def test_delegate_flow():
#check success flow for delegate and fails sessionId used with provider
body = {
"apis": [{
"method": "get",
"endpoint": "/auth/v1/provider/access"
}]
}
r = alt_provider.get_session_id(body)
assert r['success'] is True
assert r['status_code'] == 200
alt_provider.set_user_session_id(fetch_sessionId(delegate_email))
r = alt_provider.get_provider_access('*****@*****.**')
assert r['success'] is True
assert r['status_code'] == 200
# using delegates session ID for provider
untrusted.set_user_session_id(fetch_sessionId(delegate_email))
r = untrusted.get_provider_access(None)
assert r['success'] is False
assert r['status_code'] == 403
def test_multiple_get_all_rules():
# get all rules for new email
check_con = False
check_onb = False
check_dti = False
check_del = False
r = untrusted.get_provider_access()
assert r['success'] == True
assert r['status_code'] == 200
rules = r['response']
for r in rules:
if r['email'] == remail and r['role'] == 'consumer':
assert set(r['capabilities']).issubset(
set(['temporal', 'subscription', 'complex']))
assert len(r['capabilities']) <= 3 and len(r['capabilities']) >= 1
check_con = True
if r['email'] == remail and r['role'] == 'onboarder':
assert r['item_type'] == 'catalogue'
check_onb = True
if r['email'] == remail and r['role'] == 'delegate':
assert r['item_type'] == 'provider-caps'
check_del = True
if r['email'] == remail and r['role'] == 'data ingester':
assert r['policy'].endswith('"/iudx/v1/adapter"')
check_dti = True
assert check_con == True
assert check_onb == True
assert check_dti == True
assert check_del == True
def test_delegate_updating_other_policy():
resource_group = ''.join(random.choice(string.ascii_lowercase) for _ in range(10))
resource_id = provider_id + '/rs.iudx.io/' + resource_group
#create policy
req = { "user_email": email,
"user_role":'consumer',
"item_id":resource_id,
"item_type":"resourcegroup",
"capabilities": ['temporal'],
"expiry_time": "2027-01-01T12:00:00Z"
}
r = untrusted.provider_access([req])
assert r['success'] == True
assert r['status_code'] == 200
#get access_id
r = untrusted.get_provider_access()
assert r['success'] == True
assert r['status_code'] == 200
rules = r['response']
#get access_id for set policy
for r in rules:
if r['email'] == email and r['role'] == 'consumer' and resource_id == r['item']['cat_id']:
consumer_id = r['id']
break
#set expiry to now
assert expire_rule(consumer_id) is True
#delegate update expired policy
req = { "expiry_time":"2025-01-01T12:00:00Z",
"id": consumer_id
}
r = alt_provider.update_rule([req],"*****@*****.**")
assert r['success'] == True
assert r['status_code'] == 200
def test_sessionId_multiple_sucess():
#get session id for multiple end points and check if success
body = {
"apis": [{
"method": "get",
"endpoint": "/auth/v1/provider/access"
}, {
"method": "post",
"endpoint": "/auth/v1/provider/access"
}]
}
r = untrusted.get_session_id(body)
assert r['success'] is True
untrusted.set_user_session_id(fetch_sessionId('*****@*****.**'))
r = untrusted.get_provider_access()
assert r['success'] is True
assert r['status_code'] == 200
resource_group = ''.join(
random.choice(string.ascii_lowercase) for _ in range(10))
resource_id = provider_id + '/rs.iudx.io/' + resource_group
req = {
"user_email": email,
"user_role": 'consumer',
'capabilities': ['temporal'],
"item_id": resource_id,
"item_type": "resourcegroup"
}
r = untrusted.provider_access([req])
assert r['success'] is True
assert r['status_code'] == 200
def test_multiple_get_all_rules():
# get all rules for new email
check_con = False
check_onb = False
check_dti = False
check_del = False
r = untrusted.get_provider_access()
assert r['success'] == True
assert r['status_code'] == 200
rules = r['response']
for r in rules:
if r['email'] == memail and r['role'] == 'consumer' and r['item'][
'cat_id'] == resource_id:
assert set(r['capabilities']).issubset(
set(['temporal', 'subscription', 'complex']))
assert len(r['capabilities']) == 3
check_con = True
if r['email'] == memail and r['role'] == 'onboarder':
assert r['item_type'] == 'catalogue'
check_onb = True
if r['email'] == memail and r['role'] == 'delegate':
assert r['item_type'] == 'provider-caps'
check_del = True
if r['email'] == memail and r['role'] == 'data ingester' and r['item'][
'cat_id'] == resource_id:
assert r['item_type'] == 'resourcegroup'
check_dti = True
assert check_con == True
assert check_onb == True
assert check_dti == True
assert check_del == True
def test_get_access_rules():
global ingester_id, consumer_id, onboarder_id
r = untrusted.get_provider_access()
assert r['success'] == True
assert r['status_code'] == 200
rules = r['response']
for r in rules:
if r['email'] == email and r[
'role'] == 'consumer' and resource_id == r['item']['cat_id']:
assert set(r['capabilities']).issubset(
set(['temporal', 'subscription', 'complex']))
assert len(r['capabilities']) <= 3 and len(r['capabilities']) >= 1
consumer_id = r['id']
if r['email'] == email and r[
'role'] == 'consumer' and fileresource_id == r['item'][
'cat_id']:
assert set(r['capabilities']).issubset(set(['download']))
assert len(r['capabilities']) <= 1 and len(r['capabilities']) >= 1
if r['email'] == email and r['role'] == 'onboarder':
assert r['item_type'] == 'catalogue'
onboarder_id = r['id']
if r['email'] == email and r[
'role'] == 'data ingester' and diresource_id == r['item'][
'cat_id']:
assert r['item_type'] == 'resourcegroup'
ingester_id = r['id']
if r['email'] == email and r[
'role'] == 'data ingester' and file_diresource_id == r['item'][
'cat_id']:
assert r['item_type'] == 'resourcegroup'
def test_Success():
# successful flow
body = {
"apis": [{
"method": "get",
"endpoint": "/auth/v1/provider/access"
}]
}
r = untrusted.get_session_id(body)
assert r['success'] is True
untrusted.set_user_session_id(fetch_sessionId('*****@*****.**'))
r = untrusted.get_provider_access()
assert r['success'] is True
assert r['status_code'] == 200
r = consumer.get_token(body)
assert r['success'] is True
# invalid resource ID
req["item_id"] = '/aaaaa/sssss/sada/'
r = untrusted.provider_access([req])
assert r['success'] == False
assert r['status_code'] == 400
req["item_id"] = '/aaaaa/sssss'
r = untrusted.provider_access([req])
assert r['success'] == False
assert r['status_code'] == 400
# get all rules
r = untrusted.get_provider_access()
assert r['success'] == True
assert r['status_code'] == 200
rules = r['response']
for r in rules:
if r['email'] == email and r['role'] == 'consumer' and resource_id == r['item']['cat_id']:
consumer_id = r['id']
assert set(r['capabilities']).issubset(set(['temporal', 'subscription', 'complex']))
assert len(r['capabilities']) <= 3 and len(r['capabilities']) >= 1
if r['email'] == email and r['role'] == 'onboarder':
onboarder_id = r['id']
assert r['item_type'] == 'catalogue'
if r['email'] == email and r['role'] == 'data ingester' and diresource_id == r['item']['cat_id']:
ingester_id = r['id']
assert r['policy'].endswith('"/iudx/v1/adapter"')
def test_no_sessionId_header():
# setting session ID None will not set the header in requests
untrusted.set_user_session_id(None)
r = untrusted.get_provider_access()
assert r['success'] is False
assert r['status_code'] == 403
def test_sessionId_incorrect():
#passing incorrect session id while accessing Secure endpoint
untrusted.set_user_session_id("")
r = untrusted.get_provider_access()
assert r['success'] is False
assert r['status_code'] == 403
