Merge pull request #27 from roaldnefs/add-privkey-auth

roaldnefs · web-flow · commit 5e283dc7471a · 2021-01-10T21:06:47.000+01:00
diff --git a/README.md b/README.md
@@ -12,7 +12,10 @@
 ```python
 >>> import transip
 # Initialize a TransIP API client
->>> client = transip.TransIP(access_token="TOKEN")
+>>> client = transip.TransIP(
+...     login="demouser",
+...     private_key_file="/path/to/private.key"
+... )
 # Retrieve a list of VPSs
 >>> for vps in client.vpss.list():
 ...     print(vps)
diff --git a/docs/index.rst b/docs/index.rst
@@ -29,7 +29,10 @@ Release v\ |version|. (:ref:`Installation <install>`)
 
     >>> import transip
     # Initialize a TransIP API client
-    >>> client = transip.TransIP(access_token="TOKEN")
+    >>> client = transip.TransIP(
+    ...     login="demouser",
+    ...     private_key_file="/path/to/private.key"
+    ... )
     # Retrieve a list of VPSs
     >>> for vps in client.vpss.list():
     ...     print(vps)
diff --git a/docs/user/quickstart.rst b/docs/user/quickstart.rst
@@ -9,6 +9,10 @@ First, make sure that:
 
 * python-transip is :ref:`installed <install>`
 
+Then you should be able to import the module::
+
+    >>> import transip
+
 Below you'll find some simple example to get started.
 
 Authentication
@@ -17,7 +21,20 @@ Authentication
 In order to make requests to the TransIP API we need to authenticate yourself
 using an access token. To get an access token, you should first login to the
 TransIP control panel. You can then generate a new token which will only be
-valid for limited time.
+valid for limited time or generate a private key to allow python-transip to
+request a access token on initialization.
+
+Example of authentication using a private key::
+
+    >>> PRIVATE_KEY = """-----BEGIN RSA PRIVATE KEY-----
+    ... ...
+    ... -----END RSA PRIVATE KEY-----""" 
+    >>> client = transip.TransIP(login="demouser", private_key=PRIVATE_KEY)
+    >>> client = transip.TransIP(login="demouser", private_key_file='/path/to/private.key')
+
+Example authentication using an access token::
+
+    >>> client = transip.TransIP(access_token="eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImp0aSI6ImN3MiFSbDU2eDNoUnkjelM4YmdOIn0.eyJpc3MiOiJhcGkudHJhbnNpcC5ubCIsImF1ZCI6ImFwaS50cmFuc2lwLm5sIiwianRpIjoiY3cyIVJsNTZ4M2hSeSN6UzhiZ04iLCJpYXQiOjE1ODIyMDE1NTAsIm5iZiI6MTU4MjIwMTU1MCwiZXhwIjoyMTE4NzQ1NTUwLCJjaWQiOiI2MDQ0OSIsInJvIjpmYWxzZSwiZ2siOmZhbHNlLCJrdiI6dHJ1ZX0.fYBWV4O5WPXxGuWG-vcrFWqmRHBm9yp0PHiYh_oAWxWxCaZX2Rf6WJfc13AxEeZ67-lY0TA2kSaOCp0PggBb_MGj73t4cH8gdwDJzANVxkiPL1Saqiw2NgZ3IHASJnisUWNnZp8HnrhLLe5ficvb1D9WOUOItmFC2ZgfGObNhlL2y-AMNLT4X7oNgrNTGm-mespo0jD_qH9dK5_evSzS3K8o03gu6p19jxfsnIh8TIVRvNdluYC2wo4qDl5EW5BEZ8OSuJ121ncOT1oRpzXB0cVZ9e5_UVAEr9X3f26_Eomg52-PjrgcRJ_jPIUYbrlo06KjjX2h0fzMr21ZE023Gw")
 
 TransIP also provide a **demo token** to authenticate yourself as the TransIP
 demo user in test mode::
diff --git a/setup.py b/setup.py
@@ -29,7 +29,7 @@ def get_long_description() -> str:
     url="https://github.com/roaldnefs/python-transip",
     packages=find_packages(),
     include_package_data=True,
-    install_requires=["requests>=2.25.1"],
+    install_requires=["cryptography>=3.3.1", "requests>=2.25.1"],
     python_requires=">=3.6.12",
     entry_points={},
     classifiers=[
diff --git a/tests/fixtures/auth.json b/tests/fixtures/auth.json
@@ -0,0 +1,11 @@
+[
+    {
+        "method": "POST",
+        "url": "https://api.transip.nl/v6/auth",
+        "json": {
+            "token": "ACCESS_TOKEN"
+        },
+        "status": 200,
+        "content_type": "application/json"
+    }
+]
diff --git a/tests/test_transip.py b/tests/test_transip.py
@@ -18,19 +18,55 @@
 # along with python-transip.  If not, see <https://www.gnu.org/licenses/>.
 
 import unittest
+import responses  # type: ignore
 
 from transip import TransIP
+from tests.utils import load_responses_fixtures
 
 
 class TransIPTest(unittest.TestCase):
     """Test the TransIP client class."""
 
     client: TransIP
+    privkey: str
 
     @classmethod
-    def setUpClass(self) -> None:
-        """Set up a minimal TransIP client."""
-        self.client = TransIP(access_token='ACCESS_TOKEN')
+    def setUpClass(cls) -> None:
+        """Set up a minimal TransIP client and RSA private key."""
+        cls.client = TransIP(access_token='ACCESS_TOKEN')
+        cls.privkey: str = (  # type: ignore
+            "-----BEGIN RSA PRIVATE KEY-----\n"
+            "MIIEpAIBAAKCAQEAsUSEHsMuB380OUZQWDyyND4q8lEuJAgNnMkO8s5NGwzP8XSi\n"
+            "2DdFglLGLe9kjpADs3XqZFsk8ZFFn7x0idFydGyh9tbJ2WkR9E+kNUJV5iQDzPOB\n"
+            "wvyygEREqnl/o1h3c1q8tD2HZKBcjChn9JbMzdWwAaIs3ppcGWrEI0jZFFfSAyIZ\n"
+            "GkC3k3umOykWIKflQcT/soAfdqW+2P9/KD/wb3AZCer2i6B2hiITiDbHh5q84Hgk\n"
+            "D/Zg1M4yrYDyxDeGkAJHkGKNaE0tgUPoz3XTGP7uFYIx00qJyhmnzQcyV/Xcw3ZQ\n"
+            "7DFUj1HQ5wG/kEF9a4F1+AAiO5C5QbGTFYSwBwIDAQABAoIBABbtIZlI7P8TOJHf\n"
+            "wixnTTTshWlpjmoikIAikMheXiKNeadkylrkaxz7z53JRFwbzB69tV7dWt3TSAns\n"
+            "ubXJXOAp3JisFtcDe8r5MeeheLKXHda396RcQknMioTxycw6eNh2d8ln28br5oxJ\n"
+            "/YfoqPxGEsljTCJOHHM9F7johwrWSQ6f+gmiOkABvIHKgTBLa++v0D+vNrUjM6rx\n"
+            "IE+dBrx8yIgkF4qSg4Dqnr7D0KqCZUGLZ/3K8ShQUtiQYzyHIWKUId3NUecIQcrT\n"
+            "2Ri2TITKuER0fa7Mr+3LMSh/3+HtP2AoM34ouxr9H98LFz/UXxuFIRFTx7UVRt4N\n"
+            "3zqhsEECgYEA+TnXanBJmFz3sNYtlQixtKrh496GB0NheuK4xeNEj9/3gJ6J/rtL\n"
+            "ZHI7VH8r6aqoqw7sO/WJdxkwZTBOz2fe1QJ5BN0HBI5S6jIBQv9Nfqar0TDvNLB+\n"
+            "pH6eYJZ/IEFIMObv9YmsPohXpGeXynecrpl8SazEIWLb8IzgLY0HpokCgYEAthX5\n"
+            "1th4Re0P9rzXp21bbEwcvOKcg5dcpSaTtA1eQEILl6qqT3FP7w8/Ed7NRRY9Gcs+\n"
+            "inAc96YRNAgIGgfT3R1BmxOMWfdFBT1zlCheS6egKKLzVPzKPiMoMP4zu4hy6uH5\n"
+            "YVqpDLu0YQu1J2L0VYdZ9xAC0//Rx8KRcs6m/g8CgYEA41VDja+HMhf7R67WPU+E\n"
+            "6YvGKRjdoNpxnKoaaUd5TtO46/WxYk5t4t3gCJ9H6wjkecRO8BJ0pdKwNlzuRno0\n"
+            "5JAw26LRt/Iq571dMUO36IMXzuWYDLPBkUJ+LRSaOU3TD+hXkd1W5GNxrmFgMCsT\n"
+            "HKCcooeZD+shPDcEdghipiECgYARBTDbYlSrxKMPX0uRPOmkz+CHz27t5gIk9dws\n"
+            "omtC+ml2/d75mg/surIci4UIhjGj7Zmk+yHaDE3jXTTUqhKlwoxVYJhn+HMdMEdT\n"
+            "fAqEa+DOq5yvPwnwkPy6x6gySWjkh8b10LGonQsZXyzJx7grHoHMVFTPWERVtdw+\n"
+            "rQ5zBQKBgQC0Iwx4eeQYx60OCZpioNEQ3QPaFgqoWYEexmcMlpgQ9ycdnHx3SkE8\n"
+            "SlMokcPIEJDhdF3632kIAHOOJeA4Tmshf+ol/O2U2PDgbJZL6W6FJlT28sZVUU8j\n"
+            "IjFmiAiW6IIEqkJxuR1diAjppEiMmSkjPavo7oQs0TZMMUkli1N9dw==\n"
+            "-----END RSA PRIVATE KEY-----"
+        )
+
+    def setUp(self) -> None:
+        """Setup mocked responses for the '/auth' endpoint."""
+        load_responses_fixtures("auth.json")
 
     def test_base_url(self) -> None:
         """Test the base URL of the API."""
@@ -43,3 +79,19 @@ def test_authorization_header(self) -> None:
         auth_header: str = self.client.headers["Authorization"]
 
         assert auth_header == "Bearer ACCESS_TOKEN"
+
+    @responses.activate
+    def test_private_key_authorization_header(self) -> None:
+        """
+        Test if TransIP instances initialized with a private key, results in
+        the 'Authorization' header containing the access token returned by the
+        mocked response.
+        """
+        client: TransIP = TransIP(login="testuser", private_key=self.privkey)
+        auth_header: str = self.client.headers["Authorization"]
+
+        # Assert a single request is made to the mocked TransIP API
+        self.assertEqual(len(responses.calls), 1)
+        # Assert the 'Authorization' header contains the access token returned
+        # by the mocked response
+        self.assertEqual(auth_header, "Bearer ACCESS_TOKEN")
diff --git a/tests/test_utils.py b/tests/test_utils.py
@@ -0,0 +1,112 @@
+# -*- coding: utf-8 -*-
+#
+# Copyright (C) 2021 Roald Nefs <info@roaldnefs.com>
+#
+# This file is part of python-transip.
+#
+# python-transip is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# python-transip is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with python-transip.  If not, see <https://www.gnu.org/licenses/>.
+
+import unittest
+import string
+
+from cryptography.hazmat.primitives.asymmetric.rsa import RSAPrivateKey
+
+from transip.utils import (
+    load_rsa_private_key, generate_message_signature, generate_nonce
+)
+
+
+class UtilsTest(unittest.TestCase):
+    """Test the transip.utils functions."""
+
+    privkey: str
+
+    @classmethod
+    def setUpClass(cls) -> None:
+        cls.privkey: str = (  # type: ignore
+            "-----BEGIN RSA PRIVATE KEY-----\n"
+            "MIIEpAIBAAKCAQEAsUSEHsMuB380OUZQWDyyND4q8lEuJAgNnMkO8s5NGwzP8XSi\n"
+            "2DdFglLGLe9kjpADs3XqZFsk8ZFFn7x0idFydGyh9tbJ2WkR9E+kNUJV5iQDzPOB\n"
+            "wvyygEREqnl/o1h3c1q8tD2HZKBcjChn9JbMzdWwAaIs3ppcGWrEI0jZFFfSAyIZ\n"
+            "GkC3k3umOykWIKflQcT/soAfdqW+2P9/KD/wb3AZCer2i6B2hiITiDbHh5q84Hgk\n"
+            "D/Zg1M4yrYDyxDeGkAJHkGKNaE0tgUPoz3XTGP7uFYIx00qJyhmnzQcyV/Xcw3ZQ\n"
+            "7DFUj1HQ5wG/kEF9a4F1+AAiO5C5QbGTFYSwBwIDAQABAoIBABbtIZlI7P8TOJHf\n"
+            "wixnTTTshWlpjmoikIAikMheXiKNeadkylrkaxz7z53JRFwbzB69tV7dWt3TSAns\n"
+            "ubXJXOAp3JisFtcDe8r5MeeheLKXHda396RcQknMioTxycw6eNh2d8ln28br5oxJ\n"
+            "/YfoqPxGEsljTCJOHHM9F7johwrWSQ6f+gmiOkABvIHKgTBLa++v0D+vNrUjM6rx\n"
+            "IE+dBrx8yIgkF4qSg4Dqnr7D0KqCZUGLZ/3K8ShQUtiQYzyHIWKUId3NUecIQcrT\n"
+            "2Ri2TITKuER0fa7Mr+3LMSh/3+HtP2AoM34ouxr9H98LFz/UXxuFIRFTx7UVRt4N\n"
+            "3zqhsEECgYEA+TnXanBJmFz3sNYtlQixtKrh496GB0NheuK4xeNEj9/3gJ6J/rtL\n"
+            "ZHI7VH8r6aqoqw7sO/WJdxkwZTBOz2fe1QJ5BN0HBI5S6jIBQv9Nfqar0TDvNLB+\n"
+            "pH6eYJZ/IEFIMObv9YmsPohXpGeXynecrpl8SazEIWLb8IzgLY0HpokCgYEAthX5\n"
+            "1th4Re0P9rzXp21bbEwcvOKcg5dcpSaTtA1eQEILl6qqT3FP7w8/Ed7NRRY9Gcs+\n"
+            "inAc96YRNAgIGgfT3R1BmxOMWfdFBT1zlCheS6egKKLzVPzKPiMoMP4zu4hy6uH5\n"
+            "YVqpDLu0YQu1J2L0VYdZ9xAC0//Rx8KRcs6m/g8CgYEA41VDja+HMhf7R67WPU+E\n"
+            "6YvGKRjdoNpxnKoaaUd5TtO46/WxYk5t4t3gCJ9H6wjkecRO8BJ0pdKwNlzuRno0\n"
+            "5JAw26LRt/Iq571dMUO36IMXzuWYDLPBkUJ+LRSaOU3TD+hXkd1W5GNxrmFgMCsT\n"
+            "HKCcooeZD+shPDcEdghipiECgYARBTDbYlSrxKMPX0uRPOmkz+CHz27t5gIk9dws\n"
+            "omtC+ml2/d75mg/surIci4UIhjGj7Zmk+yHaDE3jXTTUqhKlwoxVYJhn+HMdMEdT\n"
+            "fAqEa+DOq5yvPwnwkPy6x6gySWjkh8b10LGonQsZXyzJx7grHoHMVFTPWERVtdw+\n"
+            "rQ5zBQKBgQC0Iwx4eeQYx60OCZpioNEQ3QPaFgqoWYEexmcMlpgQ9ycdnHx3SkE8\n"
+            "SlMokcPIEJDhdF3632kIAHOOJeA4Tmshf+ol/O2U2PDgbJZL6W6FJlT28sZVUU8j\n"
+            "IjFmiAiW6IIEqkJxuR1diAjppEiMmSkjPavo7oQs0TZMMUkli1N9dw==\n"
+            "-----END RSA PRIVATE KEY-----"
+        )
+
+    def test_load_rsa_private_key(self) -> None:
+        """
+        Test the content of a RSA private key can be converted to a
+        RSAPrivateKey instance.
+        """
+        self.assertTrue(isinstance(load_rsa_private_key(self.privkey), RSAPrivateKey))
+
+    def test_generate_message_signature(self) -> None:
+        """
+        Test message signature generation using the defined RSA private key.
+
+        Example message encoded using:
+        https://8gwifi.org/rsasignverifyfunctions.jsp
+        """
+        message: str = "A message for signing"
+        encoded: str = ("NFi2v07lhYmyTarOtIfpw50W25ukKWjtqsVzti/Y2RiGKPEzJQtFZ"
+                        "QaYJCFfIn8HfYjdbzOTK5DIFxwL8NCJK3Mb+wxZOkO4NDJC7mVgdO"
+                        "I6VuET4F3Er4ZjO4pkMLSaV6B0Mcm/yj8Wom1lfeRZxItDXPAbkMj"
+                        "47Ywsx7enAEXfrZrYwHy+rWLPN6WWCrCDWAJGu7lz5+YIy7rpLyRx"
+                        "Ff57QkMMJal0VCWyQUx+JBMdoW7rGVN1u+AxRY0yFj+QxWRB1z0JC"
+                        "E0Xmur+gQ+4+rgIEDE6VU2VY0A8+SY7hyRb2JN8yoLAeI+21ODwo5"
+                        "h/x1zw3Bstyzuvzo0QmHp7Mw==")
+
+        self.assertTrue(
+            generate_message_signature(message, self.privkey) == encoded
+        )
+
+    def test_generate_nonce_length(self) -> None:
+        """
+        Test the length of the generated nonce and whether or not an
+        exception is thrown for invalid lengths.
+        """
+        # Test valid lengths
+        for length in [1, 2, 32]:
+            self.assertTrue(len(generate_nonce(length)) == length)
+
+        # Test invalid lengths
+        for length in [0, -1]:
+            self.assertRaises(ValueError, generate_nonce, length)
+
+    def test_generate_nonce_alphabet(self) -> None:
+        """
+        Test if the generated nonce only contains characters from the alphabet.
+        """
+        alphabet: str = 'a'
+        self.assertTrue(generate_nonce(3, alphabet) == 'aaa')
diff --git a/transip/__init__.py b/transip/__init__.py
diff --git a/transip/utils.py b/transip/utils.py
