def test_user_cannot_log_in(self, tenants_users):
tc = ApiClient(tenantadm.URL_INTERNAL)
uc = ApiClient(useradm.URL_MGMT)
for u in tenants_users[0].users:
r = uc.call('POST', useradm.URL_LOGIN, auth=(u.name, u.pwd))
assert r.status_code == 200
# tenant's users can log in
for u in tenants_users[0].users:
r = uc.call('POST', useradm.URL_LOGIN, auth=(u.name, u.pwd))
assert r.status_code == 200
assert r.status_code == 200
# suspend tenant
r = tc.call('PUT',
tenantadm.URL_INTERNAL_SUSPEND,
tenantadm.req_status('suspended'),
path_params={'tid': tenants_users[0].id})
assert r.status_code == 200
time.sleep(10)
# none of tenant's users can log in
for u in tenants_users[0].users:
r = uc.call('POST', useradm.URL_LOGIN, auth=(u.name, u.pwd))
assert r.status_code == 401
# but other users still can
for u in tenants_users[1].users:
r = uc.call('POST', useradm.URL_LOGIN, auth=(u.name, u.pwd))
assert r.status_code == 200
def test_authenticated_user_is_rejected(self, tenants):
tc = ApiClient(tenantadm.URL_INTERNAL)
uc = ApiClient(useradm.URL_MGMT)
dc = ApiClient(deviceauth_v2.URL_MGMT)
u = tenants[0].users[0]
# log in
r = uc.call('POST',
useradm.URL_LOGIN,
auth=(u.name, u.pwd))
assert r.status_code == 200
token = r.text
# check can access an api
r = dc.with_auth(token).call('GET', deviceauth_v2.URL_DEVICES)
assert r.status_code == 200
# suspend tenant
r = tc.call('PUT',
tenantadm.URL_INTERNAL_SUSPEND,
tenantadm.req_status('suspended'),
path_params={'tid': tenants[0].id})
assert r.status_code == 200
time.sleep(10)
# check token is rejected
r = dc.with_auth(token).call('GET', deviceauth_v2.URL_DEVICES)
assert r.status_code == 401
def test_accepted_dev_cant_authenticate(self, tenants_users_devices):
dacd = ApiClient(deviceauth.URL_DEVICES)
devauthm = ApiClient(deviceauth_v2.URL_MGMT)
uc = ApiClient(useradm.URL_MGMT)
tc = ApiClient(tenantadm.URL_INTERNAL)
# accept a dev
device = tenants_users_devices[0].devices[0]
user = tenants_users_devices[0].users[0]
r = uc.call('POST', useradm.URL_LOGIN, auth=(user.name, user.pwd))
assert r.status_code == 200
utoken = r.text
aset = device.authsets[0]
change_authset_status(devauthm, aset.did, aset.id, 'accepted', utoken)
# suspend
r = tc.call('PUT',
tenantadm.URL_INTERNAL_SUSPEND,
tenantadm.req_status('suspended'),
path_params={'tid': tenants_users_devices[0].id})
assert r.status_code == 200
time.sleep(10)
# try requesting auth
body, sighdr = deviceauth.auth_req(
aset.id_data, aset.pubkey, aset.privkey,
tenants_users_devices[0].tenant_token)
r = dacd.call('POST', deviceauth.URL_AUTH_REQS, body, headers=sighdr)
assert r.status_code == 401
assert r.json()['error'] == 'Account suspended'
def test_authenticated_user_is_rejected(self, tenants):
tc = ApiClient(tenantadm.URL_INTERNAL,
host=tenantadm.HOST,
schema="http://")
uc = ApiClient(useradm.URL_MGMT)
dc = ApiClient(deviceauth.URL_MGMT)
u = tenants[0].users[0]
# log in
r = uc.call("POST", useradm.URL_LOGIN, auth=(u.name, u.pwd))
assert r.status_code == 200
token = r.text
# check can access an api
r = dc.with_auth(token).call("GET", deviceauth.URL_MGMT_DEVICES)
assert r.status_code == 200
# suspend tenant
r = tc.call(
"PUT",
tenantadm.URL_INTERNAL_SUSPEND,
tenantadm.req_status("suspended"),
path_params={"tid": tenants[0].id},
)
assert r.status_code == 200
time.sleep(10)
# check token is rejected
r = dc.with_auth(token).call("GET", deviceauth.URL_MGMT_DEVICES)
assert r.status_code == 401
def test_authenticated_dev_is_rejected(self, tenants_users_devices):
dacd = ApiClient(deviceauth.URL_DEVICES)
devauthm = ApiClient(deviceauth_v2.URL_MGMT)
uc = ApiClient(useradm.URL_MGMT)
tc = ApiClient(tenantadm.URL_INTERNAL)
dc = ApiClient(deployments.URL_DEVICES)
# accept a dev
user = tenants_users_devices[0].users[0]
r = uc.call('POST',
useradm.URL_LOGIN,
auth=(user.name, user.pwd))
assert r.status_code == 200
utoken = r.text
aset = tenants_users_devices[0].devices[0].authsets[0]
change_authset_status(devauthm, aset.did, aset.id, 'accepted', utoken)
# request auth
body, sighdr = deviceauth.auth_req(aset.id_data,
aset.pubkey,
aset.privkey,
tenants_users_devices[0].tenant_token)
r = dacd.call('POST',
deviceauth.URL_AUTH_REQS,
body,
headers=sighdr)
assert r.status_code == 200
dtoken = r.text
# check device can access APIs
r = dc.with_auth(dtoken).call('GET',
deployments.URL_NEXT,
qs_params={'device_type': 'foo',
'artifact_name': 'bar'})
assert r.status_code == 204
# suspend
r = tc.call('PUT',
tenantadm.URL_INTERNAL_SUSPEND,
tenantadm.req_status('suspended'),
path_params={'tid': tenants_users_devices[0].id})
assert r.status_code == 200
time.sleep(10)
# check device is rejected
r = dc.with_auth(dtoken).call('GET',
deployments.URL_NEXT,
qs_params={'device_type': 'foo',
'artifact_name': 'bar'})
assert r.status_code == 401
def test_accepted_dev_cant_authenticate(self, tenants_users_devices):
dacd = ApiClient(deviceauth.URL_DEVICES)
devauthm = ApiClient(deviceauth.URL_MGMT)
uc = ApiClient(useradm.URL_MGMT)
tc = ApiClient(tenantadm.URL_INTERNAL,
host=tenantadm.HOST,
schema="http://")
# accept a dev
device = tenants_users_devices[0].devices[0]
user = tenants_users_devices[0].users[0]
r = uc.call("POST", useradm.URL_LOGIN, auth=(user.name, user.pwd))
assert r.status_code == 200
utoken = r.text
aset = device.authsets[0]
change_authset_status(devauthm, aset.did, aset.id, "accepted", utoken)
# suspend
r = tc.call(
"PUT",
tenantadm.URL_INTERNAL_SUSPEND,
tenantadm.req_status("suspended"),
path_params={"tid": tenants_users_devices[0].id},
)
assert r.status_code == 200
time.sleep(10)
# try requesting auth
body, sighdr = deviceauth.auth_req(
aset.id_data,
aset.pubkey,
aset.privkey,
tenants_users_devices[0].tenant_token,
)
r = dacd.call("POST", deviceauth.URL_AUTH_REQS, body, headers=sighdr)
assert r.status_code == 401
assert r.json()["error"] == "Account suspended"
def test_user_cannot_log_in(self, tenants):
tc = ApiClient(tenantadm.URL_INTERNAL,
host=tenantadm.HOST,
schema="http://")
uc = ApiClient(useradm.URL_MGMT)
for u in tenants[0].users:
r = uc.call("POST", useradm.URL_LOGIN, auth=(u.name, u.pwd))
assert r.status_code == 200
# tenant's users can log in
for u in tenants[0].users:
r = uc.call("POST", useradm.URL_LOGIN, auth=(u.name, u.pwd))
assert r.status_code == 200
assert r.status_code == 200
# suspend tenant
r = tc.call(
"PUT",
tenantadm.URL_INTERNAL_SUSPEND,
tenantadm.req_status("suspended"),
path_params={"tid": tenants[0].id},
)
assert r.status_code == 200
time.sleep(10)
# none of tenant's users can log in
for u in tenants[0].users:
r = uc.call("POST", useradm.URL_LOGIN, auth=(u.name, u.pwd))
assert r.status_code == 401
# but other users still can
for u in tenants[1].users:
r = uc.call("POST", useradm.URL_LOGIN, auth=(u.name, u.pwd))
assert r.status_code == 200
def test_authenticated_dev_is_rejected(self, tenants_users_devices):
dacd = ApiClient(deviceauth.URL_DEVICES)
devauthm = ApiClient(deviceauth.URL_MGMT)
uc = ApiClient(useradm.URL_MGMT)
tc = ApiClient(tenantadm.URL_INTERNAL,
host=tenantadm.HOST,
schema="http://")
dc = ApiClient(deployments.URL_DEVICES)
# accept a dev
user = tenants_users_devices[0].users[0]
r = uc.call("POST", useradm.URL_LOGIN, auth=(user.name, user.pwd))
assert r.status_code == 200
utoken = r.text
aset = tenants_users_devices[0].devices[0].authsets[0]
change_authset_status(devauthm, aset.did, aset.id, "accepted", utoken)
# request auth
body, sighdr = deviceauth.auth_req(
aset.id_data,
aset.pubkey,
aset.privkey,
tenants_users_devices[0].tenant_token,
)
r = dacd.call("POST", deviceauth.URL_AUTH_REQS, body, headers=sighdr)
assert r.status_code == 200
dtoken = r.text
# check device can access APIs
r = dc.with_auth(dtoken).call(
"GET",
deployments.URL_NEXT,
qs_params={
"device_type": "foo",
"artifact_name": "bar"
},
)
assert r.status_code == 204
# suspend
r = tc.call(
"PUT",
tenantadm.URL_INTERNAL_SUSPEND,
tenantadm.req_status("suspended"),
path_params={"tid": tenants_users_devices[0].id},
)
assert r.status_code == 200
time.sleep(10)
# check device is rejected
r = dc.with_auth(dtoken).call(
"GET",
deployments.URL_NEXT,
qs_params={
"device_type": "foo",
"artifact_name": "bar"
},
)
assert r.status_code == 401