| # Copyright (C) 2009 Google Inc. All rights reserved. |
| # Copyright (C) 2019-2020 Apple Inc. All rights reserved. |
| # |
| # Redistribution and use in source and binary forms, with or without |
| # modification, are permitted provided that the following conditions are |
| # met: |
| # |
| # * Redistributions of source code must retain the above copyright |
| # notice, this list of conditions and the following disclaimer. |
| # * Redistributions in binary form must reproduce the above |
| # copyright notice, this list of conditions and the following disclaimer |
| # in the documentation and/or other materials provided with the |
| # distribution. |
| # * Neither the name of Google Inc. nor the names of its |
| # contributors may be used to endorse or promote products derived from |
| # this software without specific prior written permission. |
| # |
| # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
| # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
| # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |
| # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT |
| # OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
| # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
| # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
| # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
| # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
| # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| |
| import logging |
| import os |
| import sys |
| import tempfile |
| import unittest |
| |
| from webkitpy.common.net.credentials import Credentials |
| from webkitpy.common.system.user_mock import MockUser |
| from webkitpy.thirdparty.mock import Mock |
| from webkitpy.tool.mocktool import MockOptions |
| from webkitpy.common.system.executive_mock import MockExecutive |
| |
| from webkitcorepy import OutputCapture |
| |
| if sys.version_info > (3, 0): |
| input_func = input |
| else: |
| input_func = raw_input |
| |
| |
| # FIXME: Other unit tests probably want this class. |
| class _TemporaryDirectory(object): |
| def __init__(self, **kwargs): |
| self._kwargs = kwargs |
| self._directory_path = None |
| |
| def __enter__(self): |
| self._directory_path = tempfile.mkdtemp(**self._kwargs) |
| return self._directory_path |
| |
| def __exit__(self, type, value, traceback): |
| os.rmdir(self._directory_path) |
| |
| |
| # Note: All tests should use this class instead of Credentials directly to avoid using a real Executive. |
| class MockedCredentials(Credentials): |
| def __init__(self, *args, **kwargs): |
| if 'executive' not in kwargs: |
| kwargs['executive'] = MockExecutive() |
| Credentials.__init__(self, *args, **kwargs) |
| |
| |
| class CredentialsTest(unittest.TestCase): |
| example_security_output = """keychain: "/Users/test/Library/Keychains/login.keychain" |
| class: "inet" |
| attributes: |
| 0x00000007 <blob>="bugs.webkit.org (test@webkit.org)" |
| 0x00000008 <blob>=<NULL> |
| "acct"<blob>="test@webkit.org" |
| "atyp"<blob>="form" |
| "cdat"<timedate>=0x32303039303832353233353231365A00 "20090825235216Z\000" |
| "crtr"<uint32>=<NULL> |
| "cusi"<sint32>=<NULL> |
| "desc"<blob>="Web form password" |
| "icmt"<blob>="default" |
| "invi"<sint32>=<NULL> |
| "mdat"<timedate>=0x32303039303930393137323635315A00 "20090909172651Z\000" |
| "nega"<sint32>=<NULL> |
| "path"<blob>=<NULL> |
| "port"<uint32>=0x00000000 |
| "prot"<blob>=<NULL> |
| "ptcl"<uint32>="htps" |
| "scrp"<sint32>=<NULL> |
| "sdmn"<blob>=<NULL> |
| "srvr"<blob>="bugs.webkit.org" |
| "type"<uint32>=<NULL> |
| password: "SECRETSAUCE" |
| """ |
| |
| def test_keychain_lookup_on_non_mac(self): |
| class FakeCredentials(MockedCredentials): |
| def _is_mac_os_x(self): |
| return False |
| credentials = FakeCredentials("bugs.webkit.org") |
| self.assertFalse(credentials._is_mac_os_x()) |
| self.assertEqual(credentials._credentials_from_keychain("foo"), ["foo", None]) |
| |
| def test_security_output_parse(self): |
| credentials = MockedCredentials("bugs.webkit.org") |
| self.assertEqual(credentials._parse_security_tool_output(self.example_security_output), ["test@webkit.org", "SECRETSAUCE"]) |
| |
| def test_security_output_parse_entry_not_found(self): |
| # FIXME: This test won't work if the user has a credential for foo.example.com! |
| credentials = Credentials("foo.example.com") |
| if not credentials._is_mac_os_x(): |
| return # This test does not run on a non-Mac. |
| |
| # Note, we ignore the captured output because it is already covered |
| # by the test case CredentialsTest._assert_security_call (below). |
| with OutputCapture(): |
| self.assertIsNone(credentials._run_security_tool("find-internet-password")) |
| |
| def _assert_security_call(self, username=None): |
| executive_mock = Mock() |
| credentials = MockedCredentials("example.com", executive=executive_mock) |
| |
| with OutputCapture(level=logging.INFO) as captured: |
| credentials._run_security_tool('find-internet-password', username) |
| self.assertEqual( |
| captured.root.log.getvalue(), |
| 'Reading Keychain for example.com account and password. Click "Allow" to continue...\n' |
| ) |
| |
| security_args = ["/usr/bin/security", "find-internet-password", "-g", "-s", "example.com"] |
| if username: |
| security_args += ["-a", username] |
| executive_mock.run_command.assert_called_with(security_args) |
| |
| def test_security_calls(self): |
| self._assert_security_call() |
| self._assert_security_call(username="foo") |
| |
| def test_credentials_from_environment(self): |
| credentials = MockedCredentials("example.com") |
| |
| saved_environ = os.environ.copy() |
| os.environ['WEBKIT_BUGZILLA_USERNAME'] = "foo" |
| os.environ['WEBKIT_BUGZILLA_PASSWORD'] = "bar" |
| username, password = credentials._credentials_from_environment() |
| self.assertEqual(username, "foo") |
| self.assertEqual(password, "bar") |
| os.environ = saved_environ |
| |
| def test_read_credentials_without_git_repo(self): |
| # FIXME: This should share more code with test_keyring_without_git_repo |
| class FakeCredentials(MockedCredentials): |
| def _is_mac_os_x(self): |
| return True |
| |
| def _credentials_from_keychain(self, username): |
| return ("test@webkit.org", "SECRETSAUCE") |
| |
| def _credentials_from_environment(self): |
| return (None, None) |
| |
| with _TemporaryDirectory(suffix="not_a_git_repo") as temp_dir_path: |
| credentials = FakeCredentials("bugs.webkit.org", cwd=temp_dir_path) |
| # FIXME: Using read_credentials here seems too broad as higher-priority |
| # credential source could be affected by the user's environment. |
| self.assertEqual(credentials.read_credentials(), ("test@webkit.org", "SECRETSAUCE")) |
| |
| def test_keyring_without_git_repo(self): |
| # FIXME: This should share more code with test_read_credentials_without_git_repo |
| class MockKeyring(object): |
| def get_password(self, host, username): |
| return "NOMNOMNOM" |
| |
| class FakeCredentials(MockedCredentials): |
| def _is_mac_os_x(self): |
| return True |
| |
| def _credentials_from_keychain(self, username): |
| return ("test@webkit.org", None) |
| |
| def _credentials_from_environment(self): |
| return (None, None) |
| |
| with _TemporaryDirectory(suffix="not_a_git_repo") as temp_dir_path: |
| credentials = FakeCredentials("fake.hostname", cwd=temp_dir_path, keyring=MockKeyring()) |
| # FIXME: Using read_credentials here seems too broad as higher-priority |
| # credential source could be affected by the user's environment. |
| self.assertEqual(credentials.read_credentials(), ("test@webkit.org", "NOMNOMNOM")) |
| |
| def test_keyring_without_git_repo_nor_keychain(self): |
| class MockKeyring(object): |
| def get_password(self, host, username): |
| return "NOMNOMNOM" |
| |
| class FakeCredentials(MockedCredentials): |
| def _credentials_from_keychain(self, username): |
| return (None, None) |
| |
| def _credentials_from_environment(self): |
| return (None, None) |
| |
| class FakeUser(MockUser): |
| @classmethod |
| def prompt(cls, message, repeat=1, raw_input=input_func): |
| return "test@webkit.org" |
| |
| @classmethod |
| def prompt_password(cls, message, repeat=1, raw_input=input_func): |
| raise AssertionError("should not prompt for password") |
| |
| with _TemporaryDirectory(suffix="not_a_git_repo") as temp_dir_path: |
| credentials = FakeCredentials("fake.hostname", cwd=temp_dir_path, keyring=MockKeyring()) |
| # FIXME: Using read_credentials here seems too broad as higher-priority |
| # credential source could be affected by the user's environment. |
| self.assertEqual(credentials.read_credentials(FakeUser), ("test@webkit.org", "NOMNOMNOM")) |
| |
| def test_do_not_use_stored_credentials(self): |
| class MockKeyring(object): |
| def get_password(self, host, username): |
| raise AssertionError("Should not read from keyring.") |
| |
| class FakeCredentials(MockedCredentials): |
| def _credentials_from_keychain(self, username): |
| raise AssertionError("Should not read from keychain.") |
| |
| def _credentials_from_environment(self): |
| raise AssertionError("Should not read from environment.") |
| |
| def _offer_to_store_credentials_in_keyring(self, username, password): |
| pass |
| |
| class FakeUser(MockUser): |
| @classmethod |
| def prompt(cls, message, repeat=1, raw_input=input_func): |
| return "test@webkit.org" |
| |
| @classmethod |
| def prompt_password(cls, message, repeat=1, raw_input=input_func): |
| return "NOMNOMNOM" |
| |
| with _TemporaryDirectory(suffix="not_a_git_repo") as temp_dir_path: |
| credentials = FakeCredentials("fake.hostname", cwd=temp_dir_path, keyring=MockKeyring()) |
| self.assertEqual(credentials.read_credentials(FakeUser, use_stored_credentials=False), ("test@webkit.org", "NOMNOMNOM")) |