def _test_delete_authset_error_authset_not_found(self, management_api,
devices, **kwargs):
d, da = devices[0]
dev = management_api.find_device_by_identity(d.identity, **kwargs)
assert dev
devid = dev.id
print('found matching device with ID:', dev.id)
rsp = management_api.delete_authset(devid, "foobar")
assert rsp.status_code == 404
def _test_delete_authset_OK(self, management_api, devices, **kwargs):
d, da = devices[0]
dev = management_api.find_device_by_identity(d.identity, **kwargs)
assert dev
print('found matching device with ID:', dev.id)
aid = dev.auth_sets[0].id
rsp = management_api.delete_authset(dev.id, aid, **kwargs)
assert rsp.status_code == 204
found = management_api.get_device(id=dev.id, **kwargs)
assert found
assert len(found.auth_sets) == 0
def _test_delete_authset_preauth_OK(self, management_api, devices,
**kwargs):
# preauthorize a device
aid = 'aid-preauth'
device_id = 'id-preauth'
iddata = json.dumps({'mac': 'mac-preauth'})
key = '''-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzogVU7RGDilbsoUt/DdH
VJvcepl0A5+xzGQ50cq1VE/Dyyy8Zp0jzRXCnnu9nu395mAFSZGotZVr+sWEpO3c
yC3VmXdBZmXmQdZqbdD/GuixJOYfqta2ytbIUPRXFN7/I7sgzxnXWBYXYmObYvdP
okP0mQanY+WKxp7Q16pt1RoqoAd0kmV39g13rFl35muSHbSBoAW3GBF3gO+mF5Ty
1ddp/XcgLOsmvNNjY+2HOD5F/RX0fs07mWnbD7x+xz7KEKjF+H7ZpkqCwmwCXaf0
iyYyh1852rti3Afw4mDxuVSD7sd9ggvYMc0QHIpQNkD4YWOhNiE1AB0zH57VbUYG
UwIDAQAB
-----END PUBLIC KEY-----
'''
req = management_api.make_preauth_req(aid, device_id, iddata, key)
_, rsp = management_api.preauthorize(req, **kwargs)
assert rsp.status_code == 201
# check device created
dev = management_api.get_device(id=device_id, **kwargs)
assert dev
assert len(dev.auth_sets) == 1
assert dev.auth_sets[0].status == 'preauthorized'
assert dev.auth_sets[0].id == aid
# delete auth set, check device deleted
rsp = management_api.delete_authset(dev.id, aid, **kwargs)
assert rsp.status_code == 204
found = None
try:
found = management_api.get_device(id=device_id, **kwargs)
except bravado.exception.HTTPError as e:
assert e.response.status_code == 404
assert not found
# check all other devices intact
after_devs = management_api.list_devices(**kwargs)
assert len(after_devs) == len(devices)
def _test_delete_authset_error_device_not_found(self, management_api,
devices, **kwargs):
rsp = management_api.delete_authset("foo", "bar")
assert rsp.status_code == 404
def test_device_count_multiple_auth_sets(self, devices, management_api,
device_api):
""""Verify that auth sets are properly counted. Take a device, make sure it has
2 auth sets, switch each auth sets between accepted/rejected/pending/noauth
states
"""
dev, dauth = devices[0]
# pretend device rotates its keys
dev.rotate_key()
device_auth_req(device_api.auth_requests_url, dauth, dev)
# should have 2 auth sets now
found_dev = management_api.find_device_by_identity(dev.identity)
assert len(found_dev.auth_sets) == 2
first_aid, second_aid = found_dev.auth_sets[0].id, found_dev.auth_sets[
1].id
# device [0] has 2 auth sets, but still counts as 1 device
TestDevice.verify_device_count(management_api, "pending", 5)
devid = found_dev.id
with orchestrator.run_fake_for_device_id(
orchestrator.ANY_DEVICE) as server:
# accept first auth set
management_api.accept_device(devid, first_aid)
TestDevice.verify_device_count(management_api, "pending", 4)
TestDevice.verify_device_count(management_api, "accepted", 1)
TestDevice.verify_device_count(management_api, "rejected", 0)
TestDevice.verify_device_count(management_api, "noauth", 0)
# reject the other
management_api.reject_device(devid, second_aid)
TestDevice.verify_device_count(management_api, "pending", 4)
TestDevice.verify_device_count(management_api, "accepted", 1)
TestDevice.verify_device_count(management_api, "rejected", 0)
TestDevice.verify_device_count(management_api, "noauth", 0)
# reject both
management_api.reject_device(devid, first_aid)
TestDevice.verify_device_count(management_api, "pending", 4)
TestDevice.verify_device_count(management_api, "accepted", 0)
TestDevice.verify_device_count(management_api, "rejected", 1)
TestDevice.verify_device_count(management_api, "noauth", 0)
# switch the first back to pending, 2nd remains rejected
management_api.put_device_status(devid, first_aid, "pending")
TestDevice.verify_device_count(management_api, "pending", 5)
TestDevice.verify_device_count(management_api, "accepted", 0)
TestDevice.verify_device_count(management_api, "rejected", 0)
TestDevice.verify_device_count(management_api, "noauth", 0)
# delete device authsets, becomes 'noauth'
for a in found_dev.auth_sets:
management_api.delete_authset(devid, a.id)
TestDevice.verify_device_count(management_api, "pending", 4)
TestDevice.verify_device_count(management_api, "accepted", 0)
TestDevice.verify_device_count(management_api, "rejected", 0)
TestDevice.verify_device_count(management_api, "noauth", 1)
# device can come back from noauth
device_auth_req(device_api.auth_requests_url, dauth, dev)
TestDevice.verify_device_count(management_api, "pending", 5)
TestDevice.verify_device_count(management_api, "accepted", 0)
TestDevice.verify_device_count(management_api, "rejected", 0)
TestDevice.verify_device_count(management_api, "noauth", 0)