server-client-python/test/test_ssl_config.py at 55331929411310b8dacad7c94df5af5b9b218b76 · jorwoods/server-client-python · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
import logging
from unittest.mock import MagicMock

import pytest

import tableauserverclient as TSC


@pytest.fixture(scope="function")
def server():
    """Fixture to create a TSC.Server instance for testing."""
    server = TSC.Server("http://test", False)

    # Fake signin
    server._site_id = "dad65087-b08b-4603-af4e-2887b8aafc67"
    server._auth_token = "j80k54ll2lfMZ0tv97mlPvvSCRyD0DOM"

    return server


def test_default_ssl_config(server):
    """Test that by default, no custom SSL context is used"""
    assert server._ssl_context is None
    assert "verify" not in server.http_options


def test_weak_dh_config(server, monkeypatch):
    """Test that weak DH keys can be allowed when configured"""
    mock_context = MagicMock()
    mock_create_context = MagicMock(return_value=mock_context)
    monkeypatch.setattr("ssl.create_default_context", mock_create_context)

    server.configure_ssl(allow_weak_dh=True)

    mock_create_context.assert_called_once()
    mock_context.set_dh_parameters.assert_called_once_with(min_key_bits=512)
    assert server.http_options["verify"] == mock_context


def test_disable_weak_dh_config(server, monkeypatch):
    """Test that SSL config can be reset to defaults"""
    mock_context = MagicMock()
    mock_create_context = MagicMock(return_value=mock_context)
    monkeypatch.setattr("ssl.create_default_context", mock_create_context)

    # First enable weak DH
    server.configure_ssl(allow_weak_dh=True)
    assert server._ssl_context is not None
    assert "verify" in server.http_options

    # Then disable it
    server.configure_ssl(allow_weak_dh=False)
    assert server._ssl_context is None
    assert "verify" not in server.http_options


def test_warning_on_weak_dh(server, monkeypatch, caplog):
    """Test that a warning is logged when enabling weak DH keys"""
    mock_context = MagicMock()
    mock_create_context = MagicMock(return_value=mock_context)
    monkeypatch.setattr("ssl.create_default_context", mock_create_context)

    with caplog.at_level(logging.WARNING):
        server.configure_ssl(allow_weak_dh=True)

    assert any(
        "Allowing weak Diffie-Hellman keys" in record.getMessage() for record in caplog.records
    ), "Expected warning about weak DH keys was not logged"