def test_revoke_all():
global body
global TUPLE
global RS
# test revoke-all (as provider)
r = provider.get_token(body)
access_token = r['response']
assert r['success'] is True
assert None != access_token
assert 60 * 60 * 2 == access_token['expires-in']
token = access_token['token']
if type(token) == TUPLE:
token = token[0]
s = token.split("/")
assert len(s) == 3
assert s[0] == 'auth.iudx.org.in'
r = provider.audit_tokens(100)
assert r["success"] is True
audit_report = r['response']
as_provider = audit_report["as-provider"]
num_tokens = len(as_provider)
assert num_tokens >= 1
for a in as_provider:
if a["revoked"] is False and a['expired'] is False:
cert_serial = a["certificate-serial-number"]
cert_fingerprint = a["certificate-fingerprint"]
break
r = provider.revoke_all(cert_serial, cert_fingerprint)
assert r["success"] is True
assert r["response"]["num-tokens-revoked"] >= 1
r = provider.audit_tokens(100)
assert r["success"] is True
audit_report = r['response']
as_provider = audit_report["as-provider"]
for a in as_provider:
if a['certificate-serial-number'] == cert_serial and a[
'certificate-fingerprint'] == cert_fingerprint:
if a['expired'] is False:
assert a['revoked'] is True
def test_revoke_with_token():
global body
global TUPLE
# test revoke API
r = provider.get_token(body)
access_token = r['response']
assert r['success'] is True
assert None != access_token
assert 60 * 60 * 2 == access_token['expires-in']
token = access_token['token']
if type(token) == TUPLE:
token = token[0]
s = token.split("/")
assert len(s) == 3
assert s[0] == 'auth.iudx.org.in'
r = provider.audit_tokens(5)
assert r["success"] is True
audit_report = r['response']
as_consumer = audit_report["as-consumer"]
num_revoked_before = 0
for a in as_consumer:
if a['revoked'] is True:
num_revoked_before = num_revoked_before + 1
r = provider.revoke_tokens(token)
assert r["success"] is True
assert r["response"]["num-tokens-revoked"] >= 1
r = provider.audit_tokens(5)
assert r["success"] is True
audit_report = r['response']
as_consumer = audit_report["as-consumer"]
num_revoked_after = 0
for a in as_consumer:
if a['revoked'] is True:
num_revoked_after = num_revoked_after + 1
assert num_revoked_before < num_revoked_after
new_policy = "*@iisc.ac.in can access * for 1 month"
assert provider.set_policy(new_policy)['success'] is True
body = [{
"id": "rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/rs1/r1",
}, {
"id": "rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/rs1/r2"
}]
r = restricted_consumer.get_token(body)
access_token = r['response']
assert r['success'] is True
assert None != access_token
assert r['response']['expires-in'] == 60 * 60 * 24 * 30 * 1
body = [{
"id": "rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/rs1/r1",
}, {
"id": "rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/rs2/r2"
}]
expect_failure(True)
r = restricted_consumer.get_token(body)
expect_failure(False)
assert r['success'] is False
assert r['status_code'] == 403
# new api tests
new_policy = "*@iisc.ac.in can access * for 5 months"
assert provider.set_policy(new_policy)['success'] is True
body = [
"rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/rs1/r1",
"rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/rs2/r2"
]
r = consumer.get_token(body)
assert r['success'] is True
assert r['response']['expires-in'] == 60 * 60 * 24 * 30 * 5
body = "rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/rs1/r1"
r = consumer.get_token(body)
assert r['success'] is True
assert r['response']['expires-in'] == 60 * 60 * 24 * 30 * 5
body = {
"id": "rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/rs1/r1"
}
r = consumer.get_token(body)
assert r['success'] is True
assert r['response']['expires-in'] == 60 * 60 * 24 * 30 * 5
audit_report = r['response']
as_provider = audit_report["as-provider"]
token_hash_found = False
found = None
for a in as_provider:
if a['token-hash'] == token_hash:
token_hash_found = True
found = a
break
assert token_hash_found is True
assert found['revoked'] is True
# test revoke-all (as provider)
r = provider.get_token(body)
access_token = r['response']
assert r['success'] is True
assert None != access_token
assert 7200 == access_token['expires-in']
token = access_token['token']
if type(token) == TUPLE:
token = token[0]
s = token.split("/")
assert len(s) == 3
assert s[0] == 'auth.iudx.org.in'