1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
|
# Copyright 2017 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"). You
# may not use this file except in compliance with the License. A copy of
# the License is located at
#
# http://aws.amazon.com/apache2.0/
#
# or in the "license" file accompanying this file. This file is
# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
# ANY KIND, either express or implied. See the License for the specific
# language governing permissions and limitations under the License.
import mock
from nose.tools import assert_false
from tests import create_session, ClientHTTPStubber
def test_unsigned_operations():
operation_params = {
'change_password': {
'PreviousPassword': 'myoldbadpassword',
'ProposedPassword': 'mynewgoodpassword',
'AccessToken': 'foobar'
},
'confirm_forgot_password': {
'ClientId': 'foo',
'Username': 'myusername',
'ConfirmationCode': 'thisismeforreal',
'Password': 'whydowesendpasswordsviaemail'
},
'confirm_sign_up': {
'ClientId': 'foo',
'Username': 'myusername',
'ConfirmationCode': 'ireallydowanttosignup'
},
'delete_user': {
'AccessToken': 'foobar'
},
'delete_user_attributes': {
'UserAttributeNames': ['myattribute'],
'AccessToken': 'foobar'
},
'forgot_password': {
'ClientId': 'foo',
'Username': 'myusername'
},
'get_user': {
'AccessToken': 'foobar'
},
'get_user_attribute_verification_code': {
'AttributeName': 'myattribute',
'AccessToken': 'foobar'
},
'resend_confirmation_code': {
'ClientId': 'foo',
'Username': 'myusername'
},
'set_user_settings': {
'AccessToken': 'randomtoken',
'MFAOptions': [{
'DeliveryMedium': 'SMS',
'AttributeName': 'someattributename'
}]
},
'sign_up': {
'ClientId': 'foo',
'Username': 'bar',
'Password': 'mysupersecurepassword',
},
'update_user_attributes': {
'UserAttributes': [{
'Name': 'someattributename',
'Value': 'newvalue'
}],
'AccessToken': 'foobar'
},
'verify_user_attribute': {
'AttributeName': 'someattributename',
'Code': 'someverificationcode',
'AccessToken': 'foobar'
},
}
environ = {
'AWS_ACCESS_KEY_ID': 'access_key',
'AWS_SECRET_ACCESS_KEY': 'secret_key',
'AWS_CONFIG_FILE': 'no-exist-foo',
}
with mock.patch('os.environ', environ):
session = create_session()
session.config_filename = 'no-exist-foo'
client = session.create_client('cognito-idp', 'us-west-2')
for operation, params in operation_params.items():
test_case = UnsignedOperationTestCase(client, operation, params)
yield test_case.run
class UnsignedOperationTestCase(object):
def __init__(self, client, operation_name, parameters):
self._client = client
self._operation_name = operation_name
self._parameters = parameters
self._http_stubber = ClientHTTPStubber(self._client)
def run(self):
operation = getattr(self._client, self._operation_name)
self._http_stubber.add_response(body=b'{}')
with self._http_stubber:
operation(**self._parameters)
request = self._http_stubber.requests[0]
assert_false(
'authorization' in request.headers,
'authorization header found in unsigned operation'
)
|
