def test_auth_start_election_group_count(db_session,
is_owner,
is_allowed,
client,
logged_in_user,
election_keys_foo,
countable_election_group,
owned_countable_election_group):
"""Allowed and denied scenario tests of startElectionGroupCount."""
election_group = (owned_countable_election_group(db_session,
logged_in_user.person)
if is_owner else countable_election_group(db_session))
variables = {
'id': str(election_group.id),
'electionKey': election_keys_foo['private']
}
mutation = """
mutation startElectionGroupCount($id: UUID!, $electionKey: String!) {
startElectionGroupCount(id: $id, electionKey: $electionKey) {
success
code
}
}
"""
execution = client.execute(
mutation, variables=variables, context=get_test_context(db_session))
response = execution['data']['startElectionGroupCount']
assert response['success'] == is_allowed
if not is_allowed:
assert response['code'] == 'permission-denied'
def test_auth_publish_election_group(db_session,
is_owner,
is_publisher,
is_allowed,
client,
logged_in_user,
simple_election_group,
owned_election_group,
make_person_publisher):
"""Allowed and denied scenario of publishElectionGroup."""
election_group = (owned_election_group(db_session, logged_in_user.person)
if is_owner else simple_election_group(db_session))
if is_publisher:
make_person_publisher(db_session, logged_in_user.person)
variables = {'id': str(election_group.id)}
mutation = """
mutation ($id: UUID!) {
publishElectionGroup(id: $id) {
success
code
}
}
"""
execution = client.execute(
mutation, variables=variables, context=get_test_context(db_session))
result = execution['data']['publishElectionGroup']
assert result['success'] == is_allowed
if not is_allowed:
assert result['code'] == 'permission-denied'
def test_auth_update_voter_info(db_session,
is_owner,
is_allowed,
client,
logged_in_user,
simple_election_group,
owned_election_group):
"""Allowed and denied scenario tests of updateVoterInfo."""
election_group = (owned_election_group(db_session, logged_in_user.person)
if is_owner else simple_election_group(db_session))
elections = [{'id': str(e.id),
'mandatePeriodStart': str(e.mandate_period_start),
'mandatePeriodEnd': str(e.mandate_period_end +
datetime.timedelta(days=3))}
for e in election_group.elections]
variables = {'elections': elections}
mutation = """
mutation ($elections: [ElectionVoterInfoInput]!) {
updateVoterInfo(elections: $elections) {
ok
}
}
"""
execution = client.execute(
mutation, variables=variables, context=get_test_context(db_session))
response = execution['data']['updateVoterInfo']
assert response['ok'] == is_allowed
def test_auth_update_pref_elec_candidate(db_session,
is_owner,
is_allowed,
client,
logged_in_user,
multiple_election_group,
owned_multiple_election_group):
"""Allowed and denied scenario tests of updatePrefElecCandidate."""
election_group = (owned_multiple_election_group(db_session,
logged_in_user.person)
if is_owner else multiple_election_group(db_session))
election_list = election_group.elections[0].lists[0]
candidate = election_group.elections[0].lists[0].candidates[0]
new_name = '{} Testesen'.format(candidate.name)
variables = {
'gender': candidate.meta['gender'],
'listId': str(election_list.id),
'id': str(candidate.id),
'name': new_name
}
mutation = """
mutation ($gender: String!, $listId: UUID!, $id: UUID!, $name: String!) {
updatePrefElecCandidate(gender: $gender,
listId: $listId,
id: $id,
name: $name) {
ok
}
}
"""
execution = client.execute(
mutation, variables=variables, context=get_test_context(db_session))
response = execution['data']['updatePrefElecCandidate']
assert response['ok'] == is_allowed
def test_allow_create_new_election_group(db_session,
ou,
client,
logged_in_user):
"""
Allow and deny scenario of createNewElectionGroup.
This mutations is always allowed so no need to test denying.
We need to include the logged_in_user fixture to have a user to run the
mutation.
"""
variables = {
'ouId': str(ou.id),
'template': True,
'templateName': 'uio_dean'
}
mutation = """
mutation ($ouId: UUID!, $template: Boolean!, $templateName: String!) {
createNewElectionGroup(ouId: $ouId,
template: $template,
templateName: $templateName) {
ok
}
}
"""
execution = client.execute(
mutation, variables=variables, context=get_test_context(db_session))
response = execution['data']['createNewElectionGroup']
assert response['ok']
def test_auth_add_team_pref_elec_candidate(db_session,
is_owner,
is_allowed,
client,
logged_in_user,
simple_election_group,
owned_election_group):
"""Allowed and denied scenario tests of addTeamPrefElecCandidate."""
election_group = (owned_election_group(db_session, logged_in_user.person)
if is_owner else simple_election_group(db_session))
election_list = election_group.elections[0].lists[0]
variables = {
'coCandidates': [{'name': 'Test Testemeresen'}],
'listId': str(election_list.id),
'name': 'Test Testesen'
}
mutation = """
mutation ($coCandidates: [CoCandidatesInput]!,
$listId: UUID!,
$name: String!) {
addTeamPrefElecCandidate(coCandidates: $coCandidates,
listId: $listId ,
name: $name) {
ok
}
}
"""
execution = client.execute(
mutation, variables=variables, context=get_test_context(db_session))
response = execution['data']['addTeamPrefElecCandidate']
assert response['ok'] == is_allowed
def test_auth_add_pref_elec_candidate(db_session,
is_owner,
is_allowed,
client,
logged_in_user,
multiple_election_group,
owned_multiple_election_group):
"""Allowed and denied scenario tests of addPrefElecCandidate."""
election_group = (owned_multiple_election_group(db_session,
logged_in_user.person)
if is_owner else multiple_election_group(db_session))
election_list = election_group.elections[0].lists[0]
variables = {
'gender': 'female',
'listId': str(election_list.id),
'name': 'Test Testesen'
}
mutation = """
mutation ($gender: String!, $listId: UUID!, $name: String!) {
addPrefElecCandidate(gender: $gender, listId: $listId , name: $name) {
ok
}
}
"""
execution = client.execute(
mutation, variables=variables, context=get_test_context(db_session))
response = execution['data']['addPrefElecCandidate']
assert response['ok'] == is_allowed
def test_auth_add_voter_by_person_id(db_session,
is_owner,
is_allowed,
client,
logged_in_user,
simple_person,
simple_election_group,
owned_election_group):
"""Allowed and denied scenario tests of addVoterByPersonId."""
election_group = (owned_election_group(db_session, logged_in_user.person)
if is_owner else simple_election_group(db_session))
pollbook = election_group.elections[0].pollbooks[0]
variables = {
'personId': str(simple_person(db_session).id),
'pollbookId': str(pollbook.id)
}
mutation = """
mutation ($personId: UUID!, $pollbookId: UUID!) {
addVoterByPersonId(personId: $personId, pollbookId: $pollbookId) {
id
}
}
"""
execution = client.execute(
mutation, variables=variables, context=get_test_context(db_session))
response = execution['data']['addVoterByPersonId']
assert (response is not None) == is_allowed
def test_auth_update_voter_pollbook(db_session,
is_owner,
is_allowed,
client,
logged_in_user,
simple_election_group,
owned_election_group):
"""Allowed and denied scenario tests of updateVoterPollbook."""
election_group = (owned_election_group(db_session, logged_in_user.person)
if is_owner else simple_election_group(db_session))
pollbook_1 = election_group.elections[0].pollbooks[0]
pollbook_2 = election_group.elections[0].pollbooks[1]
voter = next(x for x in pollbook_1.voters if not x.self_added)
variables = {'id': str(voter.id), 'pollbookId': str(pollbook_2.id)}
mutation = """
mutation ($id: UUID!, $pollbookId: UUID!) {
updateVoterPollbook(id: $id, pollbookId: $pollbookId) {
ok
}
}
"""
execution = client.execute(
mutation, variables=variables, context=get_test_context(db_session))
response = execution['data']['updateVoterPollbook']
assert response['ok'] == is_allowed
def test_auth_add_voter_by_identifier(db_session,
is_owner,
is_allowed,
client,
logged_in_user,
simple_person,
simple_election_group,
owned_election_group):
"""Allowed and denied scenario tests of addVoterByIdentifier."""
election_group = (owned_election_group(db_session, logged_in_user.person)
if is_owner else simple_election_group(db_session))
pollbook = election_group.elections[0].pollbooks[0]
feide_id = next(i for i in simple_person(db_session).identifiers if
i.id_type == 'feide_id')
variables = {
'idType': feide_id.id_type,
'idValue': feide_id.id_value,
'pollbookId': str(pollbook.id)
}
mutation = """
mutation ($idType: PersonIdType!, $idValue: String!, $pollbookId: UUID!) {
addVoterByIdentifier(idType: $idType,
idValue: $idValue,
pollbookId: $pollbookId) {
id
}
}
"""
execution = client.execute(
mutation, variables=variables, context=get_test_context(db_session))
response = execution['data']['addVoterByIdentifier']
assert (response is not None) == is_allowed
def test_update_voter_reason(db_session,
as_logged_in_user,
is_allowed,
client,
logged_in_user,
logged_in_votable_election_group):
"""Allow and deny scenarios for updateVoterReason."""
election_group = logged_in_votable_election_group(
db_session, logged_in_user.person)
pollbook = election_group.elections[0].pollbooks[0]
logged_in_feide_id = next(x.id_value for x in
logged_in_user.person.identifiers if
x.id_type == 'feide_id')
if as_logged_in_user:
voter = next(x for x in pollbook.voters if
x.id_value == logged_in_feide_id)
else:
voter = next(x for x in pollbook.voters if
x.id_value != logged_in_feide_id)
variables = {'id': str(voter.id), 'reason': 'Test 123'}
mutation = """
mutation ($id: UUID!, $reason: String!) {
updateVoterReason(id: $id, reason: $reason) {
ok
}
}
"""
execution = client.execute(
mutation, variables=variables, context=get_test_context(db_session))
response = execution['data']['updateVoterReason']
assert response['ok'] == is_allowed
def test_auth_delete_voter(db_session,
is_owner,
is_allowed,
client,
logged_in_user,
simple_election_group,
owned_election_group):
"""Allow and deny scenarios for deleteVoter."""
election_group = (owned_election_group(db_session, logged_in_user.person)
if is_owner else simple_election_group(db_session))
voters = election_group.elections[0].pollbooks[0].voters
voter = next(x for x in voters if not x.self_added)
variables = {'id': str(voter.id)}
mutation = """
mutation ($id: UUID!) {
deleteVoter(id: $id) {
ok
}
}
"""
execution = client.execute(
mutation, variables=variables, context=get_test_context(db_session))
response = execution['data']['deleteVoter']
assert response['ok'] == is_allowed
def test_auth_remove_election_group_role_by_grant(db_session,
is_owner,
is_allowed,
client,
logged_in_user,
election_group_grant,
owned_election_group_grant):
"""Allow and deny scenarios for removeElectionGroupRoleByGrant."""
grant = (owned_election_group_grant(db_session, logged_in_user.person)
if is_owner else election_group_grant(db_session))
variables = {'grantId': str(grant.grant_id)}
mutation = """
mutation ($grantId: UUID!) {
removeElectionGroupRoleByGrant(grantId: $grantId) {
success
code
}
}
"""
execution = client.execute(
mutation, variables=variables, context=get_test_context(db_session))
response = execution['data']['removeElectionGroupRoleByGrant']
assert response['success'] == is_allowed
if not is_allowed:
assert response['code'] == 'permission-denied'
def test_auth_update_voting_periods(db_session,
is_owner,
is_allowed,
client,
logged_in_user,
multiple_election_group,
owned_multiple_election_group):
"""Allowed and denied scenario tests of updateVotingPeriods."""
election_group = (owned_multiple_election_group(
db_session, logged_in_user.person) if is_owner
else multiple_election_group(db_session))
elections = [{'id': str(e.id),
'start': str(e.start - datetime.timedelta(days=3)),
'end': str(e.end)}
for e in election_group.elections]
variables = {'hasMultipleTimes': False, 'elections': elections}
mutation = """
mutation ($hasMultipleTimes: Boolean!,
$elections: [ElectionVotingPeriodInput]!) {
updateVotingPeriods(hasMultipleTimes: $hasMultipleTimes,
elections: $elections) {
ok
}
}
"""
execution = client.execute(
mutation, variables=variables, context=get_test_context(db_session))
response = execution['data']['updateVotingPeriods']
assert response['ok'] == is_allowed
def test_auth_person_with_multiple_verified_voters_deny(
db_session, client, logged_in_user, votable_election_group):
"""Test auth for the electionGroup query."""
election_group = votable_election_group(db_session)
variables = {'id': str(election_group.id)}
execution = client.execute(queries['personsWithMultipleVerifiedVoters'],
variables=variables,
context=get_test_context(db_session))
response = execution['data']['personsWithMultipleVerifiedVoters']
assert not response
def test_auth_election_template(db_session, client):
"""
Test auth for the electionTemplate query.
Always allowed.
"""
execution = client.execute(queries['electionTemplate'],
context=get_test_context(db_session))
response = execution['data']['electionTemplate']
assert response
def test_auth_election_group_owned(db_session, client, logged_in_user,
owned_election_group):
"""Test auth for the electionGroup query."""
election_group = owned_election_group(db_session, logged_in_user.person)
variables = {'id': str(election_group.id)}
execution = client.execute(queries['electionGroup'],
variables=variables,
context=get_test_context(db_session))
response = execution['data']['electionGroup']
validate_election_group_info(response, True)
def test_auth_election_group_key_meta_not_owned(db_session, client,
logged_in_user,
votable_election_group):
"""Test auth for the electionGroup query."""
election_group = votable_election_group(db_session)
variables = {'id': str(election_group.id)}
execution = client.execute(queries['electionGroupKeyMeta'],
variables=variables,
context=get_test_context(db_session))
assert not execution['data']['electionGroupKeyMeta']
def test_auth_master_keys(db_session, client, master_key):
"""
Test auth for the masterKeys query.
Always allowed.
"""
private_key, master_key = master_key(db_session)
execution = client.execute(queries['masterKeys'],
context=get_test_context(db_session))
response = execution['data']['masterKeys']
assert len(response) == 1
assert response[0]['publicKey'] == master_key.public_key
def test_auth_election_groups_votable(db_session, client, logged_in_user,
simple_election_group,
votable_election_group):
"""Test auth for the electionGroup query."""
# Visible
votable_election_group(db_session)
# Not visible
simple_election_group(db_session)
execution = client.execute(queries['electionGroups'],
context=get_test_context(db_session))
print(execution)
response = execution['data']['electionGroups']
assert len(response) == 1
def test_auth_election_group_key_meta_owned(db_session, client, logged_in_user,
owned_votable_election_group):
"""Test auth for the electionGroup query."""
election_group = owned_votable_election_group(db_session,
logged_in_user.person)
variables = {'id': str(election_group.id)}
execution = client.execute(queries['electionGroupKeyMeta'],
variables=variables,
context=get_test_context(db_session))
response = execution['data']['electionGroupKeyMeta']
assert response['generatedAt']
validate_person_return_data(response['generatedBy'], True)
def test_auth_search_voters_not_owned(db_session, client, logged_in_user,
votable_election_group):
"""Test auth for the electionGroup query."""
election_group = votable_election_group(db_session)
voter = election_group.elections[0].pollbooks[0].voters[0]
variables = {
'electionGroupId': str(election_group.id),
'search': voter.id_value
}
execution = client.execute(queries['searchVoters'],
variables=variables,
context=get_test_context(db_session))
assert execution['data']['searchVoters'] == [None]
def test_auth_election_group_counting_results_not_owned(
db_session, client, logged_in_user, counted_election_group):
"""Test auth for the electionGroup query."""
election_group = counted_election_group(db_session)
variables = {'id': str(election_group.id)}
execution = client.execute(queries['electionGroupCountingResults'],
variables=variables,
context=get_test_context(db_session))
response = execution['data']['electionGroupCountingResults']
assert len(response) == 1
assert response[0]['id']
assert not response[0]['groupId']
assert not response[0]['initiatedAt']
assert not response[0]['finishedAt']
assert not response[0]['status']
def test_auth_election_group_count_owned(db_session, client, logged_in_user,
owned_counted_election_group):
"""Test auth for the electionGroup query."""
election_group = owned_counted_election_group(db_session,
logged_in_user.person)
count = get_latest_election_group_count(db_session, election_group.id)
variables = {'id': str(count.id)}
execution = client.execute(queries['electionGroupCount'],
variables=variables,
context=get_test_context(db_session))
response = execution['data']['electionGroupCount']
assert response['id']
assert response['groupId']
assert response['initiatedAt']
assert response['finishedAt']
assert response['status']
def test_auth_person_for_voter_not_in_my_election(client, db_session,
logged_in_user,
simple_election_group,
simple_person):
"""Test that we are not allowed to lookup the person for voter."""
election_group = simple_election_group(db_session)
pollbook = election_group.elections[0].pollbooks[0]
person = simple_person(db_session)
voter_policy = ElectionVoterPolicy(db_session)
voter = voter_policy.add_voter(pollbook, person, self_added=False)
variables = {'voterId': str(voter.id)}
execution = client.execute(queries['personForVoter'],
variables=variables,
context=get_test_context(db_session))
response = execution['data']['personForVoter']
validate_person_return_data(response, False)
def test_auth_vote(db_session,
is_owner,
as_logged_in_user,
is_allowed,
client,
blank_pref_election_ballot_data,
votable_election_group,
logged_in_votable_election_group,
owned_logged_in_votable_election_group,
owned_votable_election_group,
logged_in_user):
"""Allow and deny scenarios for vote."""
if as_logged_in_user:
election_group = (owned_logged_in_votable_election_group(
db_session, logged_in_user.person) if is_owner else
logged_in_votable_election_group(
db_session, logged_in_user.person))
else:
election_group = (owned_votable_election_group(
db_session, logged_in_user.person)
if is_owner else votable_election_group(db_session))
pollbook = election_group.elections[0].pollbooks[0]
logged_in_feide_id = next(x.id_value for x in
logged_in_user.person.identifiers if
x.id_type == 'feide_id')
if as_logged_in_user:
voter = next(x for x in pollbook.voters if
x.id_value == logged_in_feide_id)
else:
voter = pollbook.voters[0]
variables = {
'voterId': str(voter.id),
'ballot': json.dumps(blank_pref_election_ballot_data)
}
mutation = """
mutation ($voterId: UUID!, $ballot: JSONString!) {
vote(voterId: $voterId, ballot: $ballot) {
ballotId
ok
}
}
"""
execution = client.execute(
mutation, variables=variables, context=get_test_context(db_session))
response = execution['data']['vote']
assert response['ok'] == is_allowed
def test_auth_search_voters_owned(db_session, client, logged_in_user,
owned_votable_election_group):
"""Test auth for the electionGroup query."""
election_group = owned_votable_election_group(db_session,
logged_in_user.person)
voter = election_group.elections[0].pollbooks[0].voters[0]
variables = {
'electionGroupId': str(election_group.id),
'search': voter.id_value
}
execution = client.execute(queries['searchVoters'],
variables=variables,
context=get_test_context(db_session))
response = execution['data']['searchVoters']
assert len(response) == 1
assert response[0]['id']
assert response[0]['idValue'] == voter.id_value
assert response[0]['idType'] == voter.id_type
def test_auth_voters_for_person_in_my_election(client, db_session,
logged_in_user,
owned_election_group,
simple_person):
"""Test that we are allowed to lookup the person in owned election."""
election_group = owned_election_group(db_session, logged_in_user.person)
pollbook = election_group.elections[0].pollbooks[0]
person = simple_person(db_session)
voter_policy = ElectionVoterPolicy(db_session)
voter = voter_policy.add_voter(pollbook, person, self_added=False)
variables = {'id': str(person.id)}
execution = client.execute(queries['votersForPerson'],
variables=variables,
context=get_test_context(db_session))
response = execution['data']['votersForPerson']
assert len(response) == 1
validate_voter_return_data(response[0], True)
def test_auth_election_result_not_owned(db_session, client, logged_in_user,
counted_election_group):
"""Test auth for the electionGroup query."""
election_group = counted_election_group(db_session)
count = get_latest_election_group_count(db_session, election_group.id)
election_result = count.election_results[0]
variables = {'id': str(election_result.id)}
execution = client.execute(queries['electionResult'],
variables=variables,
context=get_test_context(db_session))
response = execution['data']['electionResult']
assert response['id']
assert not response['electionProtocol']
assert not response['ballots']
assert not response['electionId']
assert not response['electionGroupCountId']
assert not response['result']
assert not response['pollbookStats']
assert not response['ballotsWithMetadata']
def test_auth_upload_census_file(db_session,
is_owner,
is_allowed,
client,
logged_in_user,
simple_election_group,
owned_election_group,
feide_id_plane_text_census_builder,
celery_app,
monkeypatch):
"""Allow and deny scenarios for uploadCensusFile."""
# Mokeypatch away the celery job.
monkeypatch.setattr(
'evalg.tasks.flask_celery.make_celery', lambda a: celery_app)
monkeypatch.setattr(
'evalg.tasks.celery_worker.import_census_file_task.delay',
lambda x, y: f"Patched {x}-{y}")
election_group = (owned_election_group(db_session, logged_in_user.person)
if is_owner else simple_election_group(db_session))
pollbook = election_group.elections[0].pollbooks[0]
variables = {
'censusFile': feide_id_plane_text_census_builder.files['file'],
'pollbookId': str(pollbook.id)
}
mutation = """
mutation ($censusFile: Upload!, $pollbookId: UUID!) {
uploadCensusFile(censusFile: $censusFile, pollbookId: $pollbookId) {
success
code
numFailed
numOk
}
}
"""
execution = client.execute(
mutation, variables=variables, context=get_test_context(db_session))
response = execution['data']['uploadCensusFile']
assert response['success'] == is_allowed
if not is_allowed:
assert response['code'] == 'permission-denied'
