def test_token_time_limits_reflect_server_limits(app):
"""Test that if a user's token time limits are bounded to those current on the server."""
with app.app_context():
user = User(username="******", password="******")
user_group = Group(name="TEST_USER", user_group=True)
user.groups.append(user_group)
server = Server(
name="TEST_SERVER",
longest_token_life=2880,
latest_token_expiry=datetime.datetime(2020, 1, 1),
)
token_limits = GroupServerTokenLimits(
group=user_group,
longest_life=2880,
latest_end=datetime.datetime(2020, 1, 1),
server=server,
)
db.session.add(user)
db.session.add(user_group)
db.session.add(server)
db.session.add(token_limits)
db.session.commit()
limits = user.token_limits(server)
assert 2880 == limits["longest_life"]
assert datetime.datetime(2020, 1, 1) == limits["latest_end"]
server.longest_token_life = 10
limits = user.token_limits(server)
assert 10 == limits["longest_life"]
server.latest_token_expiry = datetime.datetime(2019, 1, 1)
limits = user.token_limits(server)
assert datetime.datetime(2019, 1, 1) == limits["latest_end"]
def test_disallow_right_on_server_disallows_for_group(app):
"""Test that if a claim is disallowed on a server, it will be disallowed even if previously granted to groups."""
with app.app_context():
session = db.session
user = User(username="******", password="******")
user_group = Group(name="TEST_USER", user_group=True)
user.groups.append(user_group)
session.add(user)
session.add(user_group)
server = Server(
name="TEST_SERVER",
longest_token_life=2880,
latest_token_expiry=datetime.datetime(2020, 1, 1),
)
session.add(server)
server_capability = ServerCapability(
server=server,
capability="get_result&DUMMY_ROUTE",
enabled=True,
capability_hash=md5(b"get_result&DUMMY_ROUTE").hexdigest(),
)
session.add(server_capability)
gsp = GroupServerPermission(group=user_group,
server_capability=server_capability)
session.add(gsp)
token_limits = GroupServerTokenLimits(
group=user_group,
longest_life=1440,
latest_end=datetime.datetime(2019, 1, 1),
server=server,
)
session.add(token_limits)
session.commit()
claims = user.allowed_claims(server)
assert "get_result&DUMMY_ROUTE" in claims
session.delete(gsp)
session.commit()
claims = user.allowed_claims(server)
assert [] == claims
def test_data(app, test_admin, test_user, test_group):
with app.app_context():
test_group = Group.query.filter(Group.id == test_group.id).first()
# Each user is also a group
for user in User.query.all():
test_group.members.append(user)
db.session.add(test_group)
# Add some servers
dummy_server_a = Server(
name="DUMMY_SERVER_A",
longest_token_life=2,
latest_token_expiry=datetime.datetime.now().date()
+ datetime.timedelta(days=365),
)
dummy_server_b = Server(
name="DUMMY_SERVER_B",
longest_token_life=2,
latest_token_expiry=datetime.datetime.now().date()
+ datetime.timedelta(days=700),
)
db.session.add(dummy_server_a)
db.session.add(dummy_server_b)
# Add some things that you can do on the servers
scs = []
for action, cap, admin_unit in product(
("get_result", "run"),
("DUMMY_ROUTE_A", "DUMMY_ROUTE_B"),
(f"admin{x}" for x in range(4)),
):
sc_a = ServerCapability(
capability=f"{action}&{cap}.aggregation_unit.{admin_unit}",
server=dummy_server_a,
enabled=True,
)
scs.append(sc_a)
db.session.add(sc_a)
sc_b = ServerCapability(
capability=f"{action}&{cap}.aggregation_unit.{admin_unit}",
server=dummy_server_b,
enabled=True,
)
scs.append(sc_b)
db.session.add(sc_b)
# Give test user group permissions on Haiti
for sc in dummy_server_a.capabilities:
gsp = GroupServerPermission(group=test_group, server_capability=sc)
db.session.add(gsp)
db.session.add(
GroupServerTokenLimits(
group=test_group,
longest_life=2,
latest_end=datetime.datetime.now().date()
+ datetime.timedelta(days=365),
server=dummy_server_a,
)
)
# Give test admin a token on server b
t = Token(
name="DUMMY_TOKEN",
token="DUMMY_TOKEN_STRING",
expires=datetime.datetime.now().date() + datetime.timedelta(days=1),
owner=User.query.all()[0],
server=dummy_server_b,
)
db.session.add(t)
db.session.commit()