From 31f4241b012d4bfbbe05f9b358d88c333f735d85 Mon Sep 17 00:00:00 2001 From: Omar Khasawneh Date: Thu, 19 Oct 2023 20:33:25 -0500 Subject: [PATCH 1/4] Add negative authorization test to E2E script Signed-off-by: Omar Khasawneh --- test/tests.py | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/test/tests.py b/test/tests.py index 51e807936..1b945ee9c 100644 --- a/test/tests.py +++ b/test/tests.py @@ -8,6 +8,8 @@ import time import requests import uuid +import string +import secrets from requests.exceptions import ConnectionError, SSLError logger = logging.getLogger(__name__) @@ -160,3 +162,22 @@ def test_003_jupyterAwake(self): # Making sure that the Jupyter notebook is up and can be reached. response = requests.get(self.jupyter_endpoint) self.assertEqual(response.status_code, HTTPStatus.OK) + + + def test_004_negativeAuth(self): + alphabet = string.ascii_letters + string.digits + for _ in range(10): # Adjust the range as needed + username = ''.join(secrets.choice(alphabet) for _ in range(8)) + password = ''.join(secrets.choice(alphabet) for _ in range(8)) + + credentials = [ + (username, password), + (self.username, password), + (username, self.password) + ] + + for user, pw in credentials: + response = requests.get(self.proxy_endpoint, auth=(user, pw), verify=False) + self.assertEqual(response.status_code, HTTPStatus.UNAUTHORIZED) + + From 4178ae8adaadf209adcd715d61cc1a26cac99800 Mon Sep 17 00:00:00 2001 From: Omar Khasawneh Date: Thu, 19 Oct 2023 20:36:20 -0500 Subject: [PATCH 2/4] Fix linting issues Signed-off-by: Omar Khasawneh --- test/tests.py | 3 --- 1 file changed, 3 deletions(-) diff --git a/test/tests.py b/test/tests.py index 1b945ee9c..56fbc9be9 100644 --- a/test/tests.py +++ b/test/tests.py @@ -163,7 +163,6 @@ def test_003_jupyterAwake(self): response = requests.get(self.jupyter_endpoint) self.assertEqual(response.status_code, HTTPStatus.OK) - def test_004_negativeAuth(self): alphabet = string.ascii_letters + string.digits for _ in range(10): # Adjust the range as needed @@ -179,5 +178,3 @@ def test_004_negativeAuth(self): for user, pw in credentials: response = requests.get(self.proxy_endpoint, auth=(user, pw), verify=False) self.assertEqual(response.status_code, HTTPStatus.UNAUTHORIZED) - - From 0b5a582ee47b5016c9b32f8cc4bb810958acdebc Mon Sep 17 00:00:00 2001 From: Omar Khasawneh Date: Thu, 19 Oct 2023 20:41:44 -0500 Subject: [PATCH 3/4] Add description for test Signed-off-by: Omar Khasawneh --- test/tests.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/test/tests.py b/test/tests.py index 56fbc9be9..0a588f648 100644 --- a/test/tests.py +++ b/test/tests.py @@ -164,8 +164,9 @@ def test_003_jupyterAwake(self): self.assertEqual(response.status_code, HTTPStatus.OK) def test_004_negativeAuth(self): + # This sends negative credentials to the clusters to validate that unauthorized access is prevented. alphabet = string.ascii_letters + string.digits - for _ in range(10): # Adjust the range as needed + for _ in range(10): username = ''.join(secrets.choice(alphabet) for _ in range(8)) password = ''.join(secrets.choice(alphabet) for _ in range(8)) From 8521fa19bcb52f80f87033a8e0e6ea3a5db5989a Mon Sep 17 00:00:00 2001 From: Omar Khasawneh Date: Fri, 20 Oct 2023 11:54:52 -0500 Subject: [PATCH 4/4] Add missing creds scenario Signed-off-by: Omar Khasawneh --- test/tests.py | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/test/tests.py b/test/tests.py index 0a588f648..e257969df 100644 --- a/test/tests.py +++ b/test/tests.py @@ -71,7 +71,7 @@ def tearDown(self): delete_index(self.proxy_endpoint, self.index, self.auth) delete_document(self.proxy_endpoint, self.index, self.doc_id, self.auth) - def test_001_index(self): + def test_0001_index(self): # This test will verify that an index will be created (then deleted) on the target cluster when one is created # on the source cluster by going through the proxy first. It will verify that the traffic is captured by the # proxy and that the traffic reaches the source cluster, replays said traffic to the target cluster by the @@ -100,7 +100,7 @@ def test_001_index(self): expected_status_code=HTTPStatus.NOT_FOUND) self.assertEqual(source_response.status_code, HTTPStatus.NOT_FOUND) - def test_002_document(self): + def test_0002_document(self): # This test will verify that a document will be created (then deleted) on the target cluster when one is created # on the source cluster by going through the proxy first. It will verify that the traffic is captured by the # proxy and that the traffic reaches the source cluster, replays said traffic to the target cluster by the @@ -158,13 +158,13 @@ def test_002_document(self): expected_status_code=HTTPStatus.NOT_FOUND) self.assertEqual(source_response.status_code, HTTPStatus.NOT_FOUND) - def test_003_jupyterAwake(self): + def test_0003_jupyterAwake(self): # Making sure that the Jupyter notebook is up and can be reached. response = requests.get(self.jupyter_endpoint) self.assertEqual(response.status_code, HTTPStatus.OK) - def test_004_negativeAuth(self): - # This sends negative credentials to the clusters to validate that unauthorized access is prevented. + def test_0004_negativeAuth_invalidCreds(self): + # This test sends negative credentials to the clusters to validate that unauthorized access is prevented. alphabet = string.ascii_letters + string.digits for _ in range(10): username = ''.join(secrets.choice(alphabet) for _ in range(8)) @@ -179,3 +179,13 @@ def test_004_negativeAuth(self): for user, pw in credentials: response = requests.get(self.proxy_endpoint, auth=(user, pw), verify=False) self.assertEqual(response.status_code, HTTPStatus.UNAUTHORIZED) + + def test_0005_negativeAuth_missingCreds(self): + # This test will use no credentials at all + # With an empty authorization header + response = requests.get(self.proxy_endpoint, auth=('', ''), verify=False) + self.assertEqual(response.status_code, HTTPStatus.UNAUTHORIZED) + + # Without an authorization header. + response = requests.get(self.proxy_endpoint, verify=False) + self.assertEqual(response.status_code, HTTPStatus.UNAUTHORIZED)