Ejemplo n.º 1
0
def test_create_and_get_namespace(service_port, mongo):
    storage = get_storage_instance(mongo)
    t = Token('foobar')

    # fail to create a namespace
    r = requests.put('http://localhost:' + service_port +
                     '/api/v1/namespace/myns',
                     headers={'Authorization': 'local ' + t.token})

    assert_json_error_correct(
        r.json(), {
            'error': {
                'httpcode': 401,
                'httpstatus': 'Unauthorized',
                'appcode': 10020,
                'apperror': 'Invalid token',
                'message': '10020 Invalid token'
            }
        })
    assert r.status_code == 401

    # succeed at creating a namespace
    storage.create_local_user(Username('user1'), t.get_hashed_token())
    storage.set_local_user_as_admin(Username('user1'), True)

    r = requests.put('http://localhost:' + service_port +
                     '/api/v1/namespace/myns',
                     headers={'Authorization': 'local ' + t.token})

    assert r.status_code == 204

    # get the namespace with a populated user list
    r = requests.get('http://localhost:' + service_port +
                     '/api/v1/namespace/myns',
                     headers={'Authorization': 'local ' + t.token})

    assert r.json() == {
        'namespace': 'myns',
        'publicly_mappable': False,
        'users': []
    }

    assert r.status_code == 200

    # fail getting a namespace
    r = requests.get('http://localhost:' + service_port +
                     '/api/v1/namespace/myns1')

    assert_json_error_correct(
        r.json(), {
            'error': {
                'httpcode': 404,
                'httpstatus': 'Not Found',
                'appcode': 50010,
                'apperror': 'No such namespace',
                'message': '50010 No such namespace: myns1'
            }
        })
    assert r.status_code == 404
Ejemplo n.º 2
0
def test_set_public_and_list_namespaces(service_port, mongo):
    storage = get_storage_instance(mongo)

    lut = Token('foobar')

    u = Username('lu')
    storage.create_local_user(u, lut.get_hashed_token())
    priv = NamespaceID('priv')
    storage.create_namespace(priv)
    storage.add_user_to_namespace(priv, User(AuthsourceID('local'), u))
    storage.set_namespace_publicly_mappable(priv, True)
    pub = NamespaceID('pub')
    storage.create_namespace(pub)
    storage.add_user_to_namespace(pub, User(AuthsourceID('local'), u))

    r = requests.put('http://localhost:' + service_port +
                     '/api/v1/namespace/priv/set?publicly_mappable=false',
                     headers={'Authorization': 'local ' + lut.token})

    assert r.status_code == 204

    r = requests.put('http://localhost:' + service_port +
                     '/api/v1/namespace/pub/set?publicly_mappable=true',
                     headers={'Authorization': 'local ' + lut.token})

    assert r.status_code == 204

    r = requests.get('http://localhost:' + service_port + '/api/v1/namespace')

    assert r.json() == {
        'publicly_mappable': ['pub'],
        'privately_mappable': ['priv']
    }

    r = requests.put('http://localhost:' + service_port +
                     '/api/v1/namespace/missing/set?publicly_mappable=false',
                     headers={'Authorization': 'local ' + lut.token})

    assert_json_error_correct(
        r.json(), {
            'error': {
                'httpcode': 404,
                'httpstatus': 'Not Found',
                'appcode': 50010,
                'apperror': 'No such namespace',
                'message': '50010 No such namespace: missing'
            }
        })
    assert r.status_code == 404
Ejemplo n.º 3
0
def test_hash_token():
    t = Token('foo')
    ht = t.get_hashed_token()
    assert ht.token_hash == '2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae'
Ejemplo n.º 4
0
def test_mapping(service_port, mongo):
    storage = get_storage_instance(mongo)

    lut = Token('foobar')

    u = Username('lu')
    storage.create_local_user(u, lut.get_hashed_token())
    priv = NamespaceID('priv')
    storage.create_namespace(priv)
    storage.add_user_to_namespace(priv, User(AuthsourceID('local'), u))
    pub = NamespaceID('pub')
    storage.create_namespace(pub)
    storage.set_namespace_publicly_mappable(pub, True)

    # create mappings
    # test that the service ignores incorrect headers
    r = requests.put('http://localhost:' + service_port +
                     '/api/v1/mapping/priv/pub',
                     headers={
                         'Authorization': 'local ' + lut.token,
                         'content-type': 'x-www-form-urlencoded'
                     },
                     data=json.dumps({
                         'id1': 'id2',
                         'id3': 'id4',
                         'id5': 'id6'
                     }))

    assert r.status_code == 204

    # fail create mappings
    r = requests.put('http://localhost:' + service_port +
                     '/api/v1/mapping/priv/pub',
                     headers={'Authorization': 'focal ' + lut.token},
                     data=json.dumps({'id10': 'id11'}))

    assert_json_error_correct(
        r.json(), {
            'error': {
                'httpcode': 404,
                'httpstatus': 'Not Found',
                'appcode': 50020,
                'apperror': 'No such authentication source',
                'message': '50020 No such authentication source: focal'
            }
        })
    assert r.status_code == 404

    # get mappings
    r = requests.get('http://localhost:' + service_port +
                     '/api/v1/mapping/pub?separate',
                     headers={'Authorization': 'local ' + lut.token},
                     data=json.dumps({'ids': ['id2', 'id4', 'id8']}))

    assert r.json() == {
        'id2': {
            'other': [{
                'ns': 'priv',
                'id': 'id1'
            }],
            'admin': []
        },
        'id4': {
            'other': [{
                'ns': 'priv',
                'id': 'id3'
            }],
            'admin': []
        },
        'id8': {
            'other': [],
            'admin': []
        }
    }

    # fail get mappings
    r = requests.get('http://localhost:' + service_port +
                     '/api/v1/mapping/plub?separate',
                     headers={'Authorization': 'local ' + lut.token},
                     data=json.dumps({'ids': ['id2', 'id4', 'id8']}))

    assert_json_error_correct(
        r.json(), {
            'error': {
                'httpcode': 404,
                'httpstatus': 'Not Found',
                'appcode': 50010,
                'apperror': 'No such namespace',
                'message': "50010 No such namespace: ['plub']"
            }
        })
    assert r.status_code == 404

    # delete mappings
    r = requests.delete('http://localhost:' + service_port +
                        '/api/v1/mapping/priv/pub',
                        headers={
                            'Authorization': 'local ' + lut.token,
                            'content-type': 'x-www-form-urlencoded'
                        },
                        data=json.dumps({
                            'id1': 'id7',
                            'id3': 'id4',
                            'id5': 'id6'
                        }))

    assert r.status_code == 204

    # get mappings
    r = requests.get('http://localhost:' + service_port +
                     '/api/v1/mapping/pub',
                     headers={'Authorization': 'local ' + lut.token},
                     data=json.dumps({'ids': ['id2', 'id4']}))

    assert r.json() == {
        'id2': {
            'mappings': [{
                'ns': 'priv',
                'id': 'id1'
            }]
        },
        'id4': {
            'mappings': []
        }
    }

    # fail delete mappings
    r = requests.delete('http://localhost:' + service_port +
                        '/api/v1/mapping/pub/priv',
                        headers={
                            'Authorization': 'local ' + lut.token,
                            'content-type': 'x-www-form-urlencoded'
                        },
                        data=json.dumps({'id2': 'id1'}))

    assert_json_error_correct(
        r.json(), {
            'error': {
                'httpcode':
                403,
                'httpstatus':
                'Forbidden',
                'appcode':
                20000,
                'apperror':
                'Unauthorized',
                'message':
                ('20000 Unauthorized: User local/lu may not administrate ' +
                 'namespace pub')
            }
        })
    assert r.status_code == 403

    # test mapping to same namespace
    r = requests.put('http://localhost:' + service_port +
                     '/api/v1/mapping/priv/priv',
                     headers={'Authorization': 'local ' + lut.token},
                     data=json.dumps({'id20': 'id21'}))

    assert r.status_code == 204

    # get mappings
    r = requests.get('http://localhost:' + service_port +
                     '/api/v1/mapping/priv?separate',
                     headers={'Authorization': 'local ' + lut.token},
                     data=json.dumps({'ids': ['id1', 'id21', 'id20']}))

    assert r.json() == {
        'id1': {
            'admin': [{
                'ns': 'pub',
                'id': 'id2'
            }],
            'other': []
        },
        'id21': {
            'other': [{
                'ns': 'priv',
                'id': 'id20'
            }],
            'admin': []
        },
        'id20': {
            'other': [],
            'admin': [{
                'ns': 'priv',
                'id': 'id21'
            }]
        }
    }
Ejemplo n.º 5
0
def test_add_remove_user(service_port, mongo):
    storage = get_storage_instance(mongo)

    lut = Token('foobar')

    storage.create_local_user(Username('lu'), lut.get_hashed_token())
    storage.set_local_user_as_admin(Username('lu'), True)
    storage.create_namespace(NamespaceID('myns'))

    # add a user
    # tests integration with all parts of the kbase user handler
    with requests_mock.Mocker(real_http=True) as m:
        m.get(KBASE_URL + '/api/V2/token',
              request_headers={'Authorization': 'mytoken'},
              json={
                  'user': '******',
                  'expires': 4800,
                  'cachefor': 5600
              })

        m.get(KBASE_URL + '/api/V2/me',
              request_headers={'Authorization': 'mytoken'},
              json={'customroles': [KBASE_ADMIN_ROLE]})

        m.get(KBASE_URL + '/api/V2/users/?list=imauser',
              request_headers={'Authorization': KBASE_TOKEN},
              json={'imauser': '******'})

        r = requests.put('http://localhost:' + service_port +
                         '/api/v1/namespace/myns/user/kbase/imauser',
                         headers={'Authorization': 'kbase mytoken'})

    assert r.status_code == 204

    # check the user is there
    r = requests.get('http://localhost:' + service_port +
                     '/api/v1/namespace/myns',
                     headers={'Authorization': 'local ' + lut.token})

    assert r.json() == {
        'namespace': 'myns',
        'publicly_mappable': False,
        'users': ['kbase/imauser']
    }

    # fail adding the same user. The KBase info is cached now so we don't need to mock it again
    r = requests.put('http://localhost:' + service_port +
                     '/api/v1/namespace/myns/user/kbase/imauser',
                     headers={'Authorization': 'kbase mytoken'})

    assert_json_error_correct(
        r.json(), {
            'error': {
                'httpcode':
                400,
                'httpstatus':
                'Bad Request',
                'appcode':
                40000,
                'apperror':
                'User already exists',
                'message':
                ('40000 User already exists: User kbase/imauser already ' +
                 'administrates namespace myns')
            }
        })
    assert r.status_code == 400

    # remove the user using a local admin
    r = requests.delete('http://localhost:' + service_port +
                        '/api/v1/namespace/myns/user/kbase/imauser',
                        headers={'Authorization': 'local ' + lut.token})

    assert r.status_code == 204

    # check the user is gone
    r = requests.get('http://localhost:' + service_port +
                     '/api/v1/namespace/myns',
                     headers={'Authorization': 'local ' + lut.token})

    assert r.json() == {
        'namespace': 'myns',
        'publicly_mappable': False,
        'users': []
    }

    # fail removing the user with a kbase admin
    r = requests.delete('http://localhost:' + service_port +
                        '/api/v1/namespace/myns/user/kbase/imauser',
                        headers={'Authorization': 'kbase mytoken'})

    assert_json_error_correct(
        r.json(), {
            'error': {
                'httpcode':
                404,
                'httpstatus':
                'Not Found',
                'appcode':
                50000,
                'apperror':
                'No such user',
                'message':
                ('50000 No such user: User kbase/imauser does not ' +
                 'administrate namespace myns')
            }
        })
    assert r.status_code == 404
Ejemplo n.º 6
0
 def get_user(
         self,
         token: Token) -> Tuple[User, bool, Optional[int], Optional[int]]:
     not_none(token, 'token')
     username, admin = self._store.get_user(token.get_hashed_token())
     return (User(self.LOCAL, username), admin, None, 300)