def test_ui_oauth2_refresh_token(self):
actor_identity_obj = ActorIdentity(name="John Doe")
actor_id = self.idm_client.create_actor_identity(actor_identity_obj)
actor_name = "jdoe"
actor_password = "******"
self.idm_client.set_actor_credentials(actor_id, actor_name,
actor_password)
actor_details = UserIdentityDetails()
actor_details.contact.individual_names_given = "John"
actor_details.contact.individual_name_family = "Doe"
self.idm_client.define_identity_details(actor_id, actor_details)
client_obj = ActorIdentity(
name="UI Client",
details=OAuthClientIdentityDetails(default_scopes="scioncc"))
client_actor_id = self.idm_client.create_actor_identity(client_obj)
client_id = "ui"
self.idm_client.set_actor_credentials(client_actor_id,
"client:" + client_id,
"client_secret")
session = requests.session()
log.info("------------ Get token")
auth_params = {
"client_id": client_id,
"grant_type": "password",
"username": actor_name,
"password": actor_password
}
resp = session.post(self.ui_base_url + "/oauth/token",
data=auth_params)
access_token = resp.json()
log.info("------------ Refresh token")
auth_params = {
"client_id": client_id,
"grant_type": "refresh_token",
"refresh_token": access_token["refresh_token"]
}
resp = session.post(self.ui_base_url + "/oauth/token",
data=auth_params)
updated_token = resp.json()
self.assertIsNotNone(updated_token)
self.assertNotIn("error", updated_token)
for item in [
"access_token", "token_type", "expires_in", "refresh_token",
"scope"
]:
self.assertIn(item, updated_token)
def on_initial_bootstrap(self, process, config, **kwargs):
# Detect if system has been started before by the presence of the ION system actor
system_actor, _ = process.container.resource_registry.find_resources(
restype=RT.ActorIdentity, id_only=True)
if system_actor:
raise AbortBootstrap("System already initialized. Start with bootmode=restart or force_clean (-fc)!")
# Possibly start the event persister here
# Create ION actor
actor_name = get_safe(config, "system.system_actor", "ionsystem")
sys_actor = ActorIdentity(name=actor_name, description="ION System Agent")
process.container.resource_registry.create(sys_actor)
webauth_actor_name = get_safe(config, "system.web_authentication_actor", "web_authentication")
web_auth_actor = ActorIdentity(name=webauth_actor_name, description="Web Authentication Actor")
process.container.resource_registry.create(web_auth_actor)
def on_initial_bootstrap(self, process, config, **kwargs):
# Detect if system has been started before by the presence of the ION system actor
system_actor = get_system_actor()
if system_actor:
raise AbortBootstrap("System already initialized. Start with bootmode=restart or force_clean (-fc)!")
# Create ION actor
actor_name = get_safe(config, "system.system_actor", "ionsystem")
sys_actor = ActorIdentity(name=actor_name, description="ION System Agent")
process.container.resource_registry.create(sys_actor)
def test_ui_server(self):
actor_identity_obj = ActorIdentity(name="John Doe")
actor_id = self.idm_client.create_actor_identity(actor_identity_obj)
self.idm_client.set_actor_credentials(actor_id, "jdoe", "mypasswd")
actor_details = UserIdentityDetails()
actor_details.contact.individual_names_given = "John"
actor_details.contact.individual_name_family = "Doe"
self.idm_client.define_identity_details(actor_id, actor_details)
# TEST: Authentication
self._do_test_authentication()
# TEST: Service gateway
self._do_test_service_gateway(actor_id)
self.idm_client.delete_actor_identity(actor_id)
def test_actor_identity(self):
# TEST: Create, Update, Read
actor_identity_obj = ActorIdentity(name="John Doe")
actor_id = self.identity_management_service.create_actor_identity(
actor_identity_obj)
actor_identity = self.identity_management_service.read_actor_identity(
actor_id)
self.assertEquals(actor_identity_obj.name, actor_identity.name)
actor_identity.name = 'Updated name'
self.identity_management_service.update_actor_identity(actor_identity)
ai = self.identity_management_service.find_actor_identity_by_name(
actor_identity.name)
self.assertEquals(ai.name, actor_identity.name)
with self.assertRaises(NotFound):
ai = self.identity_management_service.find_actor_identity_by_name(
"##FOO USER##")
self.assertEquals(ai.name, actor_identity.name)
# TEST: Actor credentials
self._do_test_credentials(actor_id)
# TEST: Identity details (user profile)
self._do_test_profile(actor_id)
# TEST: Password reset
self._do_test_password_reset(actor_id)
# TEST: Auth tokens
self._do_test_auth_tokens(actor_id)
# TEST: Delete
self.identity_management_service.delete_actor_identity(actor_id)
with self.assertRaises(NotFound) as cm:
self.identity_management_service.read_actor_identity(actor_id)
self.assertTrue("does not exist" in cm.exception.message)
with self.assertRaises(NotFound) as cm:
self.identity_management_service.delete_actor_identity(actor_id)
self.assertTrue("does not exist" in cm.exception.message)
def _do_test_membership(self, org_id):
root_org = self.org_management_service.find_org()
self.assertNotEqual(root_org, None)
actor_obj = ActorIdentity(name="Test user")
actor_id, _ = self.resource_registry.create(actor_obj)
self.assertTrue(self.org_management_service.is_registered(actor_id))
self.assertFalse(
self.org_management_service.is_enrolled(org_id, actor_id))
self.assertFalse(self.org_management_service.is_registered(org_id))
self.assertFalse(self.org_management_service.is_registered("FOOBAR"))
self.assertTrue(
self.org_management_service.is_enrolled(root_org._id, actor_id))
actor_objs = self.org_management_service.list_enrolled_actors(org_id)
self.assertEquals(0, len(actor_objs))
org_objs = self.org_management_service.list_orgs_for_actor(actor_id)
self.assertEquals(1, len(org_objs))
role_objs = self.org_management_service.list_actor_roles(
actor_id, org_id)
self.assertEquals(0, len(role_objs))
self.assertFalse(
self.org_management_service.has_role(org_id, actor_id,
MEMBER_ROLE))
self.org_management_service.enroll_member(org_id, actor_id)
res_ids, _ = self.resource_registry.find_objects(org_id,
PRED.hasMember,
RT.ActorIdentity,
id_only=True)
self.assertEquals(1, len(res_ids))
self.assertTrue(
self.org_management_service.is_enrolled(org_id, actor_id))
self.assertTrue(
self.org_management_service.has_role(org_id, actor_id,
MEMBER_ROLE))
self.assertFalse(
self.org_management_service.has_role(org_id, actor_id,
OPERATOR_ROLE))
actor_objs = self.org_management_service.list_enrolled_actors(org_id)
self.assertEquals(1, len(actor_objs))
org_objs = self.org_management_service.list_orgs_for_actor(actor_id)
self.assertEquals(2, len(org_objs))
role_objs = self.org_management_service.list_actor_roles(
actor_id, org_id)
self.assertEquals(1, len(role_objs))
self.org_management_service.grant_role(org_id, actor_id, OPERATOR_ROLE)
role_objs = self.org_management_service.list_actor_roles(
actor_id, org_id)
self.assertEquals(2, len(role_objs))
self.assertTrue(
self.org_management_service.has_role(org_id, actor_id,
OPERATOR_ROLE))
self.org_management_service.revoke_role(org_id, actor_id,
OPERATOR_ROLE)
role_objs = self.org_management_service.list_actor_roles(
actor_id, org_id)
self.assertEquals(1, len(role_objs))
self.org_management_service.cancel_member_enrollment(org_id, actor_id)
res_ids, _ = self.resource_registry.find_objects(org_id,
PRED.hasMember,
RT.ActorIdentity,
id_only=True)
self.assertEquals(0, len(res_ids))
self.assertFalse(
self.org_management_service.is_enrolled(org_id, actor_id))
self.resource_registry.delete(actor_id)
def _do_test_share_and_commitments(self, org_id):
root_org = self.org_management_service.find_org()
self.assertNotEqual(root_org, None)
actor_obj = ActorIdentity(name="Test user")
actor_id, _ = self.resource_registry.create(actor_obj)
self.org_management_service.enroll_member(org_id, actor_id)
inst_obj = TestInstrument(name="Test instrument")
inst_id, _ = self.resource_registry.create(inst_obj)
self.assertFalse(
self.org_management_service.is_resource_acquired(
resource_id=inst_id))
self.org_management_service.share_resource(org_id, inst_id)
res_ids, _ = self.resource_registry.find_objects(org_id,
PRED.hasResource,
id_only=True)
self.assertEquals(1, len(res_ids))
cmt_id = self.org_management_service.create_resource_commitment(
org_id, actor_id, inst_id)
self.assertTrue(
self.org_management_service.is_resource_acquired(
resource_id=inst_id))
self.assertFalse(
self.org_management_service.is_resource_acquired_exclusively(
resource_id=inst_id))
cmt_objs = self.org_management_service.find_commitments(org_id=org_id)
self.assertEquals(1, len(cmt_objs))
cmt_objs = self.org_management_service.find_commitments(
resource_id=inst_id)
self.assertEquals(1, len(cmt_objs))
cmt_objs = self.org_management_service.find_commitments(
actor_id=actor_id)
self.assertEquals(1, len(cmt_objs))
res_objs = self.org_management_service.find_acquired_resources(
org_id=org_id)
self.assertEquals(1, len(res_objs))
res_objs = self.org_management_service.find_acquired_resources(
actor_id=actor_id)
self.assertEquals(1, len(res_objs))
cmt_id = self.org_management_service.create_resource_commitment(
org_id,
actor_id,
inst_id,
exclusive=True,
expiration=get_ion_ts_millis() + 1000)
self.assertTrue(
self.org_management_service.is_resource_acquired(
resource_id=inst_id))
self.assertTrue(
self.org_management_service.is_resource_acquired_exclusively(
resource_id=inst_id))
cmt_objs = self.org_management_service.find_commitments(org_id=org_id,
exclusive=True)
self.assertEquals(1, len(cmt_objs))
cmt_objs = self.org_management_service.find_commitments(
resource_id=inst_id, exclusive=True)
self.assertEquals(1, len(cmt_objs))
cmt_objs = self.org_management_service.find_commitments(
actor_id=actor_id, exclusive=True)
self.assertEquals(1, len(cmt_objs))
self.org_management_service.unshare_resource(org_id, inst_id)
res_ids, _ = self.resource_registry.find_objects(org_id,
PRED.hasResource,
id_only=True)
self.assertEquals(0, len(res_ids))
self.resource_registry.delete(inst_id)
self.resource_registry.delete(actor_id)
def _do_test_service_gateway(self, actor_id):
# We don't want to modify import order during testing, so import here
from ion.services.service_gateway import SG_IDENTIFICATION
session = requests.session()
# TEST: Service gateway available
resp = session.get(self.sg_base_url + "/")
self._assert_json_response(resp, SG_IDENTIFICATION)
# TEST: Login
resp = session.post(self.ui_base_url + "/auth/login", data=dict(username="******", password="******"))
resp_json = self._assert_json_response(resp, None)
self.assertEquals("jdoe", resp_json["result"]["username"])
# TEST: Service access
resp = session.get(self.sg_base_url + "/request/resource_registry/find_resources?restype=ActorIdentity&id_only=True")
resp_json = self._assert_json_response(resp, None)
self.assertIn(actor_id, resp_json["result"][0])
# Request as POST with JSON data
payload = dict(data=json.dumps(dict(params=dict(restype="ActorIdentity", id_only=True))))
resp = session.post(self.sg_base_url + "/request/resource_registry/find_resources", data=payload)
resp_json = self._assert_json_response(resp, None)
self.assertIn(actor_id, resp_json["result"][0])
# Request as POST with JSON data and no params
payload = dict(data=json.dumps(dict(restype="ActorIdentity", id_only=True)))
resp = session.post(self.sg_base_url + "/request/resource_registry/find_resources", data=payload)
resp_json = self._assert_json_response(resp, None)
self.assertIn(actor_id, resp_json["result"][0])
# Request as POST with params directly as form data
payload = dict(restype="ActorIdentity", id_only=True)
resp = session.post(self.sg_base_url + "/request/resource_registry/find_resources", data=payload)
resp_json = self._assert_json_response(resp, None)
self.assertIn(actor_id, resp_json["result"][0])
resp = session.get(self.sg_base_url + "/request/resource_registry/read/" + actor_id)
resp_json = self._assert_json_response(resp, None)
self.assertIn("type_", resp_json["result"])
# TEST: REST API
resp = session.get(self.sg_base_url + "/rest/identity_management/actor_identity")
resp_json = self._assert_json_response(resp, None)
self.assertIn(actor_id, [o["_id"] for o in resp_json["result"]])
num_actors = len(resp_json["result"])
resp = session.get(self.sg_base_url + "/rest/identity_management/actor_identity/" + actor_id)
resp_json = self._assert_json_response(resp, None)
self.assertIn("type_", resp_json["result"])
# Form encoded create request
other_actor_obj = ActorIdentity(name="Jane Foo")
other_actor_obj.details = None
other_actor_obj_dict = other_actor_obj.__dict__.copy()
# Remove unseralizable attributes.
del other_actor_obj_dict['passwd_reset_token']
payload = dict(data=json.dumps(other_actor_obj_dict))
resp = session.post(self.sg_base_url + "/rest/identity_management/actor_identity", data=payload)
resp_json = self._assert_json_response(resp, None)
other_actor_id = resp_json["result"]
resp = session.get(self.sg_base_url + "/rest/identity_management/actor_identity")
resp_json = self._assert_json_response(resp, None)
self.assertEquals(len(resp_json["result"]), num_actors + 1)
resp = session.get(self.sg_base_url + "/rest/identity_management/actor_identity/" + other_actor_id)
resp_json = self._assert_json_response(resp, None)
self.assertIn("type_", resp_json["result"])
self.assertEquals(other_actor_id, resp_json["result"]["_id"])
# Form encoded update request
resp_json["result"]["name"] = "Jane Long"
payload = dict(data=json.dumps(resp_json["result"]))
resp = session.put(self.sg_base_url + "/rest/identity_management/actor_identity/" + other_actor_id, data=payload)
resp_json = self._assert_json_response(resp, None)
resp = session.get(self.sg_base_url + "/rest/identity_management/actor_identity/" + other_actor_id)
resp_json = self._assert_json_response(resp, None)
self.assertIn("type_", resp_json["result"])
self.assertEquals("Jane Long", resp_json["result"]["name"])
# JSON enconded request
resp_json["result"]["name"] = "Jane Dunn"
payload = json.dumps(resp_json["result"])
resp = session.put(self.sg_base_url + "/rest/identity_management/actor_identity/" + other_actor_id, data=payload,
headers={'Content-Type': CONT_TYPE_JSON})
resp_json = self._assert_json_response(resp, None)
resp = session.get(self.sg_base_url + "/rest/identity_management/actor_identity/" + other_actor_id)
resp_json = self._assert_json_response(resp, None)
self.assertIn("type_", resp_json["result"])
self.assertEquals("Jane Dunn", resp_json["result"]["name"])
def _do_test_service_gateway(self, actor_id):
# We don't want to modify import order during testing, so import here
from ion.service.service_gateway import SG_IDENTIFICATION
session = requests.session()
# TEST: Service gateway available
resp = session.get(self.sg_base_url + "/")
self._assert_json_response(resp, SG_IDENTIFICATION)
# TEST: Login
resp = session.post(self.ui_base_url + "/auth/login",
data=dict(username="******", password="******"))
resp_json = self._assert_json_response(resp, None)
self.assertEquals("jdoe", resp_json["result"]["username"])
# TEST: Service access
resp = session.get(
self.sg_base_url +
"/request/resource_registry/find_resources?restype=ActorIdentity&id_only=True"
)
resp_json = self._assert_json_response(resp, None)
self.assertIn(actor_id, resp_json["result"][0])
# Request as POST with JSON data
payload = dict(data=json.dumps(
dict(params=dict(restype="ActorIdentity", id_only=True))))
resp = session.post(self.sg_base_url +
"/request/resource_registry/find_resources",
data=payload)
resp_json = self._assert_json_response(resp, None)
self.assertIn(actor_id, resp_json["result"][0])
# Request as POST with JSON data and no params
payload = dict(
data=json.dumps(dict(restype="ActorIdentity", id_only=True)))
resp = session.post(self.sg_base_url +
"/request/resource_registry/find_resources",
data=payload)
resp_json = self._assert_json_response(resp, None)
self.assertIn(actor_id, resp_json["result"][0])
# Request as POST with params directly as form data
payload = dict(restype="ActorIdentity", id_only=True)
resp = session.post(self.sg_base_url +
"/request/resource_registry/find_resources",
data=payload)
resp_json = self._assert_json_response(resp, None)
self.assertIn(actor_id, resp_json["result"][0])
resp = session.get(self.sg_base_url +
"/request/resource_registry/read/" + actor_id)
resp_json = self._assert_json_response(resp, None)
self.assertIn("type_", resp_json["result"])
# Request as POST with params directly as form data with files content
payload = dict(id_only=True)
files = dict(restype=("restype", "ActorIdentity"))
resp = session.post(self.sg_base_url +
"/request/resource_registry/find_resources",
data=payload,
files=files)
resp_json = self._assert_json_response(resp, None)
self.assertIn(actor_id, resp_json["result"][0])
resp = session.get(self.sg_base_url +
"/request/resource_registry/read/" + actor_id)
resp_json = self._assert_json_response(resp, None)
self.assertIn("type_", resp_json["result"])
# TEST: REST API
resp = session.get(self.sg_base_url +
"/rest/identity_management/actor_identity")
resp_json = self._assert_json_response(resp, None)
self.assertIn(actor_id, [o["_id"] for o in resp_json["result"]])
num_actors = len(resp_json["result"])
resp = session.get(self.sg_base_url +
"/rest/identity_management/actor_identity/" +
actor_id)
resp_json = self._assert_json_response(resp, None)
self.assertIn("type_", resp_json["result"])
# Form encoded create request
other_actor_obj = ActorIdentity(name="Jane Foo")
other_actor_obj.details = None
other_actor_obj_dict = other_actor_obj.__dict__.copy()
# Remove unseralizable attributes.
del other_actor_obj_dict['passwd_reset_token']
payload = dict(data=json.dumps(other_actor_obj_dict))
resp = session.post(self.sg_base_url +
"/rest/identity_management/actor_identity",
data=payload)
resp_json = self._assert_json_response(resp, None)
other_actor_id = resp_json["result"]
resp = session.get(self.sg_base_url +
"/rest/identity_management/actor_identity")
resp_json = self._assert_json_response(resp, None)
self.assertEquals(len(resp_json["result"]), num_actors + 1)
resp = session.get(self.sg_base_url +
"/rest/identity_management/actor_identity/" +
other_actor_id)
resp_json = self._assert_json_response(resp, None)
self.assertIn("type_", resp_json["result"])
self.assertEquals(other_actor_id, resp_json["result"]["_id"])
# Form encoded update request
resp_json["result"]["name"] = "Jane Long"
payload = dict(data=json.dumps(resp_json["result"]))
resp = session.put(self.sg_base_url +
"/rest/identity_management/actor_identity/" +
other_actor_id,
data=payload)
resp_json = self._assert_json_response(resp, None)
resp = session.get(self.sg_base_url +
"/rest/identity_management/actor_identity/" +
other_actor_id)
resp_json = self._assert_json_response(resp, None)
self.assertIn("type_", resp_json["result"])
self.assertEquals("Jane Long", resp_json["result"]["name"])
# JSON enconded request
resp_json["result"]["name"] = "Jane Dunn"
payload = json.dumps(resp_json["result"])
resp = session.put(self.sg_base_url +
"/rest/identity_management/actor_identity/" +
other_actor_id,
data=payload,
headers={'Content-Type': CONT_TYPE_JSON})
resp_json = self._assert_json_response(resp, None)
resp = session.get(self.sg_base_url +
"/rest/identity_management/actor_identity/" +
other_actor_id)
resp_json = self._assert_json_response(resp, None)
self.assertIn("type_", resp_json["result"])
self.assertEquals("Jane Dunn", resp_json["result"]["name"])
def test_ui_oauth2(self):
actor_identity_obj = ActorIdentity(name="John Doe")
actor_id = self.idm_client.create_actor_identity(actor_identity_obj)
self.idm_client.set_actor_credentials(actor_id, "jdoe", "mypasswd")
actor_details = UserIdentityDetails()
actor_details.contact.individual_names_given = "John"
actor_details.contact.individual_name_family = "Doe"
self.idm_client.define_identity_details(actor_id, actor_details)
client_obj = ActorIdentity(
name="UI Client",
details=OAuthClientIdentityDetails(default_scopes="scioncc"))
client_actor_id = self.idm_client.create_actor_identity(client_obj)
client_id = "ui"
self.idm_client.set_actor_credentials(client_actor_id,
"client:" + client_id,
"client_secret")
session = requests.session()
# TEST: OAuth2 authorize
log.info("------------ Get token #1")
auth_params = {
"client_id": client_id,
"grant_type": "password",
"username": "******",
"password": "******"
}
resp = session.post(self.ui_base_url + "/oauth/token",
data=auth_params)
access_token = resp.json()
# TEST: Service access
log.info("------------ Access with token")
resp = session.get(
self.sg_base_url +
"/request/resource_registry/find_resources?restype=ActorIdentity&id_only=True",
headers={
"Authorization": "Bearer %s" % access_token["access_token"]
})
resp_json = self._assert_json_response(resp, None)
#self.assertIn(actor_id, resp_json["result"][0])
log.info("------------ Access with bad token")
resp = session.get(
self.sg_base_url +
"/request/resource_registry/find_resources?restype=ActorIdentity&id_only=True",
headers={"Authorization": "Bearer FOOBAR"})
resp_json = self._assert_json_response(resp, None, status=401)
# TEST: Get session using token
log.info("------------ Get session using token")
resp = session.get(self.ui_base_url + "/auth/session",
headers={
"Authorization":
"Bearer %s" % access_token["access_token"]
})
resp_json = self._assert_json_response(resp, None)
self.assertEqual(actor_id, resp_json["result"]["actor_id"])
# TEST: Get new access token
log.info("------------ Refresh token")
auth_params = {
"client_id": client_id,
"grant_type": "refresh_token",
"refresh_token": access_token["refresh_token"]
}
resp = session.post(self.ui_base_url + "/oauth/token",
data=auth_params)
access_token1 = resp.json()
with patch('ion.process.ui.server.ui_instance.session_timeout', 2):
log.info("Patched server.session_timeout to %s",
self.ui_server_proc.session_timeout)
session = requests.session()
log.info("------------ Get token #2 (with short expiration)")
auth_params = {
"client_id": client_id,
"grant_type": "password",
"username": "******",
"password": "******"
}
resp = session.post(self.ui_base_url + "/oauth/token",
data=auth_params)
access_token = resp.json()
# TEST: Service access
log.info("------------ Access before expired")
resp = session.get(
self.sg_base_url +
"/request/resource_registry/find_resources?restype=ActorIdentity&id_only=True",
headers={
"Authorization": "Bearer %s" % access_token["access_token"]
})
resp_json = self._assert_json_response(resp, None)
gevent.sleep(2)
# TEST: Service access fails after expiration
log.info("------------ Access after token expiration")
resp = session.get(
self.sg_base_url +
"/request/resource_registry/find_resources?restype=ActorIdentity&id_only=True",
headers={
"Authorization": "Bearer %s" % access_token["access_token"]
})
resp_json = self._assert_json_response(resp, None, status=401)
with patch('ion.process.ui.server.ui_instance.session_timeout', 2), \
patch('ion.process.ui.server.ui_instance.extend_session_timeout', True), \
patch('ion.process.ui.server.ui_instance.max_session_validity', 3):
session = requests.session()
log.info("------------ Get token #3 (with short expiration)")
auth_params = {
"client_id": client_id,
"grant_type": "password",
"username": "******",
"password": "******"
}
resp = session.post(self.ui_base_url + "/oauth/token",
data=auth_params)
access_token = resp.json()
gevent.sleep(1)
# TEST: Service access extends expiration
log.info(
"------------ Access before expired should extend expiration")
resp = session.get(
self.sg_base_url +
"/request/resource_registry/find_resources?restype=ActorIdentity&id_only=True",
headers={
"Authorization": "Bearer %s" % access_token["access_token"]
})
resp_json = self._assert_json_response(resp, None)
gevent.sleep(1.1)
# TEST: Service access will fail unless was extended
log.info("------------ Access before expired after extension")
resp = session.get(
self.sg_base_url +
"/request/resource_registry/find_resources?restype=ActorIdentity&id_only=True",
headers={
"Authorization": "Bearer %s" % access_token["access_token"]
})
resp_json = self._assert_json_response(resp, None)
gevent.sleep(1.5)
# TEST: Service access fails after max validity
log.info("------------ Access after token expiration")
resp = session.get(
self.sg_base_url +
"/request/resource_registry/find_resources?restype=ActorIdentity&id_only=True",
headers={
"Authorization": "Bearer %s" % access_token["access_token"]
})
resp_json = self._assert_json_response(resp, None, status=401)
# TEST: Remember user from within session
session = requests.session()
log.info("------------ Get token #4")
auth_params = {
"client_id": client_id,
"grant_type": "password",
"username": "******",
"password": "******"
}
resp = session.post(self.ui_base_url + "/oauth/token",
data=auth_params)
access_token = resp.json()
# TEST: Get session without token tests remember user
log.info("------------ Get session without token")
resp = session.get(self.ui_base_url + "/auth/session")
resp_json = self._assert_json_response(resp, None)
self.assertEqual(actor_id, resp_json["result"]["actor_id"])
# TEST: Logout
log.info("------------ Logout")
resp = session.get(self.ui_base_url + "/auth/logout",
headers={
"Authorization":
"Bearer %s" % access_token["access_token"]
})
resp_json = self._assert_json_response(resp, None)
self.assertEqual(resp_json["result"], "OK")
# TEST: Get session without token after logout
log.info("------------ Get session without token")
resp = session.get(self.ui_base_url + "/auth/session")
resp_json = self._assert_json_response(resp, None)
self.assertEqual(resp_json["result"]["actor_id"], "")
# TEST: Service access after logout
log.info("------------ Access with token after logout")
resp = session.get(
self.sg_base_url +
"/request/resource_registry/find_resources?restype=ActorIdentity&id_only=True",
headers={
"Authorization": "Bearer %s" % access_token["access_token"]
})
resp_json = self._assert_json_response(resp, None, 401)
with patch('ion.process.ui.server.ui_instance.remember_user', False):
session = requests.session()
log.info("------------ Get token #5")
auth_params = {
"client_id": client_id,
"grant_type": "password",
"username": "******",
"password": "******"
}
resp = session.post(self.ui_base_url + "/oauth/token",
data=auth_params)
access_token = resp.json()
# TEST: Get session without token fails if remember user is False
log.info("------------ Get session without token")
resp = session.get(self.ui_base_url + "/auth/session")
resp_json = self._assert_json_response(resp, None)
self.assertEqual(resp_json["result"]["actor_id"], "")
def on_init(self):
res_obj = ActorIdentity(name="user1")
rid,_ = self.clients.resource_registry.create(res_obj)
agent_resources[self.id] = rid
self.resource_id = rid
agent_instances[self._proc_name] = self.id
def define_user(self,
user_id='',
first_name='',
last_name='',
username='',
password='',
email='',
attributes=None):
if user_id:
raise NotImplementedError("Update not supported: user_id=%s" %
user_id)
if not email:
raise BadRequest('Email is required')
username = username or email
user = self._get_user_by_email(email)
if user:
raise BadRequest("Email already taken")
if not username or not is_valid_identifier(username,
valid_chars=EMAIL_VALID):
raise BadRequest("Argument username invalid: %s" % username)
if attributes and type(attributes) is not dict:
raise BadRequest("Argument attributes invalid type")
if not first_name:
first_name = username
attributes = attributes or {}
full_name = ("%s %s" %
(first_name, last_name)) if last_name else first_name
IdentityUtils.check_password_policy(password)
contact = ContactInformation(individual_names_given=first_name,
individual_name_family=last_name,
email=email)
user_profile = UserIdentityDetails(contact=contact, profile=attributes)
actor_obj = ActorIdentity(name=full_name, details=user_profile)
# Support fast setting of credentials without expensive compute of bcrypt hash, for quick preload
pwd_salt, pwd_hash = None, None
if attributes and "scion_init_pwdsalt" in attributes and "scion_init_pwdhash" in attributes:
pwd_salt, pwd_hash = attributes.pop(
"scion_init_pwdsalt"), attributes.pop("scion_init_pwdhash")
user_exists = self.idm_client.is_user_existing(username)
if user_exists:
raise BadRequest("Username already taken")
actor_id = self.idm_client.create_actor_identity(actor_obj)
if pwd_salt and pwd_hash:
# Add to credentials
actor_obj1 = self.rr.read(actor_id)
cred_obj = None
for cred in actor_obj1.credentials:
if cred.username == username:
cred_obj = cred
break
if not cred_obj:
cred_obj = Credentials()
cred_obj.username = username
actor_obj1.credentials.append(cred_obj)
actor_obj1.alt_ids.append("UNAME:" + username)
cred_obj.identity_provider = "SciON"
cred_obj.authentication_service = "SciON IdM"
cred_obj.password_salt = pwd_salt
cred_obj.password_hash = pwd_hash
self.rr.update(actor_obj1)
else:
self.idm_client.set_actor_credentials(actor_id, username, password)
return actor_id
