinkedChanged()
void QgsAuthOAuth2Method::onLinkingFailed()
{
// Login has failed
QgsMessageLog::logMessage( tr( "Authenticator linking (login) has failed" ), AUTH_METHOD_KEY, QgsMessageLog::WARNING );
QgsMessageLog::logMessage( tr( "Authenticator linking (login) has failed" ), AUTH_METHOD_KEY, Qgis::MessageLevel::Warning );
}

void QgsAuthOAuth2Method::onLinkingSucceeded()
@@ -320,18 +320,18 @@ void QgsAuthOAuth2Method::onLinkingSucceeded()
if ( !o2 )
{
QgsMessageLog::logMessage( tr( "Linking succeeded, but authenticator access FAILED: null object" ),
AUTH_METHOD_KEY, QgsMessageLog::WARNING );
AUTH_METHOD_KEY, Qgis::MessageLevel::Warning );
return;
}

if ( !o2->linked() )
{
QgsMessageLog::logMessage( tr( "Linking apparently succeeded, but authenticator FAILED to verify it is linked" ),
AUTH_METHOD_KEY, QgsMessageLog::WARNING );
AUTH_METHOD_KEY, Qgis::MessageLevel::Warning );
return;
}

QgsMessageLog::logMessage( tr( "Linking succeeded" ), AUTH_METHOD_KEY, QgsMessageLog::INFO );
QgsMessageLog::logMessage( tr( "Linking succeeded" ), AUTH_METHOD_KEY, Qgis::MessageLevel::Info );

//###################### DO NOT LEAVE ME UNCOMMENTED ######################
//QgsDebugMsg( QStringLiteral( "Access token: %1" ).arg( o2->token() ) );
@@ -357,15 +357,15 @@ void QgsAuthOAuth2Method::onOpenBrowser( const QUrl &url )
// The user will interact with this browser window to
// enter login name, password, and authorize your application
// to access the Twitter account
QgsMessageLog::logMessage( tr( "Open browser requested" ), AUTH_METHOD_KEY, QgsMessageLog::INFO );
QgsMessageLog::logMessage( tr( "Open browser requested" ), AUTH_METHOD_KEY, Qgis::MessageLevel::Info );

QDesktopServices::openUrl( url );
}

void QgsAuthOAuth2Method::onCloseBrowser()
{
// Close the browser window opened in openBrowser()
QgsMessageLog::logMessage( tr( "Close browser requested" ), AUTH_METHOD_KEY, QgsMessageLog::INFO );
QgsMessageLog::logMessage( tr( "Close browser requested" ), AUTH_METHOD_KEY, Qgis::MessageLevel::Info );

// Bring focus back to QGIS app
if ( qobject_cast<QApplication *>( qApp ) )
@@ -385,10 +385,10 @@ void QgsAuthOAuth2Method::onCloseBrowser()

void QgsAuthOAuth2Method::onReplyFinished()
{
QgsMessageLog::logMessage( tr( "Network reply finished" ), AUTH_METHOD_KEY, QgsMessageLog::INFO );
QgsMessageLog::logMessage( tr( "Network reply finished" ), AUTH_METHOD_KEY, Qgis::MessageLevel::Info );
QNetworkReply *reply = qobject_cast<QNetworkReply *>( sender() );
QgsMessageLog::logMessage( tr( "Results: %1" ).arg( QString( reply->readAll() ) ),
AUTH_METHOD_KEY, QgsMessageLog::INFO );
AUTH_METHOD_KEY, Qgis::MessageLevel::Info );
}

void QgsAuthOAuth2Method::onNetworkError( QNetworkReply::NetworkError err )
@@ -399,32 +399,32 @@ void QgsAuthOAuth2Method::onNetworkError( QNetworkReply::NetworkError err )
if ( !reply )
{
msg = tr( "Network error but no reply object accessible" );
QgsMessageLog::logMessage( msg, AUTH_METHOD_KEY, QgsMessageLog::WARNING );
QgsMessageLog::logMessage( msg, AUTH_METHOD_KEY, Qgis::MessageLevel::Warning );
return;
}
if ( err != QNetworkReply::NoError )
{
msg = tr( "Network error: %1" ).arg( reply->errorString() );
QgsMessageLog::logMessage( msg, AUTH_METHOD_KEY, QgsMessageLog::WARNING );
QgsMessageLog::logMessage( msg, AUTH_METHOD_KEY, Qgis::MessageLevel::Warning );
}

// TODO: update debug messages to output to QGIS

int status = reply->attribute( QNetworkRequest::HttpStatusCodeAttribute ).toInt();
msg = tr( "Network error, HTTP status: %1" ).arg(
reply->attribute( QNetworkRequest::HttpReasonPhraseAttribute ).toString() );
QgsMessageLog::logMessage( msg, AUTH_METHOD_KEY, QgsMessageLog::INFO );
QgsMessageLog::logMessage( msg, AUTH_METHOD_KEY, Qgis::MessageLevel::Info );

if ( status == 401 )
{
msg = tr( "Attempting token refresh..." );
QgsMessageLog::logMessage( msg, AUTH_METHOD_KEY, QgsMessageLog::INFO );
QgsMessageLog::logMessage( msg, AUTH_METHOD_KEY, Qgis::MessageLevel::Info );

QString authcfg = reply->property( "authcfg" ).toString();
if ( authcfg.isEmpty() )
{
msg = tr( "Token refresh FAILED: authcfg empty" );
QgsMessageLog::logMessage( msg, AUTH_METHOD_KEY, QgsMessageLog::WARNING );
QgsMessageLog::logMessage( msg, AUTH_METHOD_KEY, Qgis::MessageLevel::Warning );
return;
}

@@ -438,12 +438,12 @@ void QgsAuthOAuth2Method::onNetworkError( QNetworkReply::NetworkError err )
o2->refresh();

msg = tr( "Background token refresh underway for authcfg: %1" ).arg( authcfg );
QgsMessageLog::logMessage( msg, AUTH_METHOD_KEY, QgsMessageLog::INFO );
QgsMessageLog::logMessage( msg, AUTH_METHOD_KEY, Qgis::MessageLevel::Info );
}
else
{
msg = tr( "Background token refresh FAILED for authcfg %1: could not get authenticator object" ).arg( authcfg );
QgsMessageLog::logMessage( msg, AUTH_METHOD_KEY, QgsMessageLog::WARNING );
QgsMessageLog::logMessage( msg, AUTH_METHOD_KEY, Qgis::MessageLevel::Warning );
}
}
}
@@ -454,7 +454,7 @@ void QgsAuthOAuth2Method::onRefreshFinished( QNetworkReply::NetworkError err )
if ( err != QNetworkReply::NoError )
{
QgsMessageLog::logMessage( tr( "Token fefresh error: %1" ).arg( reply->errorString() ),
AUTH_METHOD_KEY, QgsMessageLog::WARNING );
AUTH_METHOD_KEY, Qgis::MessageLevel::Warning );
}
}

@@ -57,12 +57,15 @@ MACRO (ADD_QGIS_TEST testname testsrc)
TARGET_LINK_LIBRARIES(qgis_${testname} ${APP_SERVICES_LIBRARY})
ENDIF(APPLE)
TARGET_LINK_LIBRARIES(qgis_${testname}
${QT_QTCORE_LIBRARY}
${QT_QTGUI_LIBRARY}
${QT_QTNETWORK_LIBRARY}
${QT_QTXML_LIBRARY}
${Qt5Core_LIBRARIES}
${Qt5Xml_LIBRARIES}
${Qt5Svg_LIBRARIES}
${Qt5Test_LIBRARIES}
${Qt5Network_LIBRARIES}
${PROJ_LIBRARY}
${GEOS_LIBRARY}
${GDAL_LIBRARY}
${OPTIONAL_QTWEBKIT}
${QT_QTTEST_LIBRARY}
${PROJ_LIBRARY}
${GEOS_LIBRARY}
${GDAL_LIBRARY}
@@ -203,12 +203,8 @@
qgs_server = QgsServer()


<<<<<<< a929de58a77eb0040b173a59df22ef510cd51023
if os.environ.get('QGIS_SERVER_HTTP_BASIC_AUTH') is not None:
=======
if QGIS_SERVER_HTTP_BASIC_AUTH:
from qgis.server import QgsServerFilter
>>>>>>> [oauth2] Added test for resource owner password grant flow
import base64

class HTTPBasicFilter(QgsServerFilter):
@@ -242,7 +238,6 @@ def responseComplete(self):
qgs_server.serverInterface().registerFilter(filter)


<<<<<<< a929de58a77eb0040b173a59df22ef510cd51023
def num2deg(xtile, ytile, zoom):
"""This returns the NW-corner of the square. Use the function with xtile+1 and/or ytile+1
to get the other corners. With xtile+0.5 & ytile+0.5 it will return the center of the tile."""
@@ -277,7 +272,7 @@ def requestReady(self):

xyzfilter = XYZFilter(qgs_server.serverInterface())
qgs_server.serverInterface().registerFilter(xyzfilter)
=======

if QGIS_SERVER_OAUTH2_AUTH:
from qgis.server import QgsServerFilter
from oauthlib.oauth2 import RequestValidator, LegacyApplicationServer
@@ -415,7 +410,6 @@ def _token(ttl):

filter = OAuth2Filter(qgs_server.serverInterface())
qgs_server.serverInterface().registerFilter(filter)
>>>>>>> [oauth2] Added test for resource owner password grant flow


class Handler(BaseHTTPRequestHandler):
@@ -424,17 +418,11 @@ def do_GET(self, post_body=None):
# CGI vars:
headers = {}
for k, v in self.headers.items():
<<<<<<< a7fb4238893336c8d5b2b4802f63588175e70c83
headers['HTTP_%s' % k.replace(' ', '-').replace('-', '_').replace(' ', '-').upper()] = v
if not self.path.startswith('http'):
self.path = "%s://%s:%s%s" % ('https' if https else 'http', QGIS_SERVER_HOST, self.server.server_port, self.path)
request = QgsBufferServerRequest(self.path, (QgsServerRequest.PostMethod if post_body is not None else QgsServerRequest.GetMethod), headers, post_body)
=======
headers['HTTP_%s' % k.replace(
' ', '-').replace('-', '_').replace(' ', '-').upper()] = v
self.path = "%s://%s:%s%s" % ('https' if HTTPS_ENABLED else 'http', QGIS_SERVER_HOST, self.server.server_port, self.path)
request = QgsBufferServerRequest(
self.path, (QgsServerRequest.PostMethod if post_body is not None else QgsServerRequest.GetMethod), headers, post_body)
>>>>>>> Pass urlencoded URL to the oauth handler
response = QgsBufferServerResponse()
qgs_server.handleRequest(request, response)

@@ -461,20 +449,10 @@ class ThreadedHTTPServer(ThreadingMixIn, HTTPServer):


if __name__ == '__main__':
<<<<<<< a929de58a77eb0040b173a59df22ef510cd51023
if os.environ.get('MULTITHREADING') == '1':
server = ThreadedHTTPServer((QGIS_SERVER_HOST, QGIS_SERVER_PORT), Handler)
else:
server = HTTPServer((QGIS_SERVER_HOST, QGIS_SERVER_PORT), Handler)
if https:
server.socket = ssl.wrap_socket(server.socket,
certfile=QGIS_SERVER_PKI_CERTIFICATE,
keyfile=QGIS_SERVER_PKI_KEY,
ca_certs=QGIS_SERVER_PKI_AUTHORITY,
cert_reqs=ssl.CERT_REQUIRED,
server_side=True,
ssl_version=ssl.PROTOCOL_TLSv1)
=======
server = HTTPServer((QGIS_SERVER_HOST, QGIS_SERVER_PORT), Handler)
# HTTPS is enabled if any of PKI or OAuth2 are enabled too
if HTTPS_ENABLED:
@@ -497,7 +475,6 @@ class ThreadedHTTPServer(ThreadingMixIn, HTTPServer):
server_side=True,
ssl_version=ssl.PROTOCOL_TLSv1)

>>>>>>> [oauth2] Added test for resource owner password grant flow
print('Starting server on %s://%s:%s, use <Ctrl-C> to stop' %
('https' if HTTPS_ENABLED else 'http', QGIS_SERVER_HOST, server.server_port), flush=True)

@@ -36,7 +36,7 @@

from utilities import unitTestDataPath, waitServer
from qgis.core import (
QgsAuthManager,
QgsApplication,
QgsAuthMethodConfig,
QgsVectorLayer,
QgsRasterLayer,
@@ -87,19 +87,19 @@ def setup_oauth(username, password, token_uri, refresh_token_uri='', authcfg_id=
"version": 1
}

if authcfg_id not in QgsAuthManager.instance().availableAuthMethodConfigs():
if authcfg_id not in QgsApplication.authManager().availableAuthMethodConfigs():
authConfig = QgsAuthMethodConfig('OAuth2')
authConfig.setId(authcfg_id)
authConfig.setName(authcfg_name)
authConfig.setConfig('oauth2config', json.dumps(cfgjson))
if QgsAuthManager.instance().storeAuthenticationConfig(authConfig):
if QgsApplication.authManager().storeAuthenticationConfig(authConfig):
return authcfg_id
else:
authConfig = QgsAuthMethodConfig()
QgsAuthManager.instance().loadAuthenticationConfig(authcfg_id, authConfig, True)
QgsApplication.authManager().loadAuthenticationConfig(authcfg_id, authConfig, True)
authConfig.setName(authcfg_name)
authConfig.setConfig('oauth2config', json.dumps(cfgjson))
if QgsAuthManager.instance().updateAuthenticationConfig(authConfig):
if QgsApplication.authManager().updateAuthenticationConfig(authConfig):
return authcfg_id
return None

@@ -109,7 +109,7 @@ class TestAuthManager(unittest.TestCase):
@classmethod
def setUpAuth(cls):
"""Run before all tests and set up authentication"""
authm = QgsAuthManager.instance()
authm = QgsApplication.authManager()
assert (authm.setMasterPassword('masterpassword', True))
cls.sslrootcert_path = os.path.join(cls.certsdata_path, 'chains_subissuer-issuer-root_issuer2-root2.pem')
assert os.path.isfile(cls.sslrootcert_path)
@@ -178,7 +178,7 @@ def setUpClass(cls):
# This is to test wrong credentials
cls.wrong_authcfg_id = setup_oauth('wrong', 'wrong', cls.token_uri, cls.refresh_token_uri, str(random.randint(0, 10000000)))
# Get the authentication configuration instance:
cls.auth_config = QgsAuthManager.instance().availableAuthMethodConfigs()[cls.authcfg_id]
cls.auth_config = QgsApplication.authManager().availableAuthMethodConfigs()[cls.authcfg_id]
assert cls.auth_config.isValid()

# Wait for the server process to start

0 comments on commit 0a67592

Please sign in to comment.
You can’t perform that action at this time.