def test_token_time_limits_reflect_server_limits(app): """Test that if a user's token time limits are bounded to those current on the server.""" with app.app_context(): user = User(username="******", password="******") user_group = Group(name="TEST_USER", user_group=True) user.groups.append(user_group) server = Server( name="TEST_SERVER", longest_token_life=2880, latest_token_expiry=datetime.datetime(2020, 1, 1), ) token_limits = GroupServerTokenLimits( group=user_group, longest_life=2880, latest_end=datetime.datetime(2020, 1, 1), server=server, ) db.session.add(user) db.session.add(user_group) db.session.add(server) db.session.add(token_limits) db.session.commit() limits = user.token_limits(server) assert 2880 == limits["longest_life"] assert datetime.datetime(2020, 1, 1) == limits["latest_end"] server.longest_token_life = 10 limits = user.token_limits(server) assert 10 == limits["longest_life"] server.latest_token_expiry = datetime.datetime(2019, 1, 1) limits = user.token_limits(server) assert datetime.datetime(2019, 1, 1) == limits["latest_end"]
def test_disallow_right_on_server_disallows_for_group(app): """Test that if a claim is disallowed on a server, it will be disallowed even if previously granted to groups.""" with app.app_context(): session = db.session user = User(username="******", password="******") user_group = Group(name="TEST_USER", user_group=True) user.groups.append(user_group) session.add(user) session.add(user_group) server = Server( name="TEST_SERVER", longest_token_life=2880, latest_token_expiry=datetime.datetime(2020, 1, 1), ) session.add(server) server_capability = ServerCapability( server=server, capability="get_result&DUMMY_ROUTE", enabled=True, capability_hash=md5(b"get_result&DUMMY_ROUTE").hexdigest(), ) session.add(server_capability) gsp = GroupServerPermission(group=user_group, server_capability=server_capability) session.add(gsp) token_limits = GroupServerTokenLimits( group=user_group, longest_life=1440, latest_end=datetime.datetime(2019, 1, 1), server=server, ) session.add(token_limits) session.commit() claims = user.allowed_claims(server) assert "get_result&DUMMY_ROUTE" in claims session.delete(gsp) session.commit() claims = user.allowed_claims(server) assert [] == claims
def test_data(app, test_admin, test_user, test_group): with app.app_context(): test_group = Group.query.filter(Group.id == test_group.id).first() # Each user is also a group for user in User.query.all(): test_group.members.append(user) db.session.add(test_group) # Add some servers dummy_server_a = Server( name="DUMMY_SERVER_A", longest_token_life=2, latest_token_expiry=datetime.datetime.now().date() + datetime.timedelta(days=365), ) dummy_server_b = Server( name="DUMMY_SERVER_B", longest_token_life=2, latest_token_expiry=datetime.datetime.now().date() + datetime.timedelta(days=700), ) db.session.add(dummy_server_a) db.session.add(dummy_server_b) # Add some things that you can do on the servers scs = [] for action, cap, admin_unit in product( ("get_result", "run"), ("DUMMY_ROUTE_A", "DUMMY_ROUTE_B"), (f"admin{x}" for x in range(4)), ): sc_a = ServerCapability( capability=f"{action}&{cap}.aggregation_unit.{admin_unit}", server=dummy_server_a, enabled=True, ) scs.append(sc_a) db.session.add(sc_a) sc_b = ServerCapability( capability=f"{action}&{cap}.aggregation_unit.{admin_unit}", server=dummy_server_b, enabled=True, ) scs.append(sc_b) db.session.add(sc_b) # Give test user group permissions on Haiti for sc in dummy_server_a.capabilities: gsp = GroupServerPermission(group=test_group, server_capability=sc) db.session.add(gsp) db.session.add( GroupServerTokenLimits( group=test_group, longest_life=2, latest_end=datetime.datetime.now().date() + datetime.timedelta(days=365), server=dummy_server_a, ) ) # Give test admin a token on server b t = Token( name="DUMMY_TOKEN", token="DUMMY_TOKEN_STRING", expires=datetime.datetime.now().date() + datetime.timedelta(days=1), owner=User.query.all()[0], server=dummy_server_b, ) db.session.add(t) db.session.commit()