def test_valid_token():
resource_id = "rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/rs.iudx.io/" + rand_rsg(
)
access_req = {
"user_email": email,
"user_role": 'consumer',
"item_id": resource_id,
"item_type": "resourcegroup",
"capabilities": ["complex", "subscription", "temporal"]
}
r = provider.provider_access([access_req])
assert r['success'] == True
assert r['status_code'] == 200
body = {}
body['request'] = [resource_id]
r = consumer.get_token(body)
assert r['success'] is True
assert r['status_code'] == 200
token = r['response']['token']
r = resource_server.introspect_token(token)
assert r['success'] is True
assert r['status_code'] == 200
response = r['response']
assert response['consumer'] == token.split('/')[1]
assert response['request'][0][
'id'] == resource_id + '/*' # since its res group
assert len(response['request'][0]['apis']) > 1
def test_token_belonging_diff_server():
resource_id = "rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/file.iudx.io/" + rand_rsg(
)
access_req = {
"user_email": email,
"user_role": 'consumer',
"item_id": resource_id,
"item_type": "resourcegroup",
"capabilities": ["download"]
}
r = provider.provider_access([access_req])
assert r['success'] == True
assert r['status_code'] == 200
body = {}
body['request'] = [resource_id]
r = consumer.get_token(body)
assert r['success'] is True
assert r['status_code'] == 200
token = r['response']['token']
r = resource_server.introspect_token(token)
assert r['success'] is False
assert r['status_code'] == 403
r = file_server.introspect_token(token)
assert r['success'] is True
assert r['status_code'] == 200
assert len(r['response']['request']) == 1
def test_different_items():
resource_id = "rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/rs.iudx.io/" + rand_rsg(
)
access_req = {
"user_email": email,
"user_role": 'consumer',
"item_id": resource_id,
"item_type": "resourcegroup",
"capabilities": ["complex", "subscription", "temporal"]
}
r = provider.provider_access([access_req])
body = {}
body['request'] = [
resource_id, resource_id + "/item-1", resource_id + "/item-2/item-3"
]
r = consumer.get_token(body)
assert r['success'] is True
assert r['status_code'] == 200
token = r['response']['token']
r = resource_server.introspect_token(token)
assert r['success'] is True
assert r['status_code'] == 200
assert len(r['response']['request']) == 3
for i in r['response']['request']:
assert i['id'] in [
resource_id + '/*', resource_id + "/item-1",
resource_id + "/item-2/item-3"
]
def test_ingester_file():
with open('../capabilities.json') as f:
caps = json.load(f)
for cap, apis in caps['file.iudx.io']['data ingester'].items():
resource_id = "rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/file.iudx.io/" + rand_rsg(
)
access_req = {
"user_email": email,
"user_role": 'data ingester',
"item_id": resource_id,
"item_type": "resourcegroup"
}
r = provider.provider_access([access_req])
assert r['success'] == True
assert r['status_code'] == 200
body = {}
body['request'] = [resource_id]
r = consumer.get_token(body)
assert r['success'] is True
assert r['status_code'] == 200
token = r['response']['token']
r = file_server.introspect_token(token)
assert r['success'] is True
assert r['status_code'] == 200
resp = r['response']
assert len(resp['request']) == 1
assert resp['request'][0]['id'] == resource_id + '/*'
assert set(resp['request'][0]['apis']) == set(apis)
def test_expired_token():
resource_id = "rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/rs.iudx.io/" + rand_rsg(
)
access_req = {
"user_email": email,
"user_role": 'consumer',
"item_id": resource_id,
"item_type": "resourcegroup",
"capabilities": ["complex", "subscription", "temporal"]
}
r = provider.provider_access([access_req])
assert r['success'] == True
assert r['status_code'] == 200
body = {}
body['request'] = [resource_id]
r = consumer.get_token(body)
assert r['success'] is True
assert r['status_code'] == 200
token = r['response']['token']
r = resource_server.introspect_token(token)
assert r['success'] is True
assert r['status_code'] == 200
assert len(r['response']['request']) == 1
s = token.split("/")
uuid = s[3]
assert expire_token(uuid) is True
r = resource_server.introspect_token(token)
assert r['success'] is False
assert r['status_code'] == 403
def test_consumer_ingester_same_resource():
with open('../capabilities.json') as f:
caps = json.load(f)
all_caps = list(caps['rs.iudx.io']['consumer'].keys())
all_apis = set()
consumer_apis = list(caps['rs.iudx.io']['consumer'].values())
ingester_apis = list(caps['rs.iudx.io']['data ingester']['default'])
for i in consumer_apis:
all_apis.update(i)
all_apis.update(ingester_apis)
resource_id = "rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/rs.iudx.io/" + rand_rsg(
)
access_req_c = {
"user_email": email,
"user_role": 'consumer',
"item_id": resource_id,
"item_type": "resourcegroup",
"capabilities": all_caps
}
access_req_di = {
"user_email": email,
"user_role": 'data ingester',
"item_id": resource_id,
"item_type": "resourcegroup"
}
r = provider.provider_access([access_req_c, access_req_di])
assert r['success'] == True
assert r['status_code'] == 200
body = {}
body['request'] = [resource_id]
r = consumer.get_token(body)
assert r['success'] is True
assert r['status_code'] == 200
token = r['response']['token']
r = resource_server.introspect_token(token)
assert r['success'] is True
assert r['status_code'] == 200
check = False
all_apis = {
str.replace('{{RESOURCE_GROUP_ID}}', resource_id)
for str in all_apis
}
assert len(r['response']['request']) == 1
for i in r['response']['request']:
assert i['id'] == resource_id + '/*'
if all_apis == set(i['apis']):
check = True
assert check is True
def set_policy():
resource_id = "rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/rs.iudx.io/" + rand_rsg(
)
access_req = {
"user_email": email,
"user_role": 'consumer',
"item_id": resource_id,
"item_type": "resourcegroup",
"capabilities": ["complex", "subscription", "temporal"]
}
r = provider.provider_access([access_req])
assert r['success'] == True
assert r['status_code'] == 200
return resource_id
def test_rs_all_caps():
with open('../capabilities.json') as f:
caps = json.load(f)
all_caps = list(caps['rs.iudx.io']['consumer'].keys())
all_apis = set()
apis = list(caps['rs.iudx.io']['consumer'].values())
for i in apis:
all_apis.update(i)
resource_id = "rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/rs.iudx.io/" + rand_rsg(
)
access_req = {
"user_email": email,
"user_role": 'consumer',
"item_id": resource_id,
"item_type": "resourcegroup",
"capabilities": all_caps
}
r = provider.provider_access([access_req])
assert r['success'] == True
assert r['status_code'] == 200
all_apis = {
str.replace('{{RESOURCE_GROUP_ID}}', resource_id)
for str in all_apis
}
body = {}
body['request'] = [resource_id]
r = consumer.get_token(body)
assert r['success'] is True
assert r['status_code'] == 200
token = r['response']['token']
r = resource_server.introspect_token(token)
assert r['success'] is True
assert r['status_code'] == 200
resp = r['response']
assert len(resp['request']) == 1
assert resp['request'][0]['id'] == resource_id + '/*'
assert set(resp['request'][0]['apis']) == all_apis
def test_revoked_rule():
resource_id = "rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/rs.iudx.io/" + rand_rsg(
)
access_req = {
"user_email": email,
"user_role": 'consumer',
"item_id": resource_id,
"item_type": "resourcegroup",
"capabilities": ["complex", "subscription", "temporal"]
}
r = provider.provider_access([access_req])
assert r['success'] == True
assert r['status_code'] == 200
body = {}
body['request'] = [resource_id]
r = consumer.get_token(body)
assert r['success'] is True
assert r['status_code'] == 200
token = r['response']['token']
r = resource_server.introspect_token(token)
assert r['success'] is True
assert r['status_code'] == 200
# delete rule
# find access ID and delete it
r = provider.get_provider_access()
assert r['success'] == True
assert r['status_code'] == 200
rules = r['response']
for r in rules:
if resource_id == r['item']['cat_id']:
access_id = r['id']
break
assert access_id != -1
r = provider.delete_rule([{'id': access_id}])
assert r['success'] == True
assert r['status_code'] == 200
r = resource_server.introspect_token(token)
assert r['success'] is False
assert r['status_code'] == 403
def test_onboarder_token():
access_req = {"user_email": email, "user_role": 'onboarder'}
r = provider.provider_access([access_req])
assert r['success'] == True
assert r['status_code'] == 200
body = {}
resource_id = "rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/catalogue.iudx.io/catalogue/crud"
body['request'] = [resource_id]
r = consumer.get_token(body)
assert r['success'] is True
assert r['status_code'] == 200
token = r['response']['token']
r = catalogue_server.introspect_token(token)
assert r['success'] is True
assert r['status_code'] == 200
resp = r['response']
assert len(resp['request']) == 1
assert resp['request'][0]['id'] == resource_id
assert len(resp['request'][0]['apis']) == 0
def test_same_resource_same_user_diff_role():
# policy set for same resource for a user registered as consumer
# and data ingester. Getting a token for the resource will result
# in a token with '2' resources, one reflecting the consumer
# policy, the other for the ingester policy
resource_id = set_policy()
access_req = {
"user_email": email,
"user_role": 'data ingester',
"item_id": resource_id,
"item_type": "resourcegroup"
}
r = provider.provider_access([access_req])
assert r['success'] == True
assert r['status_code'] == 200
body = {}
body['request'] = [resource_id]
r = consumer.get_token(body)
assert r['success'] is True
assert r['status_code'] == 200
token = r['response']['token']
s = token.split("/")
uuid = s[3]
r = consumer.view_tokens()
check = False
for tokens in r['response']:
if uuid == tokens['uuid']:
assert len(tokens['request']) == 2
check = True
assert check is True
def test_deleted_cap():
with open('../capabilities.json') as f:
caps = json.load(f)
all_caps = list(caps['rs.iudx.io']['consumer'].keys())
all_apis = set()
apis = list(caps['rs.iudx.io']['consumer'].values())
for i in apis:
all_apis.update(i)
resource_id = "rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/rs.iudx.io/" + rand_rsg(
)
access_req = {
"user_email": email,
"user_role": 'consumer',
"item_id": resource_id,
"item_type": "resourcegroup",
"capabilities": all_caps
}
r = provider.provider_access([access_req])
assert r['success'] == True
assert r['status_code'] == 200
body = {}
body['request'] = [resource_id]
r = consumer.get_token(body)
assert r['success'] is True
assert r['status_code'] == 200
token = r['response']['token']
r = resource_server.introspect_token(token)
assert r['success'] is True
assert r['status_code'] == 200
resp = r['response']
all_apis = {
str.replace('{{RESOURCE_GROUP_ID}}', resource_id)
for str in all_apis
}
assert len(resp['request']) == 1
assert resp['request'][0]['id'] == resource_id + '/*'
assert set(resp['request'][0]['apis']) == all_apis
# delete subscription capability and then introspect
# find access ID and delete it
access_id = -1
r = provider.get_provider_access()
assert r['success'] == True
assert r['status_code'] == 200
rules = r['response']
for r in rules:
if r['item'] and resource_id == r['item']['cat_id']:
access_id = r['id']
break
assert access_id != -1
r = provider.delete_rule([{
'id': access_id,
'capabilities': ['subscription']
}])
assert r['success'] == True
assert r['status_code'] == 200
subscription_api = caps['rs.iudx.io']['consumer']['subscription'][0]
r = resource_server.introspect_token(token)
assert r['success'] is True
assert r['status_code'] == 200
resp = r['response']
assert len(resp['request']) == 1
assert resp['request'][0]['id'] == resource_id + '/*'
assert subscription_api not in set(resp['request'][0]['apis'])
