def test_get_requests(self):
ad0 = AuthzDescription(resource_set_id='rsid0',
scopes=['read', 'write'])
ad1 = AuthzDescription(resource_set_id='rsid0',
scopes=['read', 'exec'])
self.perm_db.set('alice', 'rpt0', ad0)
self.perm_db.set('alice', 'rpt1', ad1)
_spec = self.perm_db.keys('alice')
assert _eq(_spec, ['rpt0', 'rpt1'])
def test_alice_client_read(tmpdir):
root_dir = os.path.join(tmpdir.strpath, "resource/")
jrs = JsonResourceServer(root_dir, "info/", "https://example.com")
create_alice_resource(jrs)
body = json.dumps({"bar": "soap"})
environ = {
"REQUEST_METHOD": "GET",
"REMOTE_USER": "******",
'wsgi.input': StringIO(body),
"CONTENT_LENGTH": len(body)
}
ad = AuthzDescription(resource_set_id=0,
scopes=DEF_SCOPES,
expires_at=epoch_in_a_while(minutes=45))
ir = IntrospectionResponse(valid=True,
expires_at=epoch_in_a_while(minutes=45),
issued_at=utc_time_sans_frac,
permissions=[ad])
resp = jrs.do("info/alice/1", environ, permission=ir)
assert not isinstance(resp, ErrorResponse)
assert isinstance(resp, Response)
def test_roger_patch(tmpdir):
root_dir = os.path.join(tmpdir.strpath, "resource/")
jrs = JsonResourceServer(root_dir, "info/", "https://example.com")
create_alice_resource(jrs)
body = json.dumps({"bar": "soap"})
environ = {
"REQUEST_METHOD": "PATCH",
"REMOTE_USER": "******",
'wsgi.input': StringIO(body),
"CONTENT_LENGTH": len(body)
}
ad = AuthzDescription(resource_set_id=0,
scopes=[
"http://dirg.org.umu.se/uma/scopes/read",
"http://dirg.org.umu.se/uma/scopes/patch"
],
expires_at=epoch_in_a_while(minutes=45))
ir = IntrospectionResponse(valid=True,
expires_at=epoch_in_a_while(minutes=45),
issued_at=utc_time_sans_frac,
permissions=[ad])
resp = jrs.do("info/alice/1", environ, permission=ir)
assert not isinstance(resp, ErrorResponse)
assert resp.message == '{"_id": "1"}'
def test_delete_request_by_resource_id(self):
ad0 = AuthzDescription(resource_set_id='rsid0',
scopes=['read', 'write'])
ad1 = AuthzDescription(resource_set_id='rsid1',
scopes=['read', 'exec'])
self.perm_db.set('alice', 'rpt_roger', ad0)
self.perm_db.set('alice', 'rpt_bob1', ad0)
self.perm_db.set('alice', 'rpt_bob2', ad1)
self.perm_db.delete_rsid('alice', 'rsid0')
_spec = self.perm_db.keys('alice')
assert _spec == ['rpt_bob2']
_spec = self.perm_db.get('alice', 'rpt_bob2')
assert len(_spec) == 1
def register_permission(self, owner, rpt, rsid, scopes):
now = utc_time_sans_frac()
perm = AuthzDescription(resource_set_id=rsid,
scopes=scopes,
exp=now + self.session.lifetime,
iat=now)
self.permit.set_accepted(owner, rpt, perm)
def test_permisson_get(self):
ad = AuthzDescription(resource_set_id='rsid0',
scopes=['read', 'write'])
self.perm_db.set('alice', 'rpt', ad)
_spec = self.perm_db.get('alice', 'rpt')
assert _spec[0]["scopes"] == ['read', 'write']
assert _spec[0]['resource_set_id'] == 'rsid0'
def test_permisson_get_fail(self):
ad = AuthzDescription(resource_set_id='rsid', scopes=['read', 'write'])
self.perm_db.set('alice', 'rpt', ad)
with pytest.raises(KeyError):
self.perm_db.get('alice', 'rsid')
with pytest.raises(KeyError):
self.perm_db.get('alice', 'xxxx')
def register_permission(self, owner, rpt, rsid, scopes):
"""
:param owner: Resource owner
:param rpt: Requesting party token
:param rsid: Resource set id
:param scopes: list of scopes
"""
now = utc_time_sans_frac()
authz = AuthzDescription(resource_set_id=rsid, scopes=scopes,
exp=now + self.authzdesc_lifetime,
iat=now)
self.permit.set(owner, rpt, authz)
def test_roger_read(tmpdir):
root_dir = os.path.join(tmpdir.strpath, "resource/")
jrs = JsonResourceServer(root_dir, "info/", "https://example.com")
create_alice_resource(jrs)
environ = {"REQUEST_METHOD": "GET", "REMOTE_USER": "******"}
ad = AuthzDescription(resource_set_id=0,
scopes=["http://dirg.org.umu.se/uma/scopes/read"],
expires_at=epoch_in_a_while(minutes=45))
ir = IntrospectionResponse(valid=True,
expires_at=epoch_in_a_while(minutes=45),
issued_at=utc_time_sans_frac,
permissions=[ad])
resp = jrs.do("info/alice/1", environ, permission=ir)
assert not isinstance(resp, ErrorResponse)
assert resp.message in [
'{"foo": "bar", "_id": 1}', '{"_id": 1, "foo": "bar"}'
]
def test_roger_create():
jrs = JsonResourceServer("resource/", "info/", "https://example.com")
body = json.dumps({"bar": "soap"})
environ = {
"REQUEST_METHOD": "POST",
"REMOTE_USER": "******",
'wsgi.input': StringIO(body),
"CONTENT_LENGTH": len(body)
}
ad = AuthzDescription(resource_set_id=0,
scopes=["http://dirg.org.umu.se/uma/scopes/read"],
expires_at=epoch_in_a_while(minutes=45))
ir = IntrospectionResponse(valid=True,
expires_at=epoch_in_a_while(minutes=45),
issued_at=utc_time_sans_frac,
permissions=[ad])
resp = jrs.do("info/alice/1", environ, permission=ir)
assert isinstance(resp, ErrorResponse)
def test_1():
authz_db = AuthzDB(AuthzDescription, DB_NAME, COLLECTION)
authz_db.restart(COLLECTION)
rsd = AuthzDescription(
resource_set_id="https://idp.catalogix.se/id/[email protected]",
entity="https://lingon.ladok.umu.se:8087/sp.xml",
scopes=[
"%s/givenName/Roland" % ATTR,
"%s/surName/Hedberg" % ATTR,
"%s/displayName/Roland%%20Hedberg" % ATTR,
"%s/cn/Roland%%20Hedberg" % ATTR,
"%s/eduPersonScopedAffiliation/[email protected]" % ATTR,
"%s/eduPersonScopedAffiliation/[email protected]" % ATTR,
"%s/eduPersonScopedAffiliation/[email protected]" % ATTR
],
)
rid = authz_db.store(rsd.to_json())
item = authz_db.read(rid)
assert item
assert isinstance(item, AuthzDescription)
for key, val in list(rsd.items()):
assert key in item
assert item[key] == val
try:
authz_db.read("phoney")
assert False
except UnknownObject:
pass
except BSONError:
pass
res = authz_db.match(
resource_set_id="https://idp.catalogix.se/id/[email protected]",
entity="https://lingon.ladok.umu.se:8087/sp.xml")
assert res
res = authz_db.match(
resource_set_id="https://idp.catalogix.se/id/[email protected]",
entity="https://lingon.ladok.umu.se:8087/sp.xml",
scopes=["%s/givenName/Roland" % ATTR])
assert res
res = authz_db.match(
resource_set_id="https://idp.catalogix.se/id/[email protected]",
entity="https://lingon.ladok.umu.se:8087/sp.xml",
scopes=["%s/sn/Magnusson" % ATTR])
assert res is False
res = authz_db.match(
resource_set_id="https://idp.catalogix.se/id/[email protected]",
entity="https://lingon.catalogix.se:8087/sp.xml")
assert res is False
def construct_authz_desc(rsid, scopes, lifetime=3600):
now = utc_time_sans_frac()
return AuthzDescription(resource_set_id=rsid,
scopes=scopes,
exp=now + lifetime,
iat=now)