Beispiel #1
0
def test_default_identity_allow_specific_repo(requested, expected):
    user = DefaultIdentity('arthur', 'kingofthebritons',
                           '*****@*****.**')
    user.allow(organization='myorg',
               repo='somerepo',
               permissions=Permission.all())
    assert expected is user.is_authorized(**requested)
Beispiel #2
0
    def _get_identity(self, jwt_payload: Dict[str, Any]) -> Identity:
        identity = DefaultIdentity(id=jwt_payload.get('sub'),
                                   email=jwt_payload.get('email'),
                                   name=jwt_payload.get('name', jwt_payload.get('sub')))

        scopes = to_iterable(jwt_payload.get('scopes', ()))
        self._log.debug("Allowing scopes: %s", scopes)
        for scope in scopes:
            identity.allow(**self._parse_scope(scope))

        return identity
Beispiel #3
0
def test_default_identity_properties():
    """Test the basic properties of the default identity object
    """
    user = DefaultIdentity('arthur', 'kingofthebritons',
                           '*****@*****.**')
    assert user.name == 'arthur'
    assert user.id == 'kingofthebritons'
    assert user.email == '*****@*****.**'
Beispiel #4
0
def test_jwt_pre_authorize_action():
    authz = JWTAuthenticator(private_key=JWT_HS_KEY,
                             algorithm='HS256',
                             default_lifetime=120)
    identity = DefaultIdentity(name='joe',
                               email='*****@*****.**',
                               id='babab0ba')
    header = authz.get_authz_header(identity,
                                    'myorg',
                                    'somerepo',
                                    actions={'read'})

    auth_type, token = header['Authorization'].split(' ')
    assert 'Bearer' == auth_type

    payload = jwt.decode(token, JWT_HS_KEY, algorithms='HS256')
    assert payload['sub'] == 'babab0ba'
    assert payload['scopes'] == 'obj:myorg/somerepo/*:read'

    # Check that now() - expiration time is within 5 seconds of 120 seconds
    assert abs((datetime.fromtimestamp(payload['exp']) -
                datetime.now()).seconds - 120) < 5
Beispiel #5
0
def test_default_identity_denied_by_default(requested):
    user = DefaultIdentity('arthur', 'kingofthebritons',
                           '*****@*****.**')
    assert user.is_authorized(**requested) is False
Beispiel #6
0
def test_default_identity_allow_specific_org_permissions(requested, expected):
    user = DefaultIdentity('arthur', 'kingofthebritons',
                           '*****@*****.**')
    user.allow(organization='myorg',
               permissions={Permission.READ_META, Permission.READ})
    assert expected is user.is_authorized(**requested)