|
| 1 | +# -*- coding: utf-8 -*- |
| 2 | +""" |
| 3 | +Tests for auth manager WMS/WFS using QGIS Server through HTTP Basic |
| 4 | +enabled qgis_wrapped_server.py. |
| 5 | +
|
| 6 | +This is an integration test for QGIS Desktop Auth Manager WFS and WMS provider |
| 7 | +and QGIS Server WFS/WMS that check if QGIS can use a stored auth manager auth |
| 8 | +configuration to access an HTTP Basic protected endpoint. |
| 9 | +
|
| 10 | +
|
| 11 | +From build dir, run: ctest -R PyQgsAuthManagerEnpointTest -V |
| 12 | +
|
| 13 | +.. note:: This program is free software; you can redistribute it and/or modify |
| 14 | +it under the terms of the GNU General Public License as published by |
| 15 | +the Free Software Foundation; either version 2 of the License, or |
| 16 | +(at your option) any later version. |
| 17 | +""" |
| 18 | +import os |
| 19 | +import sys |
| 20 | +import subprocess |
| 21 | +import tempfile |
| 22 | +import random |
| 23 | +import string |
| 24 | +import urllib |
| 25 | + |
| 26 | +__author__ = 'Alessandro Pasotti' |
| 27 | +__date__ = '18/09/2016' |
| 28 | +__copyright__ = 'Copyright 2016, The QGIS Project' |
| 29 | +# This will get replaced with a git SHA1 when you do a git archive |
| 30 | +__revision__ = '$Format:%H$' |
| 31 | + |
| 32 | +from time import sleep |
| 33 | +from urllib.parse import quote |
| 34 | +from shutil import rmtree |
| 35 | + |
| 36 | +from utilities import unitTestDataPath |
| 37 | +from qgis.core import ( |
| 38 | + QgsAuthManager, |
| 39 | + QgsAuthMethodConfig, |
| 40 | + QgsVectorLayer, |
| 41 | + QgsRasterLayer, |
| 42 | +) |
| 43 | +from qgis.testing import ( |
| 44 | + start_app, |
| 45 | + unittest, |
| 46 | +) |
| 47 | + |
| 48 | +try: |
| 49 | + QGIS_SERVER_AUTHMANAGER_DEFAULT_PORT = os.environ['QGIS_SERVER_AUTHMANAGER_DEFAULT_PORT'] |
| 50 | +except: |
| 51 | + import socket |
| 52 | + s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) |
| 53 | + s.bind(("", 0)) |
| 54 | + QGIS_SERVER_AUTHMANAGER_DEFAULT_PORT = s.getsockname()[1] |
| 55 | + s.close() |
| 56 | + |
| 57 | +QGIS_AUTH_DB_DIR_PATH = tempfile.mkdtemp() |
| 58 | + |
| 59 | +os.environ['QGIS_AUTH_DB_DIR_PATH'] = QGIS_AUTH_DB_DIR_PATH |
| 60 | + |
| 61 | +qgis_app = start_app() |
| 62 | + |
| 63 | + |
| 64 | +class TestAuthManager(unittest.TestCase): |
| 65 | + |
| 66 | + @classmethod |
| 67 | + def setUpClass(cls): |
| 68 | + """Run before all tests: |
| 69 | + Creates an auth configuration""" |
| 70 | + cls.port = QGIS_SERVER_AUTHMANAGER_DEFAULT_PORT |
| 71 | + # Clean env just to be sure |
| 72 | + env_vars = ['QUERY_STRING', 'QGIS_PROJECT_FILE'] |
| 73 | + for ev in env_vars: |
| 74 | + try: |
| 75 | + del os.environ[ev] |
| 76 | + except KeyError: |
| 77 | + pass |
| 78 | + cls.testdata_path = unitTestDataPath('qgis_server') + '/' |
| 79 | + cls.project_path = quote(cls.testdata_path + "test_project.qgs") |
| 80 | + # Enable auth |
| 81 | + #os.environ['QGIS_AUTH_PASSWORD_FILE'] = QGIS_AUTH_PASSWORD_FILE |
| 82 | + authm = QgsAuthManager.instance() |
| 83 | + assert (authm.setMasterPassword('masterpassword', True)) |
| 84 | + cls.auth_config = QgsAuthMethodConfig('Basic') |
| 85 | + cls.auth_config.setName('test_auth_config') |
| 86 | + cls.username = ''.join(random.choice(string.ascii_uppercase + string.digits) for _ in range(6)) |
| 87 | + cls.password = cls.username[::-1] # reversed |
| 88 | + cls.auth_config.setConfig('username', cls.username) |
| 89 | + cls.auth_config.setConfig('password', cls.password) |
| 90 | + assert (authm.storeAuthenticationConfig(cls.auth_config)[0]) |
| 91 | + |
| 92 | + os.environ['QGIS_SERVER_HTTP_BASIC_AUTH'] = '1' |
| 93 | + os.environ['QGIS_SERVER_USERNAME'] = cls.username |
| 94 | + os.environ['QGIS_SERVER_PASSWORD'] = cls.password |
| 95 | + os.environ['QGIS_SERVER_DEFAULT_PORT'] = str(cls.port) |
| 96 | + server_path = os.path.dirname(os.path.realpath(__file__)) + \ |
| 97 | + '/qgis_wrapped_server.py' |
| 98 | + cls.server = subprocess.Popen([sys.executable, server_path], |
| 99 | + env=os.environ) |
| 100 | + sleep(2) |
| 101 | + |
| 102 | + @classmethod |
| 103 | + def tearDownClass(cls): |
| 104 | + """Run after all tests""" |
| 105 | + cls.server.terminate() |
| 106 | + rmtree(QGIS_AUTH_DB_DIR_PATH) |
| 107 | + del cls.server |
| 108 | + |
| 109 | + def setUp(self): |
| 110 | + """Run before each test.""" |
| 111 | + pass |
| 112 | + |
| 113 | + def tearDown(self): |
| 114 | + """Run after each test.""" |
| 115 | + pass |
| 116 | + |
| 117 | + @classmethod |
| 118 | + def _getWFSLayer(cls, type_name, layer_name=None, authcfg=None): |
| 119 | + """ |
| 120 | + WFS layer factory |
| 121 | + """ |
| 122 | + if layer_name is None: |
| 123 | + layer_name = 'wfs_' + type_name |
| 124 | + parms = { |
| 125 | + 'srsname': 'EPSG:4326', |
| 126 | + 'typename': type_name, |
| 127 | + 'url': 'http://127.0.0.1:%s/?map=%s' % (cls.port, cls.project_path), |
| 128 | + 'version': 'auto', |
| 129 | + 'table': '', |
| 130 | + } |
| 131 | + if authcfg is not None: |
| 132 | + parms.update({'authcfg': authcfg}) |
| 133 | + uri = ' '.join([("%s='%s'" % (k, v)) for k, v in list(parms.items())]) |
| 134 | + wfs_layer = QgsVectorLayer(uri, layer_name, 'WFS') |
| 135 | + return wfs_layer |
| 136 | + |
| 137 | + @classmethod |
| 138 | + def _getWMSLayer(cls, layers, layer_name=None, authcfg=None): |
| 139 | + """ |
| 140 | + WMS layer factory |
| 141 | + """ |
| 142 | + if layer_name is None: |
| 143 | + layer_name = 'wms_' + layers.replace(',', '') |
| 144 | + parms = { |
| 145 | + 'crs': 'EPSG:4326', |
| 146 | + 'url': 'http://127.0.0.1:%s/?map=%s' % (cls.port, cls.project_path), |
| 147 | + 'format': 'image/png', |
| 148 | + # This is needed because of a really wierd implementation in QGIS Server, that |
| 149 | + # replaces _ in the the real layer name with spaces |
| 150 | + 'layers': urllib.parse.quote(layers).replace('_', ' '), |
| 151 | + 'styles': '', |
| 152 | + #'sql': '', |
| 153 | + } |
| 154 | + if authcfg is not None: |
| 155 | + parms.update({'authcfg': authcfg}) |
| 156 | + uri = '&'.join([("%s=%s" % (k, v.replace('=', '%3D'))) for k, v in list(parms.items())]) |
| 157 | + wms_layer = QgsRasterLayer(uri, layer_name, 'wms') |
| 158 | + return wms_layer |
| 159 | + |
| 160 | + def testValidAuthAccess(self): |
| 161 | + """ |
| 162 | + Access the HTTP Basic protected layer with valid credentials |
| 163 | + """ |
| 164 | + wfs_layer = self._getWFSLayer('testlayer_èé', authcfg=self.auth_config.id()) |
| 165 | + self.assertTrue(wfs_layer.isValid()) |
| 166 | + wms_layer = self._getWMSLayer('testlayer_èé', authcfg=self.auth_config.id()) |
| 167 | + self.assertTrue(wms_layer.isValid()) |
| 168 | + |
| 169 | + def testInvalidAuthAccess(self): |
| 170 | + """ |
| 171 | + Access the HTTP Basic protected layer with no credentials |
| 172 | + """ |
| 173 | + wfs_layer = self._getWFSLayer('testlayer_èé') |
| 174 | + self.assertFalse(wfs_layer.isValid()) |
| 175 | + wms_layer = self._getWMSLayer('testlayer_èé') |
| 176 | + self.assertFalse(wms_layer.isValid()) |
| 177 | + |
| 178 | + |
| 179 | +if __name__ == '__main__': |
| 180 | + unittest.main() |
0 commit comments