def _test_ok(self, management_api, devices, **kwargs):
aid = '1'
device_id = '2'
key = '''-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzogVU7RGDilbsoUt/DdH
VJvcepl0A5+xzGQ50cq1VE/Dyyy8Zp0jzRXCnnu9nu395mAFSZGotZVr+sWEpO3c
yC3VmXdBZmXmQdZqbdD/GuixJOYfqta2ytbIUPRXFN7/I7sgzxnXWBYXYmObYvdP
okP0mQanY+WKxp7Q16pt1RoqoAd0kmV39g13rFl35muSHbSBoAW3GBF3gO+mF5Ty
1ddp/XcgLOsmvNNjY+2HOD5F/RX0fs07mWnbD7x+xz7KEKjF+H7ZpkqCwmwCXaf0
iyYyh1852rti3Afw4mDxuVSD7sd9ggvYMc0QHIpQNkD4YWOhNiE1AB0zH57VbUYG
UwIDAQAB
-----END PUBLIC KEY-----
'''
iddata = '{"foo":"bar"}'
req = management_api.make_preauth_req(aid, device_id, iddata, key)
_, rsp = management_api.preauthorize(req, **kwargs)
assert rsp.status_code == 201
devs = management_api.list_devices(**kwargs)
assert len(devs) == 6
found = [d for d in devs if d.id == device_id]
assert len(found) == 1
found = found[0]
assert found.id == device_id
assert found.id_data == iddata
assert len(found.auth_sets) == 1
auth_set = found.auth_sets[0]
assert auth_set.id == aid
assert auth_set.id_data == iddata
assert compare_keys(auth_set.pubkey, key)
assert auth_set.status == 'preauthorized'
def auth_set_put(request, authid):
authset = json.loads(request.body.decode())
log.info('new auth put %s', authset)
if device:
assert json.loads(authset.get('device_identity',
None)) == json.loads(device.identity)
assert compare_keys(authset.get('key', None), device.public_key)
else:
assert authset.get('device_identity', None)
assert authset.get('key', None)
assert authset.get('device_id', None)
return (status, {}, '')
def test_device_new(self, device_api, management_api, clean_migrated_db):
d = Device()
da = DevAuthorizer()
rsp = device_auth_req(device_api.auth_requests_url, da, d)
assert rsp.status_code == 401
devs = management_api.list_devices()
assert len(devs) == 1
dev = devs[0]
assert len(dev.auth_sets) == 1
aset = dev.auth_sets[0]
assert compare_keys(aset.pubkey, d.public_key)
def test_device_new(self, device_api, management_api, clean_migrated_db):
d = Device()
da = DevAuthorizer()
try:
with orchestrator.run_fake_for_device_id(1) as server:
rsp = device_auth_req(device_api.auth_requests_url, da, d)
assert rsp.status_code == 401
except bravado.exception.HTTPError as e:
assert e.response.status_code == 204
devs = management_api.list_devices()
assert len(devs) == 1
dev = devs[0]
assert len(dev.auth_sets) == 1
aset = dev.auth_sets[0]
assert compare_keys(aset.pubkey, d.public_key)
def accepted_tenants_devices(device_api, management_api, clean_migrated_db,
cli, request):
"""Fixture that sets up an accepted devices for tenants. The fixture can
be parametrized with a tenants, number of devices and number of authentication sets.
Yields a dict:
[tenant ID: [device object, ...], ]"""
requested = request.param
tenants_devices = dict()
url = device_api.auth_requests_url
for (tenant, dev_count, auth_count) in requested:
tenant_devices = []
cli.migrate(tenant=tenant)
tenant_token = make_fake_tenant_token(tenant)
for _ in range(int(dev_count)):
d = Device()
for i in range(int(auth_count)):
d.rotate_key()
da = DevAuthorizer(tenant_token=tenant_token)
# poke devauth so that device appears
handlers = [
(
"POST",
"/api/internal/v1/tenantadm/tenants/verify",
lambda _: (
200,
{},
{
"id": "507f191e810c19729de860ea",
"name": "Acme",
},
),
),
]
try:
with orchestrator.run_fake_for_device_id(1) as server:
with mockserver.run_fake(get_fake_tenantadm_addr(),
handlers=handlers) as fake:
rsp = device_auth_req(url, da, d)
assert rsp.status_code == 401
except bravado.exception.HTTPError as e:
assert e.response.status_code == 204
# try to find our devices in all devices listing
dev = management_api.find_device_by_identity(
d.identity, Authorization="Bearer " + tenant_token)
devid = dev.id
for a in dev.auth_sets:
if compare_keys(a.pubkey, d.public_key):
aid = a.id
break
try:
with orchestrator.run_fake_for_device_id(devid) as server:
management_api.accept_device(devid,
aid,
Authorization="Bearer " +
tenant_token)
token = request_token(d, da,
device_api.auth_requests_url)
assert len(token) > 0
except bravado.exception.HTTPError as e:
assert e.response.status_code == 204
assert dev
tenant_devices.append(d)
tenants_devices[tenant] = tenant_devices
yield tenants_devices