def test_delete_identity_of_account(self): """ ACCOUNT (REST): send a DELETE to remove an identity of an account.""" mw = [] account = account_name_generator() identity = uuid() password = '******' add_account(account, 'USER', '*****@*****.**', 'root', **self.vo) add_identity(identity, IdentityType.USERPASS, '*****@*****.**', password) add_account_identity(identity, IdentityType.USERPASS, InternalAccount(account, **self.vo), '*****@*****.**') headers1 = {'X-Rucio-Account': account, 'X-Rucio-Username': identity, 'X-Rucio-Password': password} headers1.update(self.vo_header) res1 = TestApp(auth_app.wsgifunc(*mw)).get('/userpass', headers=headers1, expect_errors=True) token = str(res1.header('X-Rucio-Auth-Token')) # normal deletion headers2 = {'X-Rucio-Auth-Token': str(token)} data = dumps({'authtype': 'USERPASS', 'identity': identity}) res2 = TestApp(account_app.wsgifunc(*mw)).delete('/' + account + '/identities', headers=headers2, params=data, expect_errors=True) assert_equal(res2.status, 200) # unauthorized deletion other_account = account_name_generator() headers2 = {'X-Rucio-Auth-Token': str(token)} data = dumps({'authtype': 'USERPASS', 'identity': identity}) res2 = TestApp(account_app.wsgifunc(*mw)).delete('/' + other_account + '/identities', headers=headers2, params=data, expect_errors=True) assert_equal(res2.status, 401)
def test_update_nonexisting_subscription(self): """ SUBSCRIPTION (REST): Test the update of a non-existing subscription """ mw = [] headers1 = { 'X-Rucio-Account': 'root', 'X-Rucio-Username': '******', 'X-Rucio-Password': '******' } res1 = TestApp(auth_app.wsgifunc(*mw)).get('/userpass', headers=headers1, expect_errors=True) assert_equal(res1.status, 200) token = str(res1.header('X-Rucio-Auth-Token')) subscription_name = uuid() headers2 = {'X-Rucio-Auth-Token': str(token)} data = dumps({'options': { 'filter': { 'project': [ 'toto', ] } }}) res2 = TestApp(subs_app.wsgifunc(*mw)).put('/root/' + subscription_name, headers=headers2, params=data, expect_errors=True) assert_equal(res2.status, 404) assert_equal(res2.header('ExceptionClass'), 'SubscriptionNotFound')
def test_userpass(self): """ ACCOUNT (REST): send a POST to add an identity to an account.""" mw = [] account = 'root' headers1 = { 'X-Rucio-Account': account, 'X-Rucio-Username': '******', 'X-Rucio-Password': '******' } res1 = TestApp(auth_app.wsgifunc(*mw)).get('/userpass', headers=headers1, expect_errors=True) assert_equal(res1.status, 200) token = str(res1.header('X-Rucio-Auth-Token')) username = uuid() password = '******' # normal addition headers2 = { 'X-Rucio-Auth-Token': str(token), 'X-Rucio-Username': username, 'X-Rucio-Password': password, 'X-Rucio-Email': 'email' } res2 = TestApp(identity_app.wsgifunc(*mw)).put('/' + account + '/userpass', headers=headers2, expect_errors=True) assert_equal(res2.status, 201)
def test_add_attribute(self): """ ACCOUNT (REST): add/get/delete attribute.""" mw = [] headers1 = {'X-Rucio-Account': 'root', 'X-Rucio-Username': '******', 'X-Rucio-Password': '******'} headers1.update(self.vo_header) res1 = TestApp(auth_app.wsgifunc(*mw)).get('/userpass', headers=headers1, expect_errors=True) assert_equal(res1.status, 200) token = str(res1.header('X-Rucio-Auth-Token')) acntusr = account_name_generator() headers2 = {'X-Rucio-Auth-Token': str(token)} data = dumps({'type': 'USER', 'email': '*****@*****.**'}) res2 = TestApp(account_app.wsgifunc(*mw)).post('/' + acntusr, headers=headers2, params=data, expect_errors=True) assert_equal(res2.status, 201) key = account_name_generator() value = "true" data = dumps({'key': key, 'value': value}) res3 = TestApp(account_app.wsgifunc(*mw)).post('/{0}/attr/{1}'.format(acntusr, key), headers=headers2, params=data, expect_errors=True) assert_equal(res3.status, 201) res4 = TestApp(account_app.wsgifunc(*mw)).get('/' + acntusr + '/attr/', headers=headers2, expect_errors=True) assert_equal(res4.status, 200) res5 = TestApp(account_app.wsgifunc(*mw)).delete('/{0}/attr/{1}'.format(acntusr, key), headers=headers2, params=data, expect_errors=True) assert_equal(res5.status, 200)
def test_update_account(self): """ ACCOUNT (REST): send a PUT to update an account.""" mw = [] headers1 = {'X-Rucio-Account': 'root', 'X-Rucio-Username': '******', 'X-Rucio-Password': '******'} headers1.update(self.vo_header) res1 = TestApp(auth_app.wsgifunc(*mw)).get('/userpass', headers=headers1, expect_errors=True) assert_equal(res1.status, 200) token = str(res1.header('X-Rucio-Auth-Token')) acntusr = account_name_generator() headers2 = {'X-Rucio-Auth-Token': str(token)} data = dumps({'type': 'USER', 'email': '*****@*****.**'}) res2 = TestApp(account_app.wsgifunc(*mw)).post('/' + acntusr, headers=headers2, params=data, expect_errors=True) assert_equal(res2.status, 201) data = dumps({'status': 'SUSPENDED', 'email': 'test'}) headers3 = {'X-Rucio-Auth-Token': str(token)} res3 = TestApp(account_app.wsgifunc(*mw)).put('/' + acntusr, headers=headers3, params=data, expect_errors=True) assert_equal(res3.status, 200) headers4 = {'X-Rucio-Auth-Token': str(token)} res4 = TestApp(account_app.wsgifunc(*mw)).get('/' + acntusr, headers=headers4, expect_errors=True) body = loads(res4.body.decode()) assert_equal(body['status'], 'SUSPENDED') assert_equal(body['email'], 'test') assert_equal(res4.status, 200)
def test_list_scope_no_scopes(self): """ SCOPE (REST): send a GET list all scopes for one account without scopes """ mw = [] headers1 = { 'X-Rucio-Account': 'root', 'X-Rucio-Username': '******', 'X-Rucio-Password': '******' } res1 = TestApp(auth_app.wsgifunc(*mw)).get('/userpass', headers=headers1, expect_errors=True) assert_equal(res1.status, 200) token = str(res1.header('X-Rucio-Auth-Token')) headers2 = {'X-Rucio-Auth-Token': str(token)} acntusr = account_name_generator() data = dumps({'type': 'USER', 'email': '*****@*****.**'}) res2 = TestApp(account_app.wsgifunc(*mw)).post('/' + acntusr, headers=headers2, params=data, expect_errors=True) assert_equal(res2.status, 201) headers3 = {'X-Rucio-Auth-Token': str(token)} res4 = TestApp(account_app.wsgifunc(*mw)).get('/%s/scopes/' % (acntusr), headers=headers3, params=data, expect_errors=True) assert_equal(res4.status, 404) assert_equal(res4.header('ExceptionClass'), 'ScopeNotFound')
def test_del_user_success(self): """ ACCOUNT (REST): send a DELETE to disable the new user """ mw = [] headers1 = {'X-Rucio-Account': 'root', 'X-Rucio-Username': '******', 'X-Rucio-Password': '******'} headers1.update(self.vo_header) res1 = TestApp(auth_app.wsgifunc(*mw)).get('/userpass', headers=headers1, expect_errors=True) assert_equal(res1.status, 200) token = str(res1.header('X-Rucio-Auth-Token')) acntusr = account_name_generator() headers2 = {'X-Rucio-Auth-Token': str(token)} data = dumps({'type': 'USER', 'email': '*****@*****.**'}) res2 = TestApp(account_app.wsgifunc(*mw)).post('/' + acntusr, headers=headers2, params=data, expect_errors=True) assert_equal(res2.status, 201) headers3 = {'X-Rucio-Auth-Token': str(token)} res3 = TestApp(account_app.wsgifunc(*mw)).delete('/' + acntusr, headers=headers3, expect_errors=True) assert_equal(res3.status, 200) headers4 = {'X-Rucio-Auth-Token': str(token)} res4 = TestApp(account_app.wsgifunc(*mw)).get('/' + acntusr, headers=headers4, expect_errors=True) body = loads(res4.body.decode()) assert_true(body['status'] == AccountStatus.DELETED.description) # pylint: disable=no-member assert_equal(res3.status, 200)
def get_auth_token(account, username, password): """ Get's an authentication token from the server :param account: the account authenticating :param username:the username linked to the account :param password: the password linked to the account :returns: the authentication token """ if config_get_bool('common', 'multi_vo', raise_exception=False, default=False): vo_header = { 'X-Rucio-VO': config_get('client', 'vo', raise_exception=False, default='tst') } else: vo_header = {} from rucio.web.rest.authentication import APP as auth_app mw = [] header = { 'Rucio-Account': account, 'Rucio-Username': username, 'Rucio-Password': password } header.update(vo_header) r1 = TestApp(auth_app.wsgifunc(*mw)).get('/userpass', headers=header, expect_errors=True) token = str(r1.header('Rucio-Auth-Token')) return token
def test_scope_success(self): """ SCOPE (REST): send a POST to create a new account and scope """ mw = [] headers1 = { 'X-Rucio-Account': 'root', 'X-Rucio-Username': '******', 'X-Rucio-Password': '******' } res1 = TestApp(auth_app.wsgifunc(*mw)).get('/userpass', headers=headers1, expect_errors=True) assert_equal(res1.status, 200) token = str(res1.header('X-Rucio-Auth-Token')) headers2 = {'X-Rucio-Auth-Token': str(token)} acntusr = account_name_generator() data = dumps({'type': 'USER', 'email': 'rucio.email.com'}) res2 = TestApp(account_app.wsgifunc(*mw)).post('/' + acntusr, headers=headers2, params=data, expect_errors=True) assert_equal(res2.status, 201) headers3 = {'X-Rucio-Auth-Token': str(token)} scopeusr = scope_name_generator() res3 = TestApp(account_app.wsgifunc(*mw)).post('/%s/scopes/%s' % (acntusr, scopeusr), headers=headers3, expect_errors=True) assert_equal(res3.status, 201)
def test_get_user_success(self): """ ACCOUNT (REST): send a GET to retrieve the infos of the new user """ mw = [] headers1 = { 'X-Rucio-Account': 'root', 'X-Rucio-Username': '******', 'X-Rucio-Password': '******' } headers1.update(self.vo_header) res1 = TestApp(auth_app.wsgifunc(*mw)).get('/userpass', headers=headers1, expect_errors=True) assert res1.status == 200 token = str(res1.header('X-Rucio-Auth-Token')) acntusr = account_name_generator() headers2 = {'X-Rucio-Auth-Token': str(token)} data = dumps({'type': 'USER', 'email': '*****@*****.**'}) res2 = TestApp(account_app.wsgifunc(*mw)).post('/' + acntusr, headers=headers2, params=data, expect_errors=True) assert res2.status == 201 headers3 = {'X-Rucio-Auth-Token': str(token)} res3 = TestApp(account_app.wsgifunc(*mw)).get('/' + acntusr, headers=headers3, expect_errors=True) body = loads(res3.body.decode()) assert body['account'] == acntusr assert res3.status == 200
def test_create_and_update_and_list_subscription(self): """ SUBSCRIPTION (REST): Test the creation of a new subscription, update it, list it """ mw = [] headers1 = {'X-Rucio-Account': 'root', 'X-Rucio-Username': '******', 'X-Rucio-Password': '******'} res1 = TestApp(auth_app.wsgifunc(*mw)).get('/userpass', headers=headers1, expect_errors=True) assert_equal(res1.status, 200) token = str(res1.header('X-Rucio-Auth-Token')) subscription_name = uuid() headers2 = {'X-Rucio-Auth-Token': str(token)} data = dumps({'options': {'filter': {'project': self.projects, 'datatype': ['AOD', ], 'excluded_pattern': self.pattern1, 'account': ['tier0', ]}, 'replication_rules': [{'lifetime': 86400, 'rse_expression': 'MOCK|MOCK2', 'copies': 2, 'activity': 'Data Brokering'}], 'lifetime': 100000, 'retroactive': 0, 'dry_run': 0, 'comments': 'blahblah'}}) res2 = TestApp(subs_app.wsgifunc(*mw)).post('/root/%s' % (subscription_name), headers=headers2, params=data, expect_errors=True) assert_equal(res2.status, 201) data = dumps({'options': {'filter': {'project': ['toto', ]}}}) res3 = TestApp(subs_app.wsgifunc(*mw)).put('/root/%s' % (subscription_name), headers=headers2, params=data, expect_errors=True) assert_equal(res3.status, 201) res4 = TestApp(subs_app.wsgifunc(*mw)).get('/root/%s' % (subscription_name), headers=headers2, expect_errors=True) assert_equal(res4.status, 200) assert_equal(loads(loads(res4.body)['filter'])['project'][0], 'toto')
def test_create_user_not_json_dict(self): """ ACCOUNT (REST): send a POST with a non dictionary json body""" mw = [] headers = { 'X-Rucio-Account': 'root', 'X-Rucio-Username': '******', 'X-Rucio-Password': '******' } headers.update(self.vo_header) res = TestApp(auth_app.wsgifunc(*mw)).get('/userpass', headers=headers, expect_errors=True) assert res.status == 200 token = str(res.header('X-Rucio-Auth-Token')) headers = {'X-Rucio-Auth-Token': str(token)} data = dumps(('account', 'account')) res = TestApp(account_app.wsgifunc(*mw)).post('/testaccount', headers=headers, params=data, expect_errors=True) assert res.header('ExceptionClass') == 'TypeError' assert loads(res.normal_body.decode()) == { "ExceptionMessage": "body must be a json dictionary", "ExceptionClass": "TypeError" } assert res.status == 400
def test_create_user_missing_parameter(self): """ ACCOUNT (REST): send a POST with a missing parameter""" mw = [] headers = { 'X-Rucio-Account': 'root', 'X-Rucio-Username': '******', 'X-Rucio-Password': '******' } headers.update(self.vo_header) res = TestApp(auth_app.wsgifunc(*mw)).get('/userpass', headers=headers, expect_errors=True) assert res.status == 200 token = str(res.header('X-Rucio-Auth-Token')) headers = {'X-Rucio-Auth-Token': str(token)} data = dumps({}) ret = TestApp(account_app.wsgifunc(*mw)).post('/account', headers=headers, params=data, expect_errors=True) assert ret.header('ExceptionClass') == 'KeyError' assert loads(ret.normal_body.decode()) == { "ExceptionMessage": "\'type\' not defined", "ExceptionClass": "KeyError" } assert ret.status == 400
def test_create_user_failure(self): """ ACCOUNT (REST): send a POST with an existing user to test the error case """ mw = [] headers1 = { 'X-Rucio-Account': 'root', 'X-Rucio-Username': '******', 'X-Rucio-Password': '******' } headers1.update(self.vo_header) res1 = TestApp(auth_app.wsgifunc(*mw)).get('/userpass', headers=headers1, expect_errors=True) assert res1.status == 200 token = str(res1.header('X-Rucio-Auth-Token')) headers = {'X-Rucio-Auth-Token': str(token)} data = dumps({'type': 'USER', 'email': '*****@*****.**'}) res1 = TestApp(account_app.wsgifunc(*mw)).post('/jdoe', headers=headers, params=data, expect_errors=True) res1 = TestApp(account_app.wsgifunc(*mw)).post('/jdoe', headers=headers, params=data, expect_errors=True) assert res1.status == 409
def test_create_user_non_json_body(self): """ ACCOUNT (REST): send a POST with a non json body""" mw = [] headers = { 'X-Rucio-Account': 'root', 'X-Rucio-Username': '******', 'X-Rucio-Password': '******' } res = TestApp(auth_app.wsgifunc(*mw)).get('/userpass', headers=headers, expect_errors=True) assert_equal(res.status, 200) token = str(res.header('X-Rucio-Auth-Token')) headers = {'X-Rucio-Auth-Token': str(token)} data = {'type': 'USER'} ret = TestApp(account_app.wsgifunc(*mw)).post('/testuser', headers=headers, params=data, expect_errors=True) assert_equal(ret.header('ExceptionClass'), 'ValueError') assert_equal( ret.normal_body, '{"ExceptionMessage": "cannot decode json parameter dictionary", "ExceptionClass": "ValueError"}' ) assert_equal(ret.status, 400)
def test_add_identity_to_account(self): """ ACCOUNT (REST): send a POST to add an identity to an account.""" mw = [] account = 'root' headers1 = {'X-Rucio-Account': account, 'X-Rucio-Username': '******', 'X-Rucio-Password': '******'} headers1.update(self.vo_header) res1 = TestApp(auth_app.wsgifunc(*mw)).get('/userpass', headers=headers1, expect_errors=True) assert_equal(res1.status, 200) token = str(res1.header('X-Rucio-Auth-Token')) identity = uuid() # normal addition headers2 = {'X-Rucio-Auth-Token': str(token)} data = dumps({'authtype': 'USERPASS', 'email': '*****@*****.**', 'password': '******', 'identity': identity}) res2 = TestApp(account_app.wsgifunc(*mw)).post('/' + account + '/identities', headers=headers2, params=data, expect_errors=True) assert_equal(res2.status, 201) # duplicate identity res4 = TestApp(account_app.wsgifunc(*mw)).post('/' + account + '/identities', headers=headers2, params=data, expect_errors=True) assert_equal(res4.status, 409) # missing password identity = uuid() data = dumps({'authtype': 'USERPASS', 'email': '*****@*****.**', 'identity': identity}) res3 = TestApp(account_app.wsgifunc(*mw)).post('/' + account + '/identities', headers=headers2, params=data, expect_errors=True) assert_equal(res3.status, 400)
def test_userpass_success(self): """AUTHENTICATION (REST): Username and password (correct credentials).""" options = [] headers = {'X-Rucio-Account': 'root', 'X-Rucio-Username': '******', 'X-Rucio-Password': '******'} headers.update(self.vo_header) result = TestApp(APP.wsgifunc(*options)).get('/userpass', headers=headers, expect_errors=True) assert_equal(result.status, 200) assert_greater(len(result.header('X-Rucio-Auth-Token')), 32)
def test_bad_replica_methods_for_UI(self): """ REPLICA (REST): Test the listing of bad and suspicious replicas """ mw = [] headers1 = {'X-Rucio-Account': 'root', 'X-Rucio-Username': '******', 'X-Rucio-Password': '******'} r1 = TestApp(auth_app.wsgifunc(*mw)).get('/userpass', headers=headers1, expect_errors=True) assert_equal(r1.status, 200) token = str(r1.header('X-Rucio-Auth-Token')) headers2 = {'X-Rucio-Auth-Token': str(token)} data = dumps({}) r2 = TestApp(rep_app.wsgifunc(*mw)).get('/bad/states', headers=headers2, params=data, expect_errors=True) assert_equal(r2.status, 200) tot_files = [] for line in r2.body.split('\n'): if line != '': tot_files.append(dumps(line)) nb_tot_files = len(tot_files) data = dumps({'state': 'B'}) r2 = TestApp(rep_app.wsgifunc(*mw)).get('/bad/states', headers=headers2, params=data, expect_errors=True) assert_equal(r2.status, 200) tot_bad_files = [] for line in r2.body.split('\n'): if line != '': tot_bad_files.append(dumps(line)) nb_tot_bad_files1 = len(tot_bad_files) data = dumps({'state': 'S', 'list_pfns': 'True'}) r2 = TestApp(rep_app.wsgifunc(*mw)).get('/bad/states', headers=headers2, params=data, expect_errors=True) assert_equal(r2.status, 200) tot_suspicious_files = [] for line in r2.body.split('\n'): if line != '': tot_suspicious_files.append(dumps(line)) nb_tot_suspicious_files = len(tot_suspicious_files) assert_equal(nb_tot_files, nb_tot_bad_files1 + nb_tot_suspicious_files) tomorrow = datetime.utcnow() + timedelta(days=1) data = dumps({'state': 'B', 'younger_than': tomorrow.isoformat()}) r2 = TestApp(rep_app.wsgifunc(*mw)).get('/bad/states', headers=headers2, params=data, expect_errors=True) assert_equal(r2.status, 200) tot_bad_files = [] for line in r2.body.split('\n'): if line != '': tot_bad_files.append(dumps(line)) nb_tot_bad_files = len(tot_bad_files) assert_equal(nb_tot_bad_files, 0) data = dumps({}) r2 = TestApp(rep_app.wsgifunc(*mw)).get('/bad/summary', headers=headers2, params=data, expect_errors=True) assert_equal(r2.status, 200) nb_tot_bad_files2 = 0 for line in r2.body.split('\n'): if line != '': line = loads(line) nb_tot_bad_files2 += int(line['BAD']) assert_equal(nb_tot_bad_files1, nb_tot_bad_files2)
def test_auth_ssh(self): """ MULTI VO (REST): Test ssh authentication to multiple VOs """ mw = [] try: add_account_identity(PUBLIC_KEY, 'SSH', 'root', '*****@*****.**', 'root', **self.vo) add_account_identity(PUBLIC_KEY, 'SSH', 'root', '*****@*****.**', 'root', **self.new_vo) except Duplicate: pass # Might already exist, can skip headers_tst = {'X-Rucio-Account': 'root'} headers_tst.update(self.vo_header) res_tst = TestApp(auth_app.wsgifunc(*mw)).get('/ssh_challenge_token', headers=headers_tst, expect_errors=True) assert_equal(res_tst.status, 200) challenge_tst = str(res_tst.header('X-Rucio-SSH-Challenge-Token')) headers_tst.update({'X-Rucio-SSH-Signature': ssh_sign(PRIVATE_KEY, challenge_tst)}) res_tst = TestApp(auth_app.wsgifunc(*mw)).get('/ssh', headers=headers_tst, expect_errors=True) assert_equal(res_tst.status, 200) token_tst = str(res_tst.header('X-Rucio-Auth-Token')) headers_new = {'X-Rucio-Account': 'root'} headers_new.update(self.new_header) res_new = TestApp(auth_app.wsgifunc(*mw)).get('/ssh_challenge_token', headers=headers_new, expect_errors=True) assert_equal(res_new.status, 200) challenge_tst = str(res_new.header('X-Rucio-SSH-Challenge-Token')) headers_new.update({'X-Rucio-SSH-Signature': ssh_sign(PRIVATE_KEY, challenge_tst)}) res_new = TestApp(auth_app.wsgifunc(*mw)).get('/ssh', headers=headers_new, expect_errors=True) assert_equal(res_new.status, 200) token_new = str(res_new.header('X-Rucio-Auth-Token')) headers_tst = {'X-Rucio-Auth-Token': str(token_tst)} res_tst = TestApp(account_app.wsgifunc(*mw)).get('/', headers=headers_tst, expect_errors=True) assert_equal(res_tst.status, 200) accounts_tst = [parse_response(a)['account'] for a in res_tst.body.decode().split('\n')[:-1]] assert_not_equal(len(accounts_tst), 0) assert_in(self.account_tst, accounts_tst) assert_not_in(self.account_new, accounts_tst) headers_new = {'X-Rucio-Auth-Token': str(token_new)} res_new = TestApp(account_app.wsgifunc(*mw)).get('/', headers=headers_new, expect_errors=True) assert_equal(res_new.status, 200) accounts_new = [parse_response(a)['account'] for a in res_new.body.decode().split('\n')[:-1]] assert_not_equal(len(accounts_new), 0) assert_in(self.account_new, accounts_new) assert_not_in(self.account_tst, accounts_new)
def test_saml_fail(self): """AUTHENTICATION (REST): SAML Username and password (wrong credentials).""" options = [] headers = {'X-Rucio-Account': 'root'} headers.update(self.vo_header) userpass = {'username': '******', 'password': '******'} result = TestApp(APP.wsgifunc(*options)).get('/saml', headers=headers, expect_errors=True) try: if not result.header('X-Rucio-Auth-Token'): SAML_auth_url = result.header('X-Rucio-SAML-Auth-URL') result = session().post(SAML_auth_url, data=userpass, verify=False, allow_redirects=True) result = TestApp(APP.wsgifunc(*options)).get('/saml', headers=headers, expect_errors=True) assert_equal(result.status, 401) except: # FIXME: The WebUI isn't linked to CERN SSO yet so this needs to be fixed once it is linked pass
def test_del_user_failure(self): """ ACCOUNT (REST): send a DELETE with a wrong user to test the error """ mw = [] headers1 = {'X-Rucio-Account': 'root', 'X-Rucio-Username': '******', 'X-Rucio-Password': '******'} res1 = TestApp(auth_app.wsgifunc(*mw)).get('/userpass', headers=headers1, expect_errors=True) assert_equal(res1.status, 200) token = str(res1.header('X-Rucio-Auth-Token')) headers2 = {'X-Rucio-Auth-Token': str(token)} res2 = TestApp(account_app.wsgifunc(*mw)).delete('/wronguser', headers=headers2, expect_errors=True) assert_equal(res2.status, 404)
def test_userpass_fail(self): """AUTHENTICATION (REST): Username and password (wrong credentials).""" options = [] headers = { 'X-Rucio-Account': 'wrong', 'X-Rucio-Username': '******', 'X-Rucio-Password': '******' } result = TestApp(APP.wsgifunc(*options)).get('/userpass', headers=headers, expect_errors=True) assert_equal(result.status, 401)
def test_export_rest(self): """ EXPORT (REST): Test the export of data.""" mw = [] headers1 = {'X-Rucio-Account': 'root', 'X-Rucio-Username': '******', 'X-Rucio-Password': '******'} r1 = TestApp(auth_app.wsgifunc(*mw)).get('/userpass', headers=headers1, expect_errors=True) token = str(r1.header('X-Rucio-Auth-Token')) headers2 = {'X-Rucio-Type': 'user', 'X-Rucio-Account': 'root', 'X-Rucio-Auth-Token': str(token)} r2 = TestApp(export_app.wsgifunc(*mw)).get('/', headers=headers2, expect_errors=True) rses = export_rses() assert_equal(r2.status, 200) assert_equal(r2.body, render_json(**{'rses': rses, 'distances': export_distances()}))
def test_whoami_account(self): """ ACCOUNT (REST): Test the whoami method.""" mw = [] headers1 = {'X-Rucio-Account': 'root', 'X-Rucio-Username': '******', 'X-Rucio-Password': '******'} res1 = TestApp(auth_app.wsgifunc(*mw)).get('/userpass', headers=headers1, expect_errors=True) assert_equal(res1.status, 200) token = str(res1.header('X-Rucio-Auth-Token')) headers2 = {'X-Rucio-Auth-Token': str(token)} res2 = TestApp(account_app.wsgifunc(*mw)).get('/whoami', headers=headers2, expect_errors=True) assert_equal(res2.status, 303)
def get_auth_token(account, username, password): """ Get's an authentication token from the server :param account: the account authenticating :param username:the username linked to the account :param password: the password linked to the account :returns: the authentication token """ mw = [] header = {'Rucio-Account': account, 'Rucio-Username': username, 'Rucio-Password': password} r1 = TestApp(auth_app.wsgifunc(*mw)).get('/userpass', headers=header, expect_errors=True) token = str(r1.header('Rucio-Auth-Token')) return token
def test_saml_fail(self): """AUTHENTICATION (REST): SAML Username and password (wrong credentials).""" options = [] headers = {'X-Rucio-Account': 'root'} headers.update(self.vo_header) userpass = {'username': '******', 'password': '******'} result = TestApp(APP.wsgifunc(*options)).get('/saml', headers=headers, expect_errors=True) if not result.header('X-Rucio-Auth-Token'): SAML_auth_url = result.header('X-Rucio-SAML-Auth-URL') result = session().post(SAML_auth_url, data=userpass, verify=False, allow_redirects=True) result = TestApp(APP.wsgifunc(*options)).get('/saml', headers=headers, expect_errors=True) assert result.status == 401
def test_list_vos_denied(self): """ MULTI VO (REST): Test list VOs through REST layer raises AccessDenied """ mw = [] headers1 = {'X-Rucio-Account': 'root', 'X-Rucio-Username': '******', 'X-Rucio-Password': '******'} headers1.update(self.vo_header) res1 = TestApp(auth_app.wsgifunc(*mw)).get('/userpass', headers=headers1, expect_errors=True) assert_equal(res1.status, 200) token = str(res1.header('X-Rucio-Auth-Token')) headers2 = {'X-Rucio-Auth-Token': str(token)} res2 = TestApp(vo_app.wsgifunc(*mw)).get('/', headers=headers2, expect_errors=True) assert_equal(res2.status, 401)
def test_list_scope(self): """ SCOPE (REST): send a GET list all scopes for one account """ mw = [] headers1 = { 'X-Rucio-Account': 'root', 'X-Rucio-Username': '******', 'X-Rucio-Password': '******' } headers1.update(self.vo_header) res1 = TestApp(auth_app.wsgifunc(*mw)).get('/userpass', headers=headers1, expect_errors=True) assert res1.status == 200 token = str(res1.header('X-Rucio-Auth-Token')) tmp_val = account_name_generator() headers2 = { 'Rucio-Type': 'user', 'X-Rucio-Account': 'root', 'X-Rucio-Auth-Token': str(token) } data = dumps({'type': 'USER', 'email': '*****@*****.**'}) res2 = TestApp(account_app.wsgifunc(*mw)).post('/%s' % tmp_val, headers=headers2, params=data, expect_errors=True) assert res2.status == 201 headers3 = {'X-Rucio-Auth-Token': str(token)} for scope in self.scopes: data = dumps({}) res3 = TestApp(account_app.wsgifunc(*mw)).post('/%s/scopes/%s' % (tmp_val, scope), headers=headers3, params=data, expect_errors=True) assert res3.status == 201 res4 = TestApp(account_app.wsgifunc(*mw)).get('/%s/scopes/' % tmp_val, headers=headers3, expect_errors=True) assert res4.status == 200 svr_list = loads(res4.body) for scope in self.scopes: assert scope in svr_list
def test_ssh_success(self): """AUTHENTICATION (REST): SSH RSA public key exchange (correct credentials).""" root = InternalAccount('root') try: add_account_identity(PUBLIC_KEY, IdentityType.SSH, root, email='*****@*****.**') except Duplicate: pass # might already exist, can skip options = [] headers = {'X-Rucio-Account': 'root'} result = TestApp(APP.wsgifunc(*options)).get('/ssh_challenge_token', headers=headers, expect_errors=True) assert_equal(result.status, 200) assert_in('challenge-', result.header('X-Rucio-SSH-Challenge-Token')) signature = ssh_sign(PRIVATE_KEY, result.header('X-Rucio-SSH-Challenge-Token')) headers = {'X-Rucio-Account': 'root', 'X-Rucio-SSH-Signature': signature} result = TestApp(APP.wsgifunc(*options)).get('/ssh', headers=headers, expect_errors=True) assert_equal(result.status, 200) assert_greater(len(result.header('X-Rucio-Auth-Token')), 32) del_account_identity(PUBLIC_KEY, IdentityType.SSH, root)
def test_scope_failure(self): """ SCOPE (REST): send a POST to create a new scope for a not existing account to test the error""" mw = [] headers1 = {'X-Rucio-Account': 'root', 'X-Rucio-Username': '******', 'X-Rucio-Password': '******'} res1 = TestApp(auth_app.wsgifunc(*mw)).get('/userpass', headers=headers1, expect_errors=True) assert_equal(res1.status, 200) token = str(res1.header('X-Rucio-Auth-Token')) headers2 = {'X-Rucio-Auth-Token': str(token)} scopeusr = scope_name_generator() account_name_generator() res2 = TestApp(account_app.wsgifunc(*mw)).post('/%s/scopes/%s' % (scopeusr, scopeusr), headers=headers2, expect_errors=True) assert_equal(res2.status, 404)