blob: d14ca3ba11756aeec57b0e0788a8bb1b587a16d4 [file] [log] [blame]
# Copyright (C) 2009 Google Inc. All rights reserved.
# Copyright (C) 2019-2020 Apple Inc. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
#
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following disclaimer
# in the documentation and/or other materials provided with the
# distribution.
# * Neither the name of Google Inc. nor the names of its
# contributors may be used to endorse or promote products derived from
# this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
import logging
import os
import sys
import tempfile
import unittest
from webkitpy.common.net.credentials import Credentials
from webkitpy.common.system.user_mock import MockUser
from webkitpy.thirdparty.mock import Mock
from webkitpy.tool.mocktool import MockOptions
from webkitpy.common.system.executive_mock import MockExecutive
from webkitcorepy import OutputCapture
if sys.version_info > (3, 0):
input_func = input
else:
input_func = raw_input
# FIXME: Other unit tests probably want this class.
class _TemporaryDirectory(object):
def __init__(self, **kwargs):
self._kwargs = kwargs
self._directory_path = None
def __enter__(self):
self._directory_path = tempfile.mkdtemp(**self._kwargs)
return self._directory_path
def __exit__(self, type, value, traceback):
os.rmdir(self._directory_path)
# Note: All tests should use this class instead of Credentials directly to avoid using a real Executive.
class MockedCredentials(Credentials):
def __init__(self, *args, **kwargs):
if 'executive' not in kwargs:
kwargs['executive'] = MockExecutive()
Credentials.__init__(self, *args, **kwargs)
class CredentialsTest(unittest.TestCase):
example_security_output = """keychain: "/Users/test/Library/Keychains/login.keychain"
class: "inet"
attributes:
0x00000007 <blob>="bugs.webkit.org (test@webkit.org)"
0x00000008 <blob>=<NULL>
"acct"<blob>="test@webkit.org"
"atyp"<blob>="form"
"cdat"<timedate>=0x32303039303832353233353231365A00 "20090825235216Z\000"
"crtr"<uint32>=<NULL>
"cusi"<sint32>=<NULL>
"desc"<blob>="Web form password"
"icmt"<blob>="default"
"invi"<sint32>=<NULL>
"mdat"<timedate>=0x32303039303930393137323635315A00 "20090909172651Z\000"
"nega"<sint32>=<NULL>
"path"<blob>=<NULL>
"port"<uint32>=0x00000000
"prot"<blob>=<NULL>
"ptcl"<uint32>="htps"
"scrp"<sint32>=<NULL>
"sdmn"<blob>=<NULL>
"srvr"<blob>="bugs.webkit.org"
"type"<uint32>=<NULL>
password: "SECRETSAUCE"
"""
def test_keychain_lookup_on_non_mac(self):
class FakeCredentials(MockedCredentials):
def _is_mac_os_x(self):
return False
credentials = FakeCredentials("bugs.webkit.org")
self.assertFalse(credentials._is_mac_os_x())
self.assertEqual(credentials._credentials_from_keychain("foo"), ["foo", None])
def test_security_output_parse(self):
credentials = MockedCredentials("bugs.webkit.org")
self.assertEqual(credentials._parse_security_tool_output(self.example_security_output), ["test@webkit.org", "SECRETSAUCE"])
def test_security_output_parse_entry_not_found(self):
# FIXME: This test won't work if the user has a credential for foo.example.com!
credentials = Credentials("foo.example.com")
if not credentials._is_mac_os_x():
return # This test does not run on a non-Mac.
# Note, we ignore the captured output because it is already covered
# by the test case CredentialsTest._assert_security_call (below).
with OutputCapture():
self.assertIsNone(credentials._run_security_tool("find-internet-password"))
def _assert_security_call(self, username=None):
executive_mock = Mock()
credentials = MockedCredentials("example.com", executive=executive_mock)
with OutputCapture(level=logging.INFO) as captured:
credentials._run_security_tool('find-internet-password', username)
self.assertEqual(
captured.root.log.getvalue(),
'Reading Keychain for example.com account and password. Click "Allow" to continue...\n'
)
security_args = ["/usr/bin/security", "find-internet-password", "-g", "-s", "example.com"]
if username:
security_args += ["-a", username]
executive_mock.run_command.assert_called_with(security_args)
def test_security_calls(self):
self._assert_security_call()
self._assert_security_call(username="foo")
def test_credentials_from_environment(self):
credentials = MockedCredentials("example.com")
saved_environ = os.environ.copy()
os.environ['WEBKIT_BUGZILLA_USERNAME'] = "foo"
os.environ['WEBKIT_BUGZILLA_PASSWORD'] = "bar"
username, password = credentials._credentials_from_environment()
self.assertEqual(username, "foo")
self.assertEqual(password, "bar")
os.environ = saved_environ
def test_read_credentials_without_git_repo(self):
# FIXME: This should share more code with test_keyring_without_git_repo
class FakeCredentials(MockedCredentials):
def _is_mac_os_x(self):
return True
def _credentials_from_keychain(self, username):
return ("test@webkit.org", "SECRETSAUCE")
def _credentials_from_environment(self):
return (None, None)
with _TemporaryDirectory(suffix="not_a_git_repo") as temp_dir_path:
credentials = FakeCredentials("bugs.webkit.org", cwd=temp_dir_path)
# FIXME: Using read_credentials here seems too broad as higher-priority
# credential source could be affected by the user's environment.
self.assertEqual(credentials.read_credentials(), ("test@webkit.org", "SECRETSAUCE"))
def test_keyring_without_git_repo(self):
# FIXME: This should share more code with test_read_credentials_without_git_repo
class MockKeyring(object):
def get_password(self, host, username):
return "NOMNOMNOM"
class FakeCredentials(MockedCredentials):
def _is_mac_os_x(self):
return True
def _credentials_from_keychain(self, username):
return ("test@webkit.org", None)
def _credentials_from_environment(self):
return (None, None)
with _TemporaryDirectory(suffix="not_a_git_repo") as temp_dir_path:
credentials = FakeCredentials("fake.hostname", cwd=temp_dir_path, keyring=MockKeyring())
# FIXME: Using read_credentials here seems too broad as higher-priority
# credential source could be affected by the user's environment.
self.assertEqual(credentials.read_credentials(), ("test@webkit.org", "NOMNOMNOM"))
def test_keyring_without_git_repo_nor_keychain(self):
class MockKeyring(object):
def get_password(self, host, username):
return "NOMNOMNOM"
class FakeCredentials(MockedCredentials):
def _credentials_from_keychain(self, username):
return (None, None)
def _credentials_from_environment(self):
return (None, None)
class FakeUser(MockUser):
@classmethod
def prompt(cls, message, repeat=1, raw_input=input_func):
return "test@webkit.org"
@classmethod
def prompt_password(cls, message, repeat=1, raw_input=input_func):
raise AssertionError("should not prompt for password")
with _TemporaryDirectory(suffix="not_a_git_repo") as temp_dir_path:
credentials = FakeCredentials("fake.hostname", cwd=temp_dir_path, keyring=MockKeyring())
# FIXME: Using read_credentials here seems too broad as higher-priority
# credential source could be affected by the user's environment.
self.assertEqual(credentials.read_credentials(FakeUser), ("test@webkit.org", "NOMNOMNOM"))
def test_do_not_use_stored_credentials(self):
class MockKeyring(object):
def get_password(self, host, username):
raise AssertionError("Should not read from keyring.")
class FakeCredentials(MockedCredentials):
def _credentials_from_keychain(self, username):
raise AssertionError("Should not read from keychain.")
def _credentials_from_environment(self):
raise AssertionError("Should not read from environment.")
def _offer_to_store_credentials_in_keyring(self, username, password):
pass
class FakeUser(MockUser):
@classmethod
def prompt(cls, message, repeat=1, raw_input=input_func):
return "test@webkit.org"
@classmethod
def prompt_password(cls, message, repeat=1, raw_input=input_func):
return "NOMNOMNOM"
with _TemporaryDirectory(suffix="not_a_git_repo") as temp_dir_path:
credentials = FakeCredentials("fake.hostname", cwd=temp_dir_path, keyring=MockKeyring())
self.assertEqual(credentials.read_credentials(FakeUser, use_stored_credentials=False), ("test@webkit.org", "NOMNOMNOM"))