def test_senario_1(): # create ADB instance adb = ADB(KEYJAR, 3600, issuer, RESSRV, RSR_PATH) # register resource set rsd = ResourceSetDescription(name='foo', scopes=[READ, WRITE]) status = adb.resource_set.create(rsd.to_json(), 'alice') rsid = status['_id'] # assume no authorization decisions has been made # accessing a resource set will eventually result in a ticket being issued prreq = PermissionRegistrationRequest(resource_set_id=rsid, scopes=[READ]) ticket = adb.ticket_factory.pack(aud=['client_id']) adb.permission_requests[ticket] = [prreq] # Still no authz dec. So this should fail try: adb.issue_rpt(ticket, {'sub': 'roger'}) except TicketError as err: assert err.typ == 'not_authorized' else: assert False # Authz dec made permission = { 'resource_set_id': rsid, 'scopes': [READ], 'require': { 'sub': 'roger' } } pid = adb.store_permission(permission, 'alice') # Get an RPT. This should now work rpt = adb.issue_rpt(ticket, {'sub': 'roger'}) assert rpt # later use the RPT, turn into authz descriptions ad = adb.introspection(rpt) assert len(ad) == 1 assert ad[0]['resource_set_id'] == rsid assert ad[0]['scopes'] == [READ] # Get an RPT. This should not work since the ticket is 'one time use' try: adb.issue_rpt(ticket, {'sub': 'roger'}) except TicketError as err: assert err.typ == 'invalid' else: assert False # The authz on which issuing the RPT is based is removed adb.remove_permission('alice', pid=pid) # Now introspections should fail assert adb.introspection(rpt) == []
def test_senario_1(): # create ADB instance adb = ADB(KEYJAR, 3600, issuer, RESSRV, RSR_PATH) # register resource set rsd = ResourceSetDescription(name='foo', scopes=[READ, WRITE]) status = adb.resource_set.create(rsd.to_json(), 'alice') rsid = status['_id'] # assume no authorization decisions has been made # accessing a resource set will eventually result in a ticket being issued prreq = PermissionRegistrationRequest(resource_set_id=rsid, scopes=[READ]) ticket = adb.ticket_factory.pack(aud=['client_id']) adb.permission_requests[ticket] = [prreq] # Still no authz dec. So this should fail try: adb.issue_rpt(ticket, {'sub': 'roger'}) except TicketError as err: assert err.typ == 'not_authorized' else: assert False # Authz dec made permission = {'resource_set_id': rsid, 'scopes': [READ], 'require': {'sub': 'roger'}} pid = adb.store_permission(permission, 'alice') # Get an RPT. This should now work rpt = adb.issue_rpt(ticket, {'sub': 'roger'}) assert rpt # later use the RPT, turn into authz descriptions ad = adb.introspection(rpt) assert len(ad) == 1 assert ad[0]['resource_set_id'] == rsid assert ad[0]['scopes'] == [READ] # Get an RPT. This should not work since the ticket is 'one time use' try: adb.issue_rpt(ticket, {'sub': 'roger'}) except TicketError as err: assert err.typ == 'invalid' else: assert False # The authz on which issuing the RPT is based is removed adb.remove_permission('alice', pid=pid) # Now introspections should fail assert adb.introspection(rpt) == []