def test_user_cannot_log_in(self, tenants_users):
tc = ApiClient(tenantadm.URL_INTERNAL)
uc = ApiClient(useradm.URL_MGMT)
for u in tenants_users[0].users:
r = uc.call('POST', useradm.URL_LOGIN, auth=(u.name, u.pwd))
assert r.status_code == 200
# tenant's users can log in
for u in tenants_users[0].users:
r = uc.call('POST', useradm.URL_LOGIN, auth=(u.name, u.pwd))
assert r.status_code == 200
assert r.status_code == 200
# suspend tenant
r = tc.call('PUT',
tenantadm.URL_INTERNAL_SUSPEND,
tenantadm.req_status('suspended'),
path_params={'tid': tenants_users[0].id})
assert r.status_code == 200
time.sleep(10)
# none of tenant's users can log in
for u in tenants_users[0].users:
r = uc.call('POST', useradm.URL_LOGIN, auth=(u.name, u.pwd))
assert r.status_code == 401
# but other users still can
for u in tenants_users[1].users:
r = uc.call('POST', useradm.URL_LOGIN, auth=(u.name, u.pwd))
assert r.status_code == 200
def test_accepted_dev_cant_authenticate(self, tenants_users_devices):
dacd = ApiClient(deviceauth.URL_DEVICES)
uc = ApiClient(useradm.URL_MGMT)
tc = ApiClient(tenantadm.URL_INTERNAL)
# accept a dev
device = tenants_users_devices[0].devices[0]
user = tenants_users_devices[0].users[0]
r = uc.call('POST', useradm.URL_LOGIN, auth=(user.name, user.pwd))
assert r.status_code == 200
utoken = r.text
aset = device.authsets[0]
change_authset_status(aset.did, aset.id, 'accepted', utoken)
# suspend
r = tc.call('PUT',
tenantadm.URL_INTERNAL_SUSPEND,
tenantadm.req_status('suspended'),
path_params={'tid': tenants_users_devices[0].id})
assert r.status_code == 200
time.sleep(10)
# try requesting auth
body, sighdr = deviceauth.auth_req(
aset.id_data, aset.pubkey, aset.privkey,
tenants_users_devices[0].tenant_token)
r = dacd.call('POST', deviceauth.URL_AUTH_REQS, body, headers=sighdr)
assert r.status_code == 401
assert r.json()['error'] == 'Account suspended'
def test_authenticated_dev_is_rejected(self, tenants_users_devices):
dac = ApiClient(deviceadm.URL_MGMT)
uc = ApiClient(useradm.URL_MGMT)
devauth = ApiClient(deviceauth.URL_DEVICES)
tc = ApiClient(tenantadm.URL_INTERNAL)
dc = ApiClient(deployments.URL_DEVICES)
# accept a dev
device = tenants_users_devices[0].devices[0]
user = tenants_users_devices[0].users[0]
r = uc.call('POST', useradm.URL_LOGIN, auth=(user.name, user.pwd))
assert r.status_code == 200
utoken = r.text
dev = tenants_users_devices[0].devices[0]
r = dac.with_auth(utoken).call(
'PUT',
deviceadm.URL_AUTHSET_STATUS,
deviceadm.req_status('accepted'),
path_params={'id': get_authset_id(dev.pubkey, utoken)})
assert r.status_code == 200
# request auth
body, sighdr = deviceauth.auth_req(device.id_data, device.pubkey,
device.privkey, device.tenant_token)
r = devauth.call('POST',
deviceauth.URL_AUTH_REQS,
body,
headers=sighdr)
assert r.status_code == 200
dtoken = r.text
# check device can access APIs
r = dc.with_auth(dtoken).call('GET',
deployments.URL_NEXT,
qs_params={
'device_type': 'foo',
'artifact_name': 'bar'
})
assert r.status_code == 204
# suspend
r = tc.call('PUT',
tenantadm.URL_INTERNAL_SUSPEND,
tenantadm.req_status('suspended'),
path_params={'tid': tenants_users_devices[0].id})
assert r.status_code == 200
time.sleep(10)
# check device is rejected
r = dc.with_auth(dtoken).call('GET',
deployments.URL_NEXT,
qs_params={
'device_type': 'foo',
'artifact_name': 'bar'
})
assert r.status_code == 401
def test_authenticated_user_is_rejected(self, tenants_users):
tc = ApiClient(tenantadm.URL_INTERNAL)
uc = ApiClient(useradm.URL_MGMT)
dc = ApiClient(deviceauth_v2.URL_MGMT)
u = tenants_users[0].users[0]
# log in
r = uc.call('POST', useradm.URL_LOGIN, auth=(u.name, u.pwd))
assert r.status_code == 200
token = r.text
# check can access an api
r = dc.with_auth(token).call('GET', deviceauth_v2.URL_DEVICES)
assert r.status_code == 200
# suspend tenant
r = tc.call('PUT',
tenantadm.URL_INTERNAL_SUSPEND,
tenantadm.req_status('suspended'),
path_params={'tid': tenants_users[0].id})
assert r.status_code == 200
time.sleep(10)
# check token is rejected
r = dc.with_auth(token).call('GET', deviceauth_v2.URL_DEVICES)
assert r.status_code == 401
def test_accepted_dev_cant_authenticate(self, tenants_users_devices):
dac = ApiClient(deviceadm.URL_MGMT)
uc = ApiClient(useradm.URL_MGMT)
devauth = ApiClient(deviceauth.URL_DEVICES)
tc = ApiClient(tenantadm.URL_INTERNAL)
# accept a dev
device = tenants_users_devices[0].devices[0]
user = tenants_users_devices[0].users[0]
r = uc.call('POST', useradm.URL_LOGIN, auth=(user.name, user.pwd))
assert r.status_code == 200
utoken = r.text
dev = tenants_users_devices[0].devices[0]
r = dac.with_auth(utoken).call(
'PUT',
deviceadm.URL_AUTHSET_STATUS,
deviceadm.req_status('accepted'),
path_params={'id': get_authset_id(dev.pubkey, utoken)})
assert r.status_code == 200
# suspend
r = tc.call('PUT',
tenantadm.URL_INTERNAL_SUSPEND,
tenantadm.req_status('suspended'),
path_params={'tid': tenants_users_devices[0].id})
assert r.status_code == 200
time.sleep(10)
# try requesting auth
body, sighdr = deviceauth.auth_req(device.id_data, device.pubkey,
device.privkey, device.tenant_token)
r = devauth.call('POST',
deviceauth.URL_AUTH_REQS,
body,
headers=sighdr)
assert r.status_code == 401
assert r.json()['error'] == 'Account suspended'