def test_role_authorizer_off_ledger_signature_pass(idr_cache, req_auth): authorizer = RolesAuthorizer(cache=idr_cache) req_auth._identifier = 'id_off_ledger' authorized, reason = authorizer.authorize( req_auth, AuthConstraint(role='*', sig_count=1, off_ledger_signature=True)) assert authorized
def test_role_authorizer_off_ledger_signature_not_pass(idr_cache, req_auth): authorizer = RolesAuthorizer(cache=idr_cache) req_auth._identifier = 'id_off_ledger' authorized, reason = authorizer.authorize( req_auth, AuthConstraint(role='*', sig_count=1, off_ledger_signature=False)) assert not authorized assert "DID id_off_ledger is not found in the Ledger" in reason
def test_signed_by_author_if_more_than_1_sig(idr_cache, req_multi_signed_by_non_author): authorizer = RolesAuthorizer(cache=idr_cache) authorized, reason = authorizer.authorize( req_multi_signed_by_non_author, AuthConstraint(role=STEWARD, sig_count=1)) assert not authorized assert "Author must sign the transaction" in reason
def test_role_authorizer_is_owner_accepted(idr_cache, is_owner): authorizer = RolesAuthorizer(cache=idr_cache) authorized = is_owner assert authorized == authorizer.is_owner_accepted( AuthConstraint(role="SomeRole", sig_count=1, need_to_be_owner=True), AuthActionAdd(txn_type=NYM, field='some_field', value='some_value', is_owner=is_owner))
def test_role_authorizer_authorize_with_owner(idr_cache, req_auth, is_owner): req = Request(identifier=req_auth.identifier, operation={TARGET_NYM: req_auth.identifier, TXN_TYPE: NYM}, signature='signature') authorizer = RolesAuthorizer(cache=idr_cache) authorized, reason = authorizer.authorize(req, AuthConstraint(role=STEWARD, sig_count=1, need_to_be_owner=True), AuthActionAdd(txn_type=NYM, field='some_field', value='some_value', is_owner=is_owner)) assert authorized == is_owner
def test_role_authorizer_off_ledger_signature_count_2_different_pass( idr_cache, req_auth): authorizer = RolesAuthorizer(cache=idr_cache) req_auth.signature = None req_auth.signatures = { req_auth.identifier: 'signature', 'another_id_off_ledger': 'another_signature' } authorized, reason = authorizer.authorize( req_auth, AuthConstraint(role='*', sig_count=2, off_ledger_signature=True)) assert authorized
def test_role_authorizer_not_authorize_unknown_nym(idr_cache): authorizer = RolesAuthorizer(cache=idr_cache) unknown_req_auth = Request(identifier="some_unknown_identifier", reqId=2, operation=randomOperation(), signature="signature", protocolVersion=CURRENT_PROTOCOL_VERSION) authorized, reason = authorizer.authorize(unknown_req_auth, AuthConstraint(role=TRUSTEE, sig_count=1)) assert not authorized assert reason == "sender's DID {} is not found in the Ledger".format(unknown_req_auth.identifier)
def register_default_authorizers(self): self.register_authorizer(RolesAuthorizer(cache=self.cache), auth_constraint_id=ROLE_CONSTRAINT_ID) self.register_authorizer(AndAuthorizer(), auth_constraint_id=AND_CONSTRAINT_ID) self.register_authorizer(OrAuthorizer(), auth_constraint_id=OR_CONSTRAINT_ID)
def composite_authorizer(idr_cache): authorizer = CompositeAuthorizer() authorizer.register_authorizer(RolesAuthorizer(idr_cache)) authorizer.register_authorizer(AndAuthorizer(), ConstraintsEnum.AND_CONSTRAINT_ID) authorizer.register_authorizer(OrAuthorizer(), ConstraintsEnum.OR_CONSTRAINT_ID) return authorizer
def test_role_authorizer_is_role_accepted(idr_cache): authorizer = RolesAuthorizer(cache=idr_cache) assert authorizer.is_role_accepted(role="", auth_constraint_role=IDENTITY_OWNER) assert not authorizer.is_role_accepted(role=TRUSTEE, auth_constraint_role=IDENTITY_OWNER) assert not authorizer.is_role_accepted(role=None, auth_constraint_role=IDENTITY_OWNER) assert authorizer.is_role_accepted(role=TRUSTEE, auth_constraint_role=TRUSTEE) assert authorizer.is_role_accepted(role="", auth_constraint_role="*")
def register_default_authorizers(self): self.register_authorizer( RolesAuthorizer(cache=self.cache), auth_constraint_id=ConstraintsEnum.ROLE_CONSTRAINT_ID) self.register_authorizer( AndAuthorizer(), auth_constraint_id=ConstraintsEnum.AND_CONSTRAINT_ID) self.register_authorizer( OrAuthorizer(), auth_constraint_id=ConstraintsEnum.OR_CONSTRAINT_ID) self.register_authorizer( ForbiddenAuthorizer(), auth_constraint_id=ConstraintsEnum.FORBIDDEN_CONSTRAINT_ID)
def test_role_authorizer_authorize_with_role(idr_cache, req_auth): authorizer = RolesAuthorizer(cache=idr_cache) authorized, reason = authorizer.authorize( req_auth, AuthConstraint(role="SomeRole", sig_count=1)) assert authorized
def test_role_authorizer_not_authorize_role(idr_cache, req_auth): authorizer = RolesAuthorizer(cache=idr_cache) authorized, reason = authorizer.authorize( req_auth, AuthConstraint(role="SomeOtherRole", sig_count=1)) assert not authorized assert reason == "role is not accepted"
def test_role_authorizer_role_accepted_for_all_roles(idr_cache, req_auth): authorizer = RolesAuthorizer(cache=idr_cache) assert authorizer.is_role_accepted(req_auth, AuthConstraint(role="*", sig_count=1))
def test_role_authorizer_role_not_accepted(idr_cache, req_auth): authorizer = RolesAuthorizer(cache=idr_cache) assert not authorizer.is_role_accepted( req_auth, AuthConstraint(role="SomeOtherRole", sig_count=1))
def test_role_authorizer_get_role(idr_cache, req_auth): authorizer = RolesAuthorizer(cache=idr_cache) assert authorizer.get_role(req_auth) == "SomeRole"
def test_role_authorizer_not_authorize_role(idr_cache, req_auth): authorizer = RolesAuthorizer(cache=idr_cache) authorized, reason = authorizer.authorize( req_auth, AuthConstraint(role="SomeOtherRole", sig_count=1)) assert not authorized assert reason == "Unknown role can not do this action"
def test_role_authorizer_not_authorize_role(idr_cache, req_auth): authorizer = RolesAuthorizer(cache=idr_cache) authorized, reason = authorizer.authorize( req_auth, AuthConstraint(role=TRUSTEE, sig_count=1)) assert not authorized assert reason == "Not enough TRUSTEE signatures"
def test_no_sign_by_author_if_0_sig(idr_cache, req_multi_signed_by_non_author): authorizer = RolesAuthorizer(cache=idr_cache) authorized, reason = authorizer.authorize( req_multi_signed_by_non_author, AuthConstraint(role=STEWARD, sig_count=0)) assert authorized
def test_role_authorizer_not_is_sig_count_accepted(idr_cache_none_role, req_auth): authorizer = RolesAuthorizer(cache=idr_cache_none_role) assert not authorizer.is_sig_count_accepted( req_auth, AuthConstraint(role=TRUSTEE, sig_count=10))
def test_role_authorizer_is_role_accepted(idr_cache, req_auth): authorizer = RolesAuthorizer(cache=idr_cache) assert authorizer.is_role_accepted( req_auth, AuthConstraint(role=STEWARD, sig_count=1))
def test_role_authorizer_not_authorize_role(idr_cache, req_auth): authorizer = RolesAuthorizer(cache=idr_cache) authorized, reason = authorizer.authorize( req_auth, AuthConstraint(role=TRUSTEE, sig_count=1)) assert not authorized assert reason == "STEWARD can not do this action"