def test_delete_identity_of_account(self):
""" ACCOUNT (REST): send a DELETE to remove an identity of an account."""
mw = []
account = account_name_generator()
identity = uuid()
password = '******'
add_account(account, 'USER', '*****@*****.**', 'root', **self.vo)
add_identity(identity, IdentityType.USERPASS, '*****@*****.**', password)
add_account_identity(identity, IdentityType.USERPASS, InternalAccount(account, **self.vo), '*****@*****.**')
headers1 = {'X-Rucio-Account': account, 'X-Rucio-Username': identity, 'X-Rucio-Password': password}
headers1.update(self.vo_header)
res1 = TestApp(auth_app.wsgifunc(*mw)).get('/userpass', headers=headers1, expect_errors=True)
token = str(res1.header('X-Rucio-Auth-Token'))
# normal deletion
headers2 = {'X-Rucio-Auth-Token': str(token)}
data = dumps({'authtype': 'USERPASS', 'identity': identity})
res2 = TestApp(account_app.wsgifunc(*mw)).delete('/' + account + '/identities', headers=headers2, params=data, expect_errors=True)
assert_equal(res2.status, 200)
# unauthorized deletion
other_account = account_name_generator()
headers2 = {'X-Rucio-Auth-Token': str(token)}
data = dumps({'authtype': 'USERPASS', 'identity': identity})
res2 = TestApp(account_app.wsgifunc(*mw)).delete('/' + other_account + '/identities', headers=headers2, params=data, expect_errors=True)
assert_equal(res2.status, 401)
def test_update_nonexisting_subscription(self):
""" SUBSCRIPTION (REST): Test the update of a non-existing subscription """
mw = []
headers1 = {
'X-Rucio-Account': 'root',
'X-Rucio-Username': '******',
'X-Rucio-Password': '******'
}
res1 = TestApp(auth_app.wsgifunc(*mw)).get('/userpass',
headers=headers1,
expect_errors=True)
assert_equal(res1.status, 200)
token = str(res1.header('X-Rucio-Auth-Token'))
subscription_name = uuid()
headers2 = {'X-Rucio-Auth-Token': str(token)}
data = dumps({'options': {
'filter': {
'project': [
'toto',
]
}
}})
res2 = TestApp(subs_app.wsgifunc(*mw)).put('/root/' +
subscription_name,
headers=headers2,
params=data,
expect_errors=True)
assert_equal(res2.status, 404)
assert_equal(res2.header('ExceptionClass'), 'SubscriptionNotFound')
def test_userpass(self):
""" ACCOUNT (REST): send a POST to add an identity to an account."""
mw = []
account = 'root'
headers1 = {
'X-Rucio-Account': account,
'X-Rucio-Username': '******',
'X-Rucio-Password': '******'
}
res1 = TestApp(auth_app.wsgifunc(*mw)).get('/userpass',
headers=headers1,
expect_errors=True)
assert_equal(res1.status, 200)
token = str(res1.header('X-Rucio-Auth-Token'))
username = uuid()
password = '******'
# normal addition
headers2 = {
'X-Rucio-Auth-Token': str(token),
'X-Rucio-Username': username,
'X-Rucio-Password': password,
'X-Rucio-Email': 'email'
}
res2 = TestApp(identity_app.wsgifunc(*mw)).put('/' + account +
'/userpass',
headers=headers2,
expect_errors=True)
assert_equal(res2.status, 201)
def test_add_attribute(self):
""" ACCOUNT (REST): add/get/delete attribute."""
mw = []
headers1 = {'X-Rucio-Account': 'root', 'X-Rucio-Username': '******', 'X-Rucio-Password': '******'}
headers1.update(self.vo_header)
res1 = TestApp(auth_app.wsgifunc(*mw)).get('/userpass', headers=headers1, expect_errors=True)
assert_equal(res1.status, 200)
token = str(res1.header('X-Rucio-Auth-Token'))
acntusr = account_name_generator()
headers2 = {'X-Rucio-Auth-Token': str(token)}
data = dumps({'type': 'USER', 'email': '*****@*****.**'})
res2 = TestApp(account_app.wsgifunc(*mw)).post('/' + acntusr, headers=headers2, params=data, expect_errors=True)
assert_equal(res2.status, 201)
key = account_name_generator()
value = "true"
data = dumps({'key': key, 'value': value})
res3 = TestApp(account_app.wsgifunc(*mw)).post('/{0}/attr/{1}'.format(acntusr, key), headers=headers2, params=data, expect_errors=True)
assert_equal(res3.status, 201)
res4 = TestApp(account_app.wsgifunc(*mw)).get('/' + acntusr + '/attr/', headers=headers2, expect_errors=True)
assert_equal(res4.status, 200)
res5 = TestApp(account_app.wsgifunc(*mw)).delete('/{0}/attr/{1}'.format(acntusr, key), headers=headers2, params=data, expect_errors=True)
assert_equal(res5.status, 200)
def test_update_account(self):
""" ACCOUNT (REST): send a PUT to update an account."""
mw = []
headers1 = {'X-Rucio-Account': 'root', 'X-Rucio-Username': '******', 'X-Rucio-Password': '******'}
headers1.update(self.vo_header)
res1 = TestApp(auth_app.wsgifunc(*mw)).get('/userpass', headers=headers1, expect_errors=True)
assert_equal(res1.status, 200)
token = str(res1.header('X-Rucio-Auth-Token'))
acntusr = account_name_generator()
headers2 = {'X-Rucio-Auth-Token': str(token)}
data = dumps({'type': 'USER', 'email': '*****@*****.**'})
res2 = TestApp(account_app.wsgifunc(*mw)).post('/' + acntusr, headers=headers2, params=data, expect_errors=True)
assert_equal(res2.status, 201)
data = dumps({'status': 'SUSPENDED', 'email': 'test'})
headers3 = {'X-Rucio-Auth-Token': str(token)}
res3 = TestApp(account_app.wsgifunc(*mw)).put('/' + acntusr, headers=headers3, params=data, expect_errors=True)
assert_equal(res3.status, 200)
headers4 = {'X-Rucio-Auth-Token': str(token)}
res4 = TestApp(account_app.wsgifunc(*mw)).get('/' + acntusr, headers=headers4, expect_errors=True)
body = loads(res4.body.decode())
assert_equal(body['status'], 'SUSPENDED')
assert_equal(body['email'], 'test')
assert_equal(res4.status, 200)
def test_list_scope_no_scopes(self):
""" SCOPE (REST): send a GET list all scopes for one account without scopes """
mw = []
headers1 = {
'X-Rucio-Account': 'root',
'X-Rucio-Username': '******',
'X-Rucio-Password': '******'
}
res1 = TestApp(auth_app.wsgifunc(*mw)).get('/userpass',
headers=headers1,
expect_errors=True)
assert_equal(res1.status, 200)
token = str(res1.header('X-Rucio-Auth-Token'))
headers2 = {'X-Rucio-Auth-Token': str(token)}
acntusr = account_name_generator()
data = dumps({'type': 'USER', 'email': '*****@*****.**'})
res2 = TestApp(account_app.wsgifunc(*mw)).post('/' + acntusr,
headers=headers2,
params=data,
expect_errors=True)
assert_equal(res2.status, 201)
headers3 = {'X-Rucio-Auth-Token': str(token)}
res4 = TestApp(account_app.wsgifunc(*mw)).get('/%s/scopes/' %
(acntusr),
headers=headers3,
params=data,
expect_errors=True)
assert_equal(res4.status, 404)
assert_equal(res4.header('ExceptionClass'), 'ScopeNotFound')
def test_del_user_success(self):
""" ACCOUNT (REST): send a DELETE to disable the new user """
mw = []
headers1 = {'X-Rucio-Account': 'root', 'X-Rucio-Username': '******', 'X-Rucio-Password': '******'}
headers1.update(self.vo_header)
res1 = TestApp(auth_app.wsgifunc(*mw)).get('/userpass', headers=headers1, expect_errors=True)
assert_equal(res1.status, 200)
token = str(res1.header('X-Rucio-Auth-Token'))
acntusr = account_name_generator()
headers2 = {'X-Rucio-Auth-Token': str(token)}
data = dumps({'type': 'USER', 'email': '*****@*****.**'})
res2 = TestApp(account_app.wsgifunc(*mw)).post('/' + acntusr, headers=headers2, params=data, expect_errors=True)
assert_equal(res2.status, 201)
headers3 = {'X-Rucio-Auth-Token': str(token)}
res3 = TestApp(account_app.wsgifunc(*mw)).delete('/' + acntusr, headers=headers3, expect_errors=True)
assert_equal(res3.status, 200)
headers4 = {'X-Rucio-Auth-Token': str(token)}
res4 = TestApp(account_app.wsgifunc(*mw)).get('/' + acntusr, headers=headers4, expect_errors=True)
body = loads(res4.body.decode())
assert_true(body['status'] == AccountStatus.DELETED.description) # pylint: disable=no-member
assert_equal(res3.status, 200)
def get_auth_token(account, username, password):
""" Get's an authentication token from the server
:param account: the account authenticating
:param username:the username linked to the account
:param password: the password linked to the account
:returns: the authentication token
"""
if config_get_bool('common',
'multi_vo',
raise_exception=False,
default=False):
vo_header = {
'X-Rucio-VO':
config_get('client', 'vo', raise_exception=False, default='tst')
}
else:
vo_header = {}
from rucio.web.rest.authentication import APP as auth_app
mw = []
header = {
'Rucio-Account': account,
'Rucio-Username': username,
'Rucio-Password': password
}
header.update(vo_header)
r1 = TestApp(auth_app.wsgifunc(*mw)).get('/userpass',
headers=header,
expect_errors=True)
token = str(r1.header('Rucio-Auth-Token'))
return token
def test_scope_success(self):
""" SCOPE (REST): send a POST to create a new account and scope """
mw = []
headers1 = {
'X-Rucio-Account': 'root',
'X-Rucio-Username': '******',
'X-Rucio-Password': '******'
}
res1 = TestApp(auth_app.wsgifunc(*mw)).get('/userpass',
headers=headers1,
expect_errors=True)
assert_equal(res1.status, 200)
token = str(res1.header('X-Rucio-Auth-Token'))
headers2 = {'X-Rucio-Auth-Token': str(token)}
acntusr = account_name_generator()
data = dumps({'type': 'USER', 'email': 'rucio.email.com'})
res2 = TestApp(account_app.wsgifunc(*mw)).post('/' + acntusr,
headers=headers2,
params=data,
expect_errors=True)
assert_equal(res2.status, 201)
headers3 = {'X-Rucio-Auth-Token': str(token)}
scopeusr = scope_name_generator()
res3 = TestApp(account_app.wsgifunc(*mw)).post('/%s/scopes/%s' %
(acntusr, scopeusr),
headers=headers3,
expect_errors=True)
assert_equal(res3.status, 201)
def test_get_user_success(self):
""" ACCOUNT (REST): send a GET to retrieve the infos of the new user """
mw = []
headers1 = {
'X-Rucio-Account': 'root',
'X-Rucio-Username': '******',
'X-Rucio-Password': '******'
}
headers1.update(self.vo_header)
res1 = TestApp(auth_app.wsgifunc(*mw)).get('/userpass',
headers=headers1,
expect_errors=True)
assert res1.status == 200
token = str(res1.header('X-Rucio-Auth-Token'))
acntusr = account_name_generator()
headers2 = {'X-Rucio-Auth-Token': str(token)}
data = dumps({'type': 'USER', 'email': '*****@*****.**'})
res2 = TestApp(account_app.wsgifunc(*mw)).post('/' + acntusr,
headers=headers2,
params=data,
expect_errors=True)
assert res2.status == 201
headers3 = {'X-Rucio-Auth-Token': str(token)}
res3 = TestApp(account_app.wsgifunc(*mw)).get('/' + acntusr,
headers=headers3,
expect_errors=True)
body = loads(res3.body.decode())
assert body['account'] == acntusr
assert res3.status == 200
def test_create_and_update_and_list_subscription(self):
""" SUBSCRIPTION (REST): Test the creation of a new subscription, update it, list it """
mw = []
headers1 = {'X-Rucio-Account': 'root', 'X-Rucio-Username': '******', 'X-Rucio-Password': '******'}
res1 = TestApp(auth_app.wsgifunc(*mw)).get('/userpass', headers=headers1, expect_errors=True)
assert_equal(res1.status, 200)
token = str(res1.header('X-Rucio-Auth-Token'))
subscription_name = uuid()
headers2 = {'X-Rucio-Auth-Token': str(token)}
data = dumps({'options': {'filter': {'project': self.projects, 'datatype': ['AOD', ], 'excluded_pattern': self.pattern1, 'account': ['tier0', ]},
'replication_rules': [{'lifetime': 86400, 'rse_expression': 'MOCK|MOCK2', 'copies': 2, 'activity': 'Data Brokering'}],
'lifetime': 100000, 'retroactive': 0, 'dry_run': 0, 'comments': 'blahblah'}})
res2 = TestApp(subs_app.wsgifunc(*mw)).post('/root/%s' % (subscription_name), headers=headers2, params=data, expect_errors=True)
assert_equal(res2.status, 201)
data = dumps({'options': {'filter': {'project': ['toto', ]}}})
res3 = TestApp(subs_app.wsgifunc(*mw)).put('/root/%s' % (subscription_name), headers=headers2, params=data, expect_errors=True)
assert_equal(res3.status, 201)
res4 = TestApp(subs_app.wsgifunc(*mw)).get('/root/%s' % (subscription_name), headers=headers2, expect_errors=True)
assert_equal(res4.status, 200)
assert_equal(loads(loads(res4.body)['filter'])['project'][0], 'toto')
def test_create_user_not_json_dict(self):
""" ACCOUNT (REST): send a POST with a non dictionary json body"""
mw = []
headers = {
'X-Rucio-Account': 'root',
'X-Rucio-Username': '******',
'X-Rucio-Password': '******'
}
headers.update(self.vo_header)
res = TestApp(auth_app.wsgifunc(*mw)).get('/userpass',
headers=headers,
expect_errors=True)
assert res.status == 200
token = str(res.header('X-Rucio-Auth-Token'))
headers = {'X-Rucio-Auth-Token': str(token)}
data = dumps(('account', 'account'))
res = TestApp(account_app.wsgifunc(*mw)).post('/testaccount',
headers=headers,
params=data,
expect_errors=True)
assert res.header('ExceptionClass') == 'TypeError'
assert loads(res.normal_body.decode()) == {
"ExceptionMessage": "body must be a json dictionary",
"ExceptionClass": "TypeError"
}
assert res.status == 400
def test_create_user_missing_parameter(self):
""" ACCOUNT (REST): send a POST with a missing parameter"""
mw = []
headers = {
'X-Rucio-Account': 'root',
'X-Rucio-Username': '******',
'X-Rucio-Password': '******'
}
headers.update(self.vo_header)
res = TestApp(auth_app.wsgifunc(*mw)).get('/userpass',
headers=headers,
expect_errors=True)
assert res.status == 200
token = str(res.header('X-Rucio-Auth-Token'))
headers = {'X-Rucio-Auth-Token': str(token)}
data = dumps({})
ret = TestApp(account_app.wsgifunc(*mw)).post('/account',
headers=headers,
params=data,
expect_errors=True)
assert ret.header('ExceptionClass') == 'KeyError'
assert loads(ret.normal_body.decode()) == {
"ExceptionMessage": "\'type\' not defined",
"ExceptionClass": "KeyError"
}
assert ret.status == 400
def test_create_user_failure(self):
""" ACCOUNT (REST): send a POST with an existing user to test the error case """
mw = []
headers1 = {
'X-Rucio-Account': 'root',
'X-Rucio-Username': '******',
'X-Rucio-Password': '******'
}
headers1.update(self.vo_header)
res1 = TestApp(auth_app.wsgifunc(*mw)).get('/userpass',
headers=headers1,
expect_errors=True)
assert res1.status == 200
token = str(res1.header('X-Rucio-Auth-Token'))
headers = {'X-Rucio-Auth-Token': str(token)}
data = dumps({'type': 'USER', 'email': '*****@*****.**'})
res1 = TestApp(account_app.wsgifunc(*mw)).post('/jdoe',
headers=headers,
params=data,
expect_errors=True)
res1 = TestApp(account_app.wsgifunc(*mw)).post('/jdoe',
headers=headers,
params=data,
expect_errors=True)
assert res1.status == 409
def test_create_user_non_json_body(self):
""" ACCOUNT (REST): send a POST with a non json body"""
mw = []
headers = {
'X-Rucio-Account': 'root',
'X-Rucio-Username': '******',
'X-Rucio-Password': '******'
}
res = TestApp(auth_app.wsgifunc(*mw)).get('/userpass',
headers=headers,
expect_errors=True)
assert_equal(res.status, 200)
token = str(res.header('X-Rucio-Auth-Token'))
headers = {'X-Rucio-Auth-Token': str(token)}
data = {'type': 'USER'}
ret = TestApp(account_app.wsgifunc(*mw)).post('/testuser',
headers=headers,
params=data,
expect_errors=True)
assert_equal(ret.header('ExceptionClass'), 'ValueError')
assert_equal(
ret.normal_body,
'{"ExceptionMessage": "cannot decode json parameter dictionary", "ExceptionClass": "ValueError"}'
)
assert_equal(ret.status, 400)
def test_add_identity_to_account(self):
""" ACCOUNT (REST): send a POST to add an identity to an account."""
mw = []
account = 'root'
headers1 = {'X-Rucio-Account': account, 'X-Rucio-Username': '******', 'X-Rucio-Password': '******'}
headers1.update(self.vo_header)
res1 = TestApp(auth_app.wsgifunc(*mw)).get('/userpass', headers=headers1, expect_errors=True)
assert_equal(res1.status, 200)
token = str(res1.header('X-Rucio-Auth-Token'))
identity = uuid()
# normal addition
headers2 = {'X-Rucio-Auth-Token': str(token)}
data = dumps({'authtype': 'USERPASS', 'email': '*****@*****.**', 'password': '******', 'identity': identity})
res2 = TestApp(account_app.wsgifunc(*mw)).post('/' + account + '/identities', headers=headers2, params=data, expect_errors=True)
assert_equal(res2.status, 201)
# duplicate identity
res4 = TestApp(account_app.wsgifunc(*mw)).post('/' + account + '/identities', headers=headers2, params=data, expect_errors=True)
assert_equal(res4.status, 409)
# missing password
identity = uuid()
data = dumps({'authtype': 'USERPASS', 'email': '*****@*****.**', 'identity': identity})
res3 = TestApp(account_app.wsgifunc(*mw)).post('/' + account + '/identities', headers=headers2, params=data, expect_errors=True)
assert_equal(res3.status, 400)
def test_userpass_success(self):
"""AUTHENTICATION (REST): Username and password (correct credentials)."""
options = []
headers = {'X-Rucio-Account': 'root', 'X-Rucio-Username': '******', 'X-Rucio-Password': '******'}
headers.update(self.vo_header)
result = TestApp(APP.wsgifunc(*options)).get('/userpass', headers=headers, expect_errors=True)
assert_equal(result.status, 200)
assert_greater(len(result.header('X-Rucio-Auth-Token')), 32)
def test_bad_replica_methods_for_UI(self):
""" REPLICA (REST): Test the listing of bad and suspicious replicas """
mw = []
headers1 = {'X-Rucio-Account': 'root', 'X-Rucio-Username': '******', 'X-Rucio-Password': '******'}
r1 = TestApp(auth_app.wsgifunc(*mw)).get('/userpass', headers=headers1, expect_errors=True)
assert_equal(r1.status, 200)
token = str(r1.header('X-Rucio-Auth-Token'))
headers2 = {'X-Rucio-Auth-Token': str(token)}
data = dumps({})
r2 = TestApp(rep_app.wsgifunc(*mw)).get('/bad/states', headers=headers2, params=data, expect_errors=True)
assert_equal(r2.status, 200)
tot_files = []
for line in r2.body.split('\n'):
if line != '':
tot_files.append(dumps(line))
nb_tot_files = len(tot_files)
data = dumps({'state': 'B'})
r2 = TestApp(rep_app.wsgifunc(*mw)).get('/bad/states', headers=headers2, params=data, expect_errors=True)
assert_equal(r2.status, 200)
tot_bad_files = []
for line in r2.body.split('\n'):
if line != '':
tot_bad_files.append(dumps(line))
nb_tot_bad_files1 = len(tot_bad_files)
data = dumps({'state': 'S', 'list_pfns': 'True'})
r2 = TestApp(rep_app.wsgifunc(*mw)).get('/bad/states', headers=headers2, params=data, expect_errors=True)
assert_equal(r2.status, 200)
tot_suspicious_files = []
for line in r2.body.split('\n'):
if line != '':
tot_suspicious_files.append(dumps(line))
nb_tot_suspicious_files = len(tot_suspicious_files)
assert_equal(nb_tot_files, nb_tot_bad_files1 + nb_tot_suspicious_files)
tomorrow = datetime.utcnow() + timedelta(days=1)
data = dumps({'state': 'B', 'younger_than': tomorrow.isoformat()})
r2 = TestApp(rep_app.wsgifunc(*mw)).get('/bad/states', headers=headers2, params=data, expect_errors=True)
assert_equal(r2.status, 200)
tot_bad_files = []
for line in r2.body.split('\n'):
if line != '':
tot_bad_files.append(dumps(line))
nb_tot_bad_files = len(tot_bad_files)
assert_equal(nb_tot_bad_files, 0)
data = dumps({})
r2 = TestApp(rep_app.wsgifunc(*mw)).get('/bad/summary', headers=headers2, params=data, expect_errors=True)
assert_equal(r2.status, 200)
nb_tot_bad_files2 = 0
for line in r2.body.split('\n'):
if line != '':
line = loads(line)
nb_tot_bad_files2 += int(line['BAD'])
assert_equal(nb_tot_bad_files1, nb_tot_bad_files2)
def test_auth_ssh(self):
""" MULTI VO (REST): Test ssh authentication to multiple VOs """
mw = []
try:
add_account_identity(PUBLIC_KEY, 'SSH', 'root', '*****@*****.**', 'root', **self.vo)
add_account_identity(PUBLIC_KEY, 'SSH', 'root', '*****@*****.**', 'root', **self.new_vo)
except Duplicate:
pass # Might already exist, can skip
headers_tst = {'X-Rucio-Account': 'root'}
headers_tst.update(self.vo_header)
res_tst = TestApp(auth_app.wsgifunc(*mw)).get('/ssh_challenge_token', headers=headers_tst, expect_errors=True)
assert_equal(res_tst.status, 200)
challenge_tst = str(res_tst.header('X-Rucio-SSH-Challenge-Token'))
headers_tst.update({'X-Rucio-SSH-Signature': ssh_sign(PRIVATE_KEY, challenge_tst)})
res_tst = TestApp(auth_app.wsgifunc(*mw)).get('/ssh', headers=headers_tst, expect_errors=True)
assert_equal(res_tst.status, 200)
token_tst = str(res_tst.header('X-Rucio-Auth-Token'))
headers_new = {'X-Rucio-Account': 'root'}
headers_new.update(self.new_header)
res_new = TestApp(auth_app.wsgifunc(*mw)).get('/ssh_challenge_token', headers=headers_new, expect_errors=True)
assert_equal(res_new.status, 200)
challenge_tst = str(res_new.header('X-Rucio-SSH-Challenge-Token'))
headers_new.update({'X-Rucio-SSH-Signature': ssh_sign(PRIVATE_KEY, challenge_tst)})
res_new = TestApp(auth_app.wsgifunc(*mw)).get('/ssh', headers=headers_new, expect_errors=True)
assert_equal(res_new.status, 200)
token_new = str(res_new.header('X-Rucio-Auth-Token'))
headers_tst = {'X-Rucio-Auth-Token': str(token_tst)}
res_tst = TestApp(account_app.wsgifunc(*mw)).get('/', headers=headers_tst, expect_errors=True)
assert_equal(res_tst.status, 200)
accounts_tst = [parse_response(a)['account'] for a in res_tst.body.decode().split('\n')[:-1]]
assert_not_equal(len(accounts_tst), 0)
assert_in(self.account_tst, accounts_tst)
assert_not_in(self.account_new, accounts_tst)
headers_new = {'X-Rucio-Auth-Token': str(token_new)}
res_new = TestApp(account_app.wsgifunc(*mw)).get('/', headers=headers_new, expect_errors=True)
assert_equal(res_new.status, 200)
accounts_new = [parse_response(a)['account'] for a in res_new.body.decode().split('\n')[:-1]]
assert_not_equal(len(accounts_new), 0)
assert_in(self.account_new, accounts_new)
assert_not_in(self.account_tst, accounts_new)
def test_saml_fail(self):
"""AUTHENTICATION (REST): SAML Username and password (wrong credentials)."""
options = []
headers = {'X-Rucio-Account': 'root'}
headers.update(self.vo_header)
userpass = {'username': '******', 'password': '******'}
result = TestApp(APP.wsgifunc(*options)).get('/saml', headers=headers, expect_errors=True)
try:
if not result.header('X-Rucio-Auth-Token'):
SAML_auth_url = result.header('X-Rucio-SAML-Auth-URL')
result = session().post(SAML_auth_url, data=userpass, verify=False, allow_redirects=True)
result = TestApp(APP.wsgifunc(*options)).get('/saml', headers=headers, expect_errors=True)
assert_equal(result.status, 401)
except:
# FIXME: The WebUI isn't linked to CERN SSO yet so this needs to be fixed once it is linked
pass
def test_del_user_failure(self):
""" ACCOUNT (REST): send a DELETE with a wrong user to test the error """
mw = []
headers1 = {'X-Rucio-Account': 'root', 'X-Rucio-Username': '******', 'X-Rucio-Password': '******'}
res1 = TestApp(auth_app.wsgifunc(*mw)).get('/userpass', headers=headers1, expect_errors=True)
assert_equal(res1.status, 200)
token = str(res1.header('X-Rucio-Auth-Token'))
headers2 = {'X-Rucio-Auth-Token': str(token)}
res2 = TestApp(account_app.wsgifunc(*mw)).delete('/wronguser', headers=headers2, expect_errors=True)
assert_equal(res2.status, 404)
def test_userpass_fail(self):
"""AUTHENTICATION (REST): Username and password (wrong credentials)."""
options = []
headers = {
'X-Rucio-Account': 'wrong',
'X-Rucio-Username': '******',
'X-Rucio-Password': '******'
}
result = TestApp(APP.wsgifunc(*options)).get('/userpass',
headers=headers,
expect_errors=True)
assert_equal(result.status, 401)
def test_export_rest(self):
""" EXPORT (REST): Test the export of data."""
mw = []
headers1 = {'X-Rucio-Account': 'root', 'X-Rucio-Username': '******', 'X-Rucio-Password': '******'}
r1 = TestApp(auth_app.wsgifunc(*mw)).get('/userpass', headers=headers1, expect_errors=True)
token = str(r1.header('X-Rucio-Auth-Token'))
headers2 = {'X-Rucio-Type': 'user', 'X-Rucio-Account': 'root', 'X-Rucio-Auth-Token': str(token)}
r2 = TestApp(export_app.wsgifunc(*mw)).get('/', headers=headers2, expect_errors=True)
rses = export_rses()
assert_equal(r2.status, 200)
assert_equal(r2.body, render_json(**{'rses': rses, 'distances': export_distances()}))
def test_whoami_account(self):
""" ACCOUNT (REST): Test the whoami method."""
mw = []
headers1 = {'X-Rucio-Account': 'root', 'X-Rucio-Username': '******', 'X-Rucio-Password': '******'}
res1 = TestApp(auth_app.wsgifunc(*mw)).get('/userpass', headers=headers1, expect_errors=True)
assert_equal(res1.status, 200)
token = str(res1.header('X-Rucio-Auth-Token'))
headers2 = {'X-Rucio-Auth-Token': str(token)}
res2 = TestApp(account_app.wsgifunc(*mw)).get('/whoami', headers=headers2, expect_errors=True)
assert_equal(res2.status, 303)
def get_auth_token(account, username, password):
""" Get's an authentication token from the server
:param account: the account authenticating
:param username:the username linked to the account
:param password: the password linked to the account
:returns: the authentication token
"""
mw = []
header = {'Rucio-Account': account, 'Rucio-Username': username, 'Rucio-Password': password}
r1 = TestApp(auth_app.wsgifunc(*mw)).get('/userpass', headers=header, expect_errors=True)
token = str(r1.header('Rucio-Auth-Token'))
return token
def test_saml_fail(self):
"""AUTHENTICATION (REST): SAML Username and password (wrong credentials)."""
options = []
headers = {'X-Rucio-Account': 'root'}
headers.update(self.vo_header)
userpass = {'username': '******', 'password': '******'}
result = TestApp(APP.wsgifunc(*options)).get('/saml',
headers=headers,
expect_errors=True)
if not result.header('X-Rucio-Auth-Token'):
SAML_auth_url = result.header('X-Rucio-SAML-Auth-URL')
result = session().post(SAML_auth_url,
data=userpass,
verify=False,
allow_redirects=True)
result = TestApp(APP.wsgifunc(*options)).get('/saml',
headers=headers,
expect_errors=True)
assert result.status == 401
def test_list_vos_denied(self):
""" MULTI VO (REST): Test list VOs through REST layer raises AccessDenied """
mw = []
headers1 = {'X-Rucio-Account': 'root', 'X-Rucio-Username': '******', 'X-Rucio-Password': '******'}
headers1.update(self.vo_header)
res1 = TestApp(auth_app.wsgifunc(*mw)).get('/userpass', headers=headers1, expect_errors=True)
assert_equal(res1.status, 200)
token = str(res1.header('X-Rucio-Auth-Token'))
headers2 = {'X-Rucio-Auth-Token': str(token)}
res2 = TestApp(vo_app.wsgifunc(*mw)).get('/', headers=headers2, expect_errors=True)
assert_equal(res2.status, 401)
def test_list_scope(self):
""" SCOPE (REST): send a GET list all scopes for one account """
mw = []
headers1 = {
'X-Rucio-Account': 'root',
'X-Rucio-Username': '******',
'X-Rucio-Password': '******'
}
headers1.update(self.vo_header)
res1 = TestApp(auth_app.wsgifunc(*mw)).get('/userpass',
headers=headers1,
expect_errors=True)
assert res1.status == 200
token = str(res1.header('X-Rucio-Auth-Token'))
tmp_val = account_name_generator()
headers2 = {
'Rucio-Type': 'user',
'X-Rucio-Account': 'root',
'X-Rucio-Auth-Token': str(token)
}
data = dumps({'type': 'USER', 'email': '*****@*****.**'})
res2 = TestApp(account_app.wsgifunc(*mw)).post('/%s' % tmp_val,
headers=headers2,
params=data,
expect_errors=True)
assert res2.status == 201
headers3 = {'X-Rucio-Auth-Token': str(token)}
for scope in self.scopes:
data = dumps({})
res3 = TestApp(account_app.wsgifunc(*mw)).post('/%s/scopes/%s' %
(tmp_val, scope),
headers=headers3,
params=data,
expect_errors=True)
assert res3.status == 201
res4 = TestApp(account_app.wsgifunc(*mw)).get('/%s/scopes/' % tmp_val,
headers=headers3,
expect_errors=True)
assert res4.status == 200
svr_list = loads(res4.body)
for scope in self.scopes:
assert scope in svr_list
def test_ssh_success(self):
"""AUTHENTICATION (REST): SSH RSA public key exchange (correct credentials)."""
root = InternalAccount('root')
try:
add_account_identity(PUBLIC_KEY, IdentityType.SSH, root, email='*****@*****.**')
except Duplicate:
pass # might already exist, can skip
options = []
headers = {'X-Rucio-Account': 'root'}
result = TestApp(APP.wsgifunc(*options)).get('/ssh_challenge_token', headers=headers, expect_errors=True)
assert_equal(result.status, 200)
assert_in('challenge-', result.header('X-Rucio-SSH-Challenge-Token'))
signature = ssh_sign(PRIVATE_KEY, result.header('X-Rucio-SSH-Challenge-Token'))
headers = {'X-Rucio-Account': 'root', 'X-Rucio-SSH-Signature': signature}
result = TestApp(APP.wsgifunc(*options)).get('/ssh', headers=headers, expect_errors=True)
assert_equal(result.status, 200)
assert_greater(len(result.header('X-Rucio-Auth-Token')), 32)
del_account_identity(PUBLIC_KEY, IdentityType.SSH, root)
def test_scope_failure(self):
""" SCOPE (REST): send a POST to create a new scope for a not existing account to test the error"""
mw = []
headers1 = {'X-Rucio-Account': 'root', 'X-Rucio-Username': '******', 'X-Rucio-Password': '******'}
res1 = TestApp(auth_app.wsgifunc(*mw)).get('/userpass', headers=headers1, expect_errors=True)
assert_equal(res1.status, 200)
token = str(res1.header('X-Rucio-Auth-Token'))
headers2 = {'X-Rucio-Auth-Token': str(token)}
scopeusr = scope_name_generator()
account_name_generator()
res2 = TestApp(account_app.wsgifunc(*mw)).post('/%s/scopes/%s' % (scopeusr, scopeusr), headers=headers2, expect_errors=True)
assert_equal(res2.status, 404)
