Add browser-friendly remote token bootstrap
This commit is contained in:
+51
@@ -51,6 +51,9 @@ class DummyHandler:
|
||||
self.error_status = None
|
||||
self.error_message = None
|
||||
self.file_path = None
|
||||
self.response_status = None
|
||||
self.response_headers = []
|
||||
self.wfile = io.BytesIO()
|
||||
|
||||
def ensure_client_access(self):
|
||||
return APP.Handler.ensure_client_access(self)
|
||||
@@ -75,6 +78,15 @@ class DummyHandler:
|
||||
def exception(self, exc):
|
||||
return APP.Handler.exception(self, exc)
|
||||
|
||||
def send_response(self, status):
|
||||
self.response_status = status
|
||||
|
||||
def send_header(self, key, value):
|
||||
self.response_headers.append((key, value))
|
||||
|
||||
def end_headers(self):
|
||||
return None
|
||||
|
||||
|
||||
class NetworkGuardTests(unittest.TestCase):
|
||||
def test_runtime_bootstrap_is_deferred_until_initialize(self):
|
||||
@@ -111,6 +123,45 @@ class NetworkGuardTests(unittest.TestCase):
|
||||
):
|
||||
APP.Handler.ensure_client_access(handler)
|
||||
|
||||
def test_remote_access_accepts_valid_cookie_token_for_non_local_clients(self):
|
||||
handler = DummyHandler("/api/config")
|
||||
handler.client_address = ("192.168.1.25", 8421)
|
||||
handler.headers["Cookie"] = "ani_cli_web_token=secret-token"
|
||||
|
||||
with mock.patch.dict(
|
||||
os.environ,
|
||||
{"ANI_CLI_WEB_ALLOW_REMOTE": "1", "ANI_CLI_WEB_REMOTE_TOKEN": "secret-token"},
|
||||
clear=False,
|
||||
):
|
||||
APP.Handler.ensure_client_access(handler)
|
||||
|
||||
def test_remote_access_accepts_valid_query_token_for_non_local_clients(self):
|
||||
handler = DummyHandler("/api/config?token=secret-token")
|
||||
handler.client_address = ("192.168.1.25", 8421)
|
||||
|
||||
with mock.patch.dict(
|
||||
os.environ,
|
||||
{"ANI_CLI_WEB_ALLOW_REMOTE": "1", "ANI_CLI_WEB_REMOTE_TOKEN": "secret-token"},
|
||||
clear=False,
|
||||
):
|
||||
APP.Handler.ensure_client_access(handler)
|
||||
|
||||
def test_remote_get_bootstraps_cookie_and_redirects_when_query_token_valid(self):
|
||||
handler = DummyHandler("/?token=secret-token")
|
||||
handler.client_address = ("192.168.1.25", 8421)
|
||||
|
||||
with mock.patch.dict(
|
||||
os.environ,
|
||||
{"ANI_CLI_WEB_ALLOW_REMOTE": "1", "ANI_CLI_WEB_REMOTE_TOKEN": "secret-token"},
|
||||
clear=False,
|
||||
):
|
||||
APP.Handler.do_GET(handler)
|
||||
|
||||
headers = dict(handler.response_headers)
|
||||
self.assertEqual(handler.response_status, HTTPStatus.SEE_OTHER)
|
||||
self.assertEqual(headers.get("Location"), "/")
|
||||
self.assertIn("ani_cli_web_token=secret-token", headers.get("Set-Cookie", ""))
|
||||
|
||||
def test_loopback_proxy_with_forwarded_remote_ip_requires_token(self):
|
||||
handler = DummyHandler("/api/config")
|
||||
handler.client_address = ("127.0.0.1", 8421)
|
||||
|
||||
Reference in New Issue
Block a user