Example #1
0
  def bob_setup(bob_account_id, record_id, carenet_id, allowed_docs, disallowed_docs):
    bob_chrome_client = IndivoClient('chrome', 'chrome')
    bob_chrome_client.create_session(data.account02)

    # SZ: Bob should NOT be able to read the docs directly in the record
    for doc_id in allowed_docs+disallowed_docs:
      assert_403(bob_chrome_client.read_document(record_id=record_id, document_id=doc_id))

    assert_403(bob_chrome_client.get_record_carenets(record_id=record_id))

    # Bob should be able to read the allowed docs

    for doc_id in allowed_docs:
      assert_200(bob_chrome_client.get_carenet_document(carenet_id = carenet_id, document_id = doc_id))

    # Bob should not be able to read the disallowed docs
    for doc_id in disallowed_docs:
      assert_404(bob_chrome_client.get_carenet_document(carenet_id = carenet_id, document_id = doc_id))
    
    # Bob should be able to list docs in the carenet
    carenet_documents_list = bob_chrome_client.get_carenet_documents(carenet_id = carenet_id).response[PRD]['Document']

    # with a parameter
    carenet_documents_list = bob_chrome_client.get_carenet_documents(carenet_id = carenet_id, parameters={'type': 'http://indivo.org/vocab/xml/documents#Allergy'}).response[PRD]['Document']

    # Read carenet allergies
    # TODO: replace with generic call
    # assert_200(bob_chrome_client.read_carenet_allergies(carenet_id = carenet_id))

    # Read the demographics document, this should work
    resp = bob_chrome_client.call('GET', '/carenets/%s/demographics'%carenet_id, options={'parameters':{'response_format':'application/xml'}} )
    demographics_doc = parse_xml(resp)
    family_name = xpath(demographics_doc, '/Models/Model/Field[@name="name_family"]/text()')
    assert(family_name)

    bob_chrome_client.get_account_permissions(account_id=bob_account_id)
    bob_chrome_client.get_carenet_account_permissions(carenet_id= carenet_id,
                                                      record_id=record_id, 
                                                      account_id=bob_account_id)

    # Not yet implemented
    #bob_chrome_client.get_carenet_app_permissions(account_id=bob_account_id)

    return True
    def bob_setup(bob_account_id, record_id, carenet_id, allowed_docs, disallowed_docs):
        bob_chrome_client = IndivoClient("chrome", "chrome")
        bob_chrome_client.create_session(data.account02)

        # SZ: Bob should NOT be able to read the docs directly in the record
        for doc_id in allowed_docs + disallowed_docs:
            assert_403(bob_chrome_client.read_document(record_id=record_id, document_id=doc_id))

        assert_403(bob_chrome_client.get_record_carenets(record_id=record_id))

        # Bob should be able to read the allowed docs
        for doc_id in allowed_docs:
            assert_200(bob_chrome_client.get_carenet_document(carenet_id=carenet_id, document_id=doc_id))

        # Bob should not be able to read the disallowed docs
        for doc_id in disallowed_docs:
            assert_404(bob_chrome_client.get_carenet_document(carenet_id=carenet_id, document_id=doc_id))

        # Bob should be able to list docs in the carenet
        carenet_documents_list = bob_chrome_client.get_carenet_documents(carenet_id=carenet_id).response[PRD][
            "Document"
        ]

        # with a parameter
        carenet_documents_list = bob_chrome_client.get_carenet_documents(
            carenet_id=carenet_id, parameters={"type": "http://indivo.org/vocab/xml/documents#Allergy"}
        ).response[PRD]["Document"]

        # Read carenet allergies
        assert_200(bob_chrome_client.read_carenet_allergies(carenet_id=carenet_id))
        assert_200(bob_chrome_client.read_carenet_problems(carenet_id=carenet_id))

        # Read the contact document, this should work
        contact_doc = parse_xml(
            bob_chrome_client.read_carenet_special_document(carenet_id=carenet_id, special_document="contact")
        )
        contact_name = xpath(
            contact_doc,
            "/ns:Contact/ns:name/ns:fullName/text()",
            namespaces={"ns": "http://indivo.org/vocab/xml/documents#"},
        )
        assert contact_name

        bob_chrome_client.get_account_permissions(account_id=bob_account_id)
        bob_chrome_client.get_carenet_account_permissions(
            carenet_id=carenet_id, record_id=record_id, account_id=bob_account_id
        )

        # Not yet implemented
        # bob_chrome_client.get_carenet_app_permissions(account_id=bob_account_id)

        return True
Example #3
0
    def alice_setup(record_id, bob_account_id):

        allergy_type = {'type': 'http://indivo.org/vocab/xml/documents#Models'}

        alice_chrome_client = IndivoClient('chrome', 'chrome')
        alice_chrome_client.create_session(data.account)
        alice_chrome_client.read_record(record_id=record_id)
        alice_chrome_client.get_account_permissions(
            account_id=data.account['account_id'])

        alice_chrome_client.get_account_records(
            account_id=data.account['account_id'])

        # Alice posts a document
        # (We save the first doc instead of zero
        #   due to the demographics doc already in alice's account)
        alice_chrome_client.post_document(data=data.doc01)
        document_id = alice_chrome_client.read_documents(
        ).response[PRD]['Document'][1]

        # Save the document_id in the client's datastore
        alice_chrome_client.ds.document_id = document_id

        # Save the first carenet_id in the client's datastore
        carenet_id = alice_chrome_client.get_record_carenets(
        ).response[PRD]['Carenet'][0]

        # post four documents to Alice's record, 2 allergies and 2 immunizations
        document_1_id = xpath(
            parse_xml(alice_chrome_client.post_document(data=data.allergy)),
            "/Document/@id")[0]
        document_2_id = xpath(
            parse_xml(alice_chrome_client.post_document(data=data.allergy)),
            "/Document/@id")[0]
        document_3_id = xpath(
            parse_xml(
                alice_chrome_client.post_document(data=data.immunization)),
            "/Document/@id")[0]
        document_4_id = xpath(
            parse_xml(
                alice_chrome_client.post_document(data=data.immunization)),
            "/Document/@id")[0]

        # and one more to test nevershare
        document_5_id = xpath(
            parse_xml(alice_chrome_client.post_document(data=data.allergy)),
            "/Document/@id")[0]

        # auto-share allergies
        alice_chrome_client.post_autoshare(data=allergy_type,
                                           carenet_id=carenet_id)

        assert_200(
            alice_chrome_client.get_autoshare_bytype_all(record_id=record_id))

        # unshare that one allergy, which should negate the autoshare
        alice_chrome_client.delete_carenet_document(record_id=record_id,
                                                    document_id=document_2_id,
                                                    carenet_id=carenet_id)

        # nevershare the third allergy
        alice_chrome_client.document_nevershare_set(record_id=record_id,
                                                    document_id=document_5_id)

        # immunizations are individually shared (well only one of them)
        alice_chrome_client.post_carenet_document(document_id=document_3_id,
                                                  carenet_id=carenet_id)
        alice_chrome_client.delete_carenet_document(record_id=record_id,
                                                    document_id=document_4_id,
                                                    carenet_id=carenet_id)

        # Alice shares her demographics document(s) with the carenet
        demographics_doc = parse_xml(
            alice_chrome_client.read_documents(
                record_id=record_id, parameters={'type': 'Demographics'}))
        for doc_id in xpath(demographics_doc, '/Documents/Document/@id'):
            alice_chrome_client.post_carenet_document(record_id=record_id,
                                                      document_id=doc_id,
                                                      carenet_id=carenet_id)

        # Alice adds bob_account_id to carenet[0]
        alice_chrome_client.post_carenet_account(
            carenet_id=carenet_id,
            data='account_id=' + bob_account_id + '&write=false')

        # Review all accounts within carenet[0]
        assert xpath(
            parse_xml(
                alice_chrome_client.get_carenet_accounts(
                    carenet_id=carenet_id)), '/CarenetAccounts')
        alice_chrome_client.get_carenet_apps(carenet_id=carenet_id)

        alice_chrome_client.read_allergies(record_id=record_id)

        # Finally, return the carenet_id, document_id
        # in order to check Bob's access
        # and a second document that is disallowed
        return carenet_id, [document_1_id, document_3_id
                            ], [document_2_id, document_4_id, document_5_id]
Example #4
0
    def bob_setup(bob_account_id, record_id, carenet_id, allowed_docs,
                  disallowed_docs):
        bob_chrome_client = IndivoClient('chrome', 'chrome')
        bob_chrome_client.create_session(data.account02)

        # SZ: Bob should NOT be able to read the docs directly in the record
        for doc_id in allowed_docs + disallowed_docs:
            assert_403(
                bob_chrome_client.read_document(record_id=record_id,
                                                document_id=doc_id))

        assert_403(bob_chrome_client.get_record_carenets(record_id=record_id))

        # Bob should be able to read the allowed docs

        for doc_id in allowed_docs:
            assert_200(
                bob_chrome_client.get_carenet_document(carenet_id=carenet_id,
                                                       document_id=doc_id))

        # Bob should not be able to read the disallowed docs
        for doc_id in disallowed_docs:
            assert_404(
                bob_chrome_client.get_carenet_document(carenet_id=carenet_id,
                                                       document_id=doc_id))

        # Bob should be able to list docs in the carenet
        carenet_documents_list = bob_chrome_client.get_carenet_documents(
            carenet_id=carenet_id).response[PRD]['Document']

        # with a parameter
        carenet_documents_list = bob_chrome_client.get_carenet_documents(
            carenet_id=carenet_id,
            parameters={
                'type': 'http://indivo.org/vocab/xml/documents#Allergy'
            }).response[PRD]['Document']

        # Read carenet allergies
        # TODO: replace with generic call
        # assert_200(bob_chrome_client.read_carenet_allergies(carenet_id = carenet_id))

        # Read the demographics document, this should work
        resp = bob_chrome_client.call(
            'GET',
            '/carenets/%s/demographics' % carenet_id,
            options={'parameters': {
                'response_format': 'application/xml'
            }})
        demographics_doc = parse_xml(resp)
        family_name = xpath(demographics_doc,
                            '/Models/Model/Field[@name="name_family"]/text()')
        assert (family_name)

        bob_chrome_client.get_account_permissions(account_id=bob_account_id)
        bob_chrome_client.get_carenet_account_permissions(
            carenet_id=carenet_id,
            record_id=record_id,
            account_id=bob_account_id)

        # Not yet implemented
        #bob_chrome_client.get_carenet_app_permissions(account_id=bob_account_id)

        return True
Example #5
0
    def bob_setup(bob_account_id, record_id, carenet_id, allowed_docs,
                  disallowed_docs):
        bob_chrome_client = IndivoClient('chrome', 'chrome')
        bob_chrome_client.create_session(data.account02)

        # SZ: Bob should NOT be able to read the docs directly in the record
        for doc_id in allowed_docs + disallowed_docs:
            assert_403(
                bob_chrome_client.read_document(record_id=record_id,
                                                document_id=doc_id))

        assert_403(bob_chrome_client.get_record_carenets(record_id=record_id))

        # Bob should be able to read the allowed docs
        for doc_id in allowed_docs:
            assert_200(
                bob_chrome_client.get_carenet_document(carenet_id=carenet_id,
                                                       document_id=doc_id))

        # Bob should not be able to read the disallowed docs
        for doc_id in disallowed_docs:
            assert_404(
                bob_chrome_client.get_carenet_document(carenet_id=carenet_id,
                                                       document_id=doc_id))

        # Bob should be able to list docs in the carenet
        carenet_documents_list = bob_chrome_client.get_carenet_documents(
            carenet_id=carenet_id).response[PRD]['Document']

        # with a parameter
        carenet_documents_list = bob_chrome_client.get_carenet_documents(
            carenet_id=carenet_id,
            parameters={
                'type': 'http://indivo.org/vocab/xml/documents#Allergy'
            }).response[PRD]['Document']

        # Read carenet allergies
        assert_200(
            bob_chrome_client.read_carenet_allergies(carenet_id=carenet_id))
        assert_200(
            bob_chrome_client.read_carenet_problems(carenet_id=carenet_id))

        # Read the contact document, this should work
        contact_doc = parse_xml(
            bob_chrome_client.read_carenet_special_document(
                carenet_id=carenet_id, special_document='contact'))
        contact_name = xpath(
            contact_doc,
            '/ns:Contact/ns:name/ns:fullName/text()',
            namespaces={'ns': 'http://indivo.org/vocab/xml/documents#'})
        assert (contact_name)

        bob_chrome_client.get_account_permissions(account_id=bob_account_id)
        bob_chrome_client.get_carenet_account_permissions(
            carenet_id=carenet_id,
            record_id=record_id,
            account_id=bob_account_id)

        # Not yet implemented
        #bob_chrome_client.get_carenet_app_permissions(account_id=bob_account_id)

        return True
Example #6
0
  def alice_setup(record_id, bob_account_id):

    allergy_type = {'type' : 'http://indivo.org/vocab/xml/documents#Models'}

    alice_chrome_client = IndivoClient('chrome', 'chrome')
    alice_chrome_client.create_session(data.account)
    alice_chrome_client.read_record(record_id=record_id)
    alice_chrome_client.get_account_permissions(account_id=data.account['account_id'])

    alice_chrome_client.get_account_records(account_id = data.account['account_id'])

    # Alice posts a document
    # (We save the first doc instead of zero 
    #   due to the demographics doc already in alice's account)
    alice_chrome_client.post_document(data=data.doc01)
    document_id = alice_chrome_client.read_documents().response[PRD]['Document'][1]

    # Save the document_id in the client's datastore
    alice_chrome_client.ds.document_id = document_id

    # Save the first carenet_id in the client's datastore
    carenet_id = alice_chrome_client.get_record_carenets().response[PRD]['Carenet'][0]

    # post four documents to Alice's record, 2 allergies and 2 immunizations
    document_1_id = xpath(parse_xml(alice_chrome_client.post_document(data=data.allergy)), "/Document/@id")[0]
    document_2_id = xpath(parse_xml(alice_chrome_client.post_document(data=data.allergy)), "/Document/@id")[0]
    document_3_id = xpath(parse_xml(alice_chrome_client.post_document(data=data.immunization)), "/Document/@id")[0]
    document_4_id = xpath(parse_xml(alice_chrome_client.post_document(data=data.immunization)), "/Document/@id")[0]

    # and one more to test nevershare
    document_5_id = xpath(parse_xml(alice_chrome_client.post_document(data=data.allergy)), "/Document/@id")[0]

    # auto-share allergies
    alice_chrome_client.post_autoshare(data=allergy_type, carenet_id=carenet_id)

    assert_200(alice_chrome_client.get_autoshare_bytype_all(record_id=record_id))

    # unshare that one allergy, which should negate the autoshare
    alice_chrome_client.delete_carenet_document(record_id = record_id, document_id = document_2_id, carenet_id=carenet_id)

    # nevershare the third allergy
    alice_chrome_client.document_nevershare_set(record_id = record_id, document_id = document_5_id)

    # immunizations are individually shared (well only one of them)
    alice_chrome_client.post_carenet_document(document_id = document_3_id, carenet_id=carenet_id)
    alice_chrome_client.delete_carenet_document(record_id=record_id, document_id=document_4_id, carenet_id=carenet_id)

    # Alice shares her demographics document(s) with the carenet
    demographics_doc = parse_xml(alice_chrome_client.read_documents(record_id = record_id, parameters={'type':'Demographics'}))
    for doc_id in xpath(demographics_doc, '/Documents/Document/@id'):
      alice_chrome_client.post_carenet_document(record_id = record_id, document_id = doc_id, carenet_id = carenet_id)

    # Alice adds bob_account_id to carenet[0]
    alice_chrome_client.post_carenet_account(carenet_id = carenet_id, data='account_id=' + bob_account_id + '&write=false')

    # Review all accounts within carenet[0]
    assert xpath(parse_xml(alice_chrome_client.get_carenet_accounts(carenet_id = carenet_id)), '/CarenetAccounts')
    alice_chrome_client.get_carenet_apps(carenet_id = carenet_id)

    alice_chrome_client.read_allergies(record_id = record_id)

    # Finally, return the carenet_id, document_id
    # in order to check Bob's access
    # and a second document that is disallowed
    return carenet_id, [document_1_id, document_3_id], [document_2_id, document_4_id, document_5_id]
def test_account(IndivoClient):
  try:

    chrome_client = IndivoClient('chrome', 'chrome')

    # simplest test case
    chrome_client.create_account({'user_email' : '*****@*****.**', 'contact_email':'*****@*****.**', 'user_pass': '******'})
    chrome_client.add_auth_system(account_id='*****@*****.**', data={'system':'password', 'username':'******', 'password': '******'})
      
    # create an account
    chrome_client.create_account({'user_email' : '*****@*****.**', 'primary_secret_p' : '1', 'secondary_secret_p' : '1', 'contact_email':'*****@*****.**'})

    # reset it
    chrome_client.account_reset(account_id='*****@*****.**')

    # get the account info 
    account_resp = chrome_client.account_info(account_id = '*****@*****.**')
    parsed_resp = ElementTree.fromstring(account_resp.response['response_data'])
    secondary_secret = parsed_resp.findtext('secret')

    # get the primary secret
    primary_secret_resp = chrome_client.account_primary_secret(account_id = '*****@*****.**')
    parsed_resp = ElementTree.fromstring(primary_secret_resp.response['response_data'])
    primary_secret = parsed_resp.text

    # initialize it
    chrome_client.account_initialize(account_id='*****@*****.**', primary_secret=primary_secret, data={'secondary_secret':secondary_secret})

    # set username and password
    chrome_client.add_auth_system(account_id='*****@*****.**', data={'system':'password', 'username':'******', 'password': '******'})

    # set the password to something else
    chrome_client.account_set_password(account_id='*****@*****.**', data={'password':'******'})      
      
    # change the state back and forth
    chrome_client.account_set_state(account_id='*****@*****.**', data={'state': 'disabled'})
    chrome_client.account_set_state(account_id='*****@*****.**', data={'state': 'active'})
    chrome_client.account_set_state(account_id='*****@*****.**', data={'state': 'retired'})
    assert_403(chrome_client.account_set_state(account_id='*****@*****.**', data={'state': 'active'}))

    # see if we can create a session for it
    chrome_client.create_session({'username':'******','user_pass':'******'})

    # now the token is in the client, we can change the password
    chrome_client.account_change_password(account_id = '*****@*****.**', data={'old':'test2','new':'test3'})

    # change the info
    assert_200(chrome_client.account_info_set(account_id= '*****@*****.**', data={'contact_email':'*****@*****.**','full_name':'Ben2 Adida'}))

    # change the username
    assert_200(chrome_client.account_username_set(account_id='*****@*****.**', data={'username':'******'}))

    chrome_client = IndivoClient('chrome', 'chrome')
    chrome_client.create_session({'username':'******','user_pass':'******'})
    
    # do account search
    chrome_client = IndivoClient('chrome', 'chrome')
    accounts = parse_xml(chrome_client.account_search(parameters={'contact_email': '*****@*****.**'}))
    accounts2 = parse_xml(chrome_client.account_search(parameters={'fullname': 'Steve Zabak'}))

    # create an account with a mychildrens auth system
    chrome_client.create_account({'user_email' : '*****@*****.**', 'primary_secret_p' : '0', 'secondary_secret_p' : '0', 'contact_email':'*****@*****.**'})
    chrome_client.add_auth_system(account_id='*****@*****.**', data={'system':'mychildrens', 'username':'******'})
    
    # FIXME: this call doesn't do anything, probably because of some internal magic that fails if there is no password field
    chrome_client.create_session({'username':'******','system':'mychildrens'})
  except Exception, e:
    return False, e
Example #8
0
def test_account(IndivoClient):
    try:

        chrome_client = IndivoClient('chrome', 'chrome')

        # simplest test case
        chrome_client.create_account({
            'user_email': '*****@*****.**',
            'contact_email': '*****@*****.**',
            'user_pass': '******'
        })
        chrome_client.add_auth_system(account_id='*****@*****.**',
                                      data={
                                          'system': 'password',
                                          'username': '******',
                                          'password': '******'
                                      })

        # create an account
        chrome_client.create_account({
            'user_email': '*****@*****.**',
            'primary_secret_p': '1',
            'secondary_secret_p': '1',
            'contact_email': '*****@*****.**'
        })

        # reset it
        chrome_client.account_reset(account_id='*****@*****.**')

        # get the account info
        account_resp = chrome_client.account_info(account_id='*****@*****.**')
        parsed_resp = ElementTree.fromstring(
            account_resp.response['response_data'])
        secondary_secret = parsed_resp.findtext('secret')

        # get the primary secret
        primary_secret_resp = chrome_client.account_primary_secret(
            account_id='*****@*****.**')
        parsed_resp = ElementTree.fromstring(
            primary_secret_resp.response['response_data'])
        primary_secret = parsed_resp.text

        # initialize it
        chrome_client.account_initialize(
            account_id='*****@*****.**',
            primary_secret=primary_secret,
            data={'secondary_secret': secondary_secret})

        # set username and password
        chrome_client.add_auth_system(account_id='*****@*****.**',
                                      data={
                                          'system': 'password',
                                          'username': '******',
                                          'password': '******'
                                      })

        # set the password to something else
        chrome_client.account_set_password(account_id='*****@*****.**',
                                           data={'password': '******'})

        # change the state back and forth
        chrome_client.account_set_state(account_id='*****@*****.**',
                                        data={'state': 'disabled'})
        chrome_client.account_set_state(account_id='*****@*****.**',
                                        data={'state': 'active'})
        chrome_client.account_set_state(account_id='*****@*****.**',
                                        data={'state': 'retired'})
        assert_403(
            chrome_client.account_set_state(account_id='*****@*****.**',
                                            data={'state': 'active'}))

        # see if we can create a session for it
        chrome_client.create_session({'username': '******', 'user_pass': '******'})

        # now the token is in the client, we can change the password
        chrome_client.account_change_password(account_id='*****@*****.**',
                                              data={
                                                  'old': 'test2',
                                                  'new': 'test3'
                                              })

        # change the info
        assert_200(
            chrome_client.account_info_set(account_id='*****@*****.**',
                                           data={
                                               'contact_email':
                                               '*****@*****.**',
                                               'full_name': 'Ben2 Adida'
                                           }))

        # change the username
        assert_200(
            chrome_client.account_username_set(account_id='*****@*****.**',
                                               data={'username': '******'}))

        chrome_client = IndivoClient('chrome', 'chrome')
        chrome_client.create_session({'username': '******', 'user_pass': '******'})

        # do account search
        chrome_client = IndivoClient('chrome', 'chrome')
        accounts = parse_xml(
            chrome_client.account_search(
                parameters={'contact_email': '*****@*****.**'}))
        accounts2 = parse_xml(
            chrome_client.account_search(
                parameters={'fullname': 'Steve Zabak'}))

        # create an account with a mychildrens auth system
        chrome_client.create_account({
            'user_email': '*****@*****.**',
            'primary_secret_p': '0',
            'secondary_secret_p': '0',
            'contact_email': '*****@*****.**'
        })
        chrome_client.add_auth_system(account_id='*****@*****.**',
                                      data={
                                          'system': 'mychildrens',
                                          'username': '******'
                                      })

        # FIXME: this call doesn't do anything, probably because of some internal magic that fails if there is no password field
        chrome_client.create_session({
            'username': '******',
            'system': 'mychildrens'
        })
    except Exception, e:
        return False, e