class TestIdentityManagementServiceInt(IonIntegrationTestCase):
    
    def setUp(self):
        self.subject = "/DC=org/DC=cilogon/C=US/O=ProtectNetwork/CN=Roger Unwin A254"

        # Start container
        self._start_container()
        self.container.start_rel_from_url('res/deploy/r2deploy.yml')

        self.resource_registry = ResourceRegistryServiceClient(node=self.container.node)
        self.identity_management_service = IdentityManagementServiceClient(node=self.container.node)
        self.org_client = OrgManagementServiceClient(node=self.container.node)

    def test_actor_identity(self):
        actor_identity_obj = IonObject("ActorIdentity", {"name": self.subject})        
        user_id = self.identity_management_service.create_actor_identity(actor_identity_obj)

        actor_identity = self.identity_management_service.read_actor_identity(user_id)

        actor_identity.name = 'Updated subject'
        self.identity_management_service.update_actor_identity(actor_identity)

        ai = self.identity_management_service.find_actor_identity_by_name(actor_identity.name)
        self._baseAssertEqual(ai.name, actor_identity.name)
        with self.assertRaises(NotFound):
            ai = self.identity_management_service.find_actor_identity_by_name("Yeah, well, you know, that's just, like, your opinion, man.")

        self._baseAssertEqual(ai.name, actor_identity.name)

        self.identity_management_service.delete_actor_identity(user_id)
 
        with self.assertRaises(NotFound) as cm:
            self.identity_management_service.read_actor_identity(user_id)
        self.assertTrue("does not exist" in cm.exception.message)
 
        with self.assertRaises(NotFound) as cm:
            self.identity_management_service.delete_actor_identity(user_id)
        self.assertTrue("does not exist" in cm.exception.message)

    def test_user_credentials(self):
        actor_identity_obj = IonObject("ActorIdentity", {"name": self.subject})        
        user_id = self.identity_management_service.create_actor_identity(actor_identity_obj)

        user_credentials_obj = IonObject("UserCredentials", {"name": self.subject})        
        self.identity_management_service.register_user_credentials(user_id, user_credentials_obj)

        with self.assertRaises(NotFound) as cm:
            self.identity_management_service.unregister_user_credentials("bad", self.subject)
        self.assertTrue("does not exist" in cm.exception.message)

        with self.assertRaises(NotFound) as cm:
            self.identity_management_service.unregister_user_credentials(user_id, "bad")
        self.assertTrue("does not exist" in cm.exception.message)

        with self.assertRaises(NotFound) as cm:
            self.identity_management_service.unregister_user_credentials('bad', 'bad')
        self.assertTrue("does not exist" in cm.exception.message)

        self.identity_management_service.unregister_user_credentials(user_id, self.subject)

        self.identity_management_service.delete_actor_identity(user_id)




    def test_user_info(self):
        actor_identity_obj = IonObject("ActorIdentity", {"name": self.subject})
        user_id = self.identity_management_service.create_actor_identity(actor_identity_obj)

        user_credentials_obj = IonObject("UserCredentials", {"name": self.subject})
        self.identity_management_service.register_user_credentials(user_id, user_credentials_obj)

        user_info_obj = IonObject("UserInfo", {"name": "Foo"})
        user_info = self.identity_management_service.create_user_info(user_id, user_info_obj)

        with self.assertRaises(Conflict) as cm:
            self.identity_management_service.create_user_info(user_id, user_info_obj)
        self.assertTrue("UserInfo already exists for user id" in cm.exception.message)

        user_info_obj = self.identity_management_service.find_user_info_by_id(user_id)

        user_info_obj = self.identity_management_service.find_user_info_by_name("Foo")

        user_info_obj = self.identity_management_service.find_user_info_by_subject(self.subject)

        user_info_obj = self.identity_management_service.read_user_info(user_info)

        user_info_obj.name = 'Jane Doe'

        self.identity_management_service.update_user_info(user_info_obj)

        self.identity_management_service.delete_user_info(user_info)

        with self.assertRaises(NotFound) as cm:
            self.identity_management_service.read_user_info(user_info)
        self.assertTrue('does not exist' in cm.exception.message)

        with self.assertRaises(NotFound) as cm:
            self.identity_management_service.delete_user_info(user_info)
        self.assertTrue('does not exist' in cm.exception.message)

        with self.assertRaises(NotFound) as cm:
            self.identity_management_service.find_user_info_by_name("John Doe")
        self.assertEqual(cm.exception.message, 'UserInfo with name John Doe does not exist')

        with self.assertRaises(NotFound) as cm:
            self.identity_management_service.find_user_info_by_subject("Bogus subject")
        self.assertEqual(cm.exception.message, "UserCredentials with subject Bogus subject does not exist")

        self.identity_management_service.unregister_user_credentials(user_id, self.subject)

        self.identity_management_service.delete_actor_identity(user_id)


    def test_signon(self):
        certificate =  """-----BEGIN CERTIFICATE-----
MIIEMzCCAxugAwIBAgICBQAwDQYJKoZIhvcNAQEFBQAwajETMBEGCgmSJomT8ixkARkWA29yZzEX
MBUGCgmSJomT8ixkARkWB2NpbG9nb24xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdDSUxvZ29uMRsw
GQYDVQQDExJDSUxvZ29uIEJhc2ljIENBIDEwHhcNMTAxMTE4MjIyNTA2WhcNMTAxMTE5MTAzMDA2
WjBvMRMwEQYKCZImiZPyLGQBGRMDb3JnMRcwFQYKCZImiZPyLGQBGRMHY2lsb2dvbjELMAkGA1UE
BhMCVVMxFzAVBgNVBAoTDlByb3RlY3ROZXR3b3JrMRkwFwYDVQQDExBSb2dlciBVbndpbiBBMjU0
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6QhsWxhUXbIxg+1ZyEc7d+hIGvchVmtb
g0kKLmivgoVsA4U7swNDRH6svW242THta0oTf6crkRx7kOKg6jma2lcAC1sjOSddqX7/92ChoUPq
7LWt2T6GVVA10ex5WAeB/o7br/Z4U8/75uCBis+ru7xEDl09PToK20mrkcz9M4HqIv1eSoPkrs3b
2lUtQc6cjuHRDU4NknXaVMXTBHKPM40UxEDHJueFyCiZJFg3lvQuSsAl4JL5Z8pC02T8/bODBuf4
dszsqn2SC8YDw1xrujvW2Bd7Q7BwMQ/gO+dZKM1mLJFpfEsR9WrjMeg6vkD2TMWLMr0/WIkGC8u+
6M6SMQIDAQABo4HdMIHaMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgSwMBMGA1UdJQQMMAoG
CCsGAQUFBwMCMBgGA1UdIAQRMA8wDQYLKwYBBAGCkTYBAgEwagYDVR0fBGMwYTAuoCygKoYoaHR0
cDovL2NybC5jaWxvZ29uLm9yZy9jaWxvZ29uLWJhc2ljLmNybDAvoC2gK4YpaHR0cDovL2NybC5k
b2Vncmlkcy5vcmcvY2lsb2dvbi1iYXNpYy5jcmwwHwYDVR0RBBgwFoEUaXRzYWdyZWVuMUB5YWhv
by5jb20wDQYJKoZIhvcNAQEFBQADggEBAEYHQPMY9Grs19MHxUzMwXp1GzCKhGpgyVKJKW86PJlr
HGruoWvx+DLNX75Oj5FC4t8bOUQVQusZGeGSEGegzzfIeOI/jWP1UtIjzvTFDq3tQMNvsgROSCx5
CkpK4nS0kbwLux+zI7BWON97UpMIzEeE05pd7SmNAETuWRsHMP+x6i7hoUp/uad4DwbzNUGIotdK
f8b270icOVgkOKRdLP/Q4r/x8skKSCRz1ZsRdR+7+B/EgksAJj7Ut3yiWoUekEMxCaTdAHPTMD/g
Mh9xL90hfMJyoGemjJswG5g3fAdTP/Lv0I6/nWeH/cLjwwpQgIEjEAVXl7KHuzX5vPD/wqQ=
-----END CERTIFICATE-----"""
        id, valid_until, registered = self.identity_management_service.signon(certificate, True)

        self.assertFalse(registered)

        id2, valid_until2, registered2 = self.identity_management_service.signon(certificate, True)

        self.assertFalse(registered2)
        self.assertTrue(id == id2)
        self.assertTrue(valid_until == valid_until2)

        user_info_obj = IonObject("UserInfo", {"name": "Foo"})        
        self.identity_management_service.create_user_info(id, user_info_obj)

        id3, valid_until3, registered3 = self.identity_management_service.signon(certificate, True)

        self.assertTrue(registered3)
        self.assertTrue(id == id3)
        self.assertTrue(valid_until == valid_until3)

    @attr('EXT')
    def test_get_extended_user_identity(self):

        actor_identity_obj = IonObject("ActorIdentity", {"name": self.subject})
        actor_id = self.identity_management_service.create_actor_identity(actor_identity_obj)

        user_credentials_obj = IonObject("UserCredentials", {"name": self.subject})
        self.identity_management_service.register_user_credentials(actor_id, user_credentials_obj)

        user_info_obj = IonObject("UserInfo", {"name": "Foo"})
        user_info_id = self.identity_management_service.create_user_info(actor_id, user_info_obj)

        ion_org = self.org_client.find_org()

        #Build the Service Agreement Proposal to to request a role but never close it
        sap = IonObject(OT.RequestRoleProposal,consumer=actor_id, provider=ion_org._id, role_name=ORG_MANAGER_ROLE )
        sap_response = self.org_client.negotiate(sap)

        #Just grant the role anyway
        #self.org_client.grant_role(ion_org._id, actor_id, ORG_MANAGER_ROLE)

        with self.assertRaises(NotFound):
            self.identity_management_service.get_user_info_extension('That rug really tied the room together.')
        with self.assertRaises(BadRequest):
            self.identity_management_service.get_user_info_extension()

        #Check the user without the negotiation role request
        extended_user = self.identity_management_service.get_user_info_extension(user_info_id, org_id=ion_org._id)
        self.assertEqual(user_info_obj.type_,extended_user.resource.type_)
        self.assertEqual(len(extended_user.roles),1)
        self.assertEqual(len(extended_user.open_requests),1)
        self.assertEqual(extended_user.open_requests[0].org_id, ion_org._id)
        self.assertEqual(extended_user.open_requests[0].user_id, user_info_id)
        self.assertEqual(extended_user.open_requests[0].request_type, OT.RequestRoleProposal)
        self.assertEqual(len(extended_user.closed_requests),0)
        self.assertEqual(extended_user.open_requests[0]._id, extended_user.open_requests[0].negotiation_id)

        neg = self.resource_registry.read(object_id=extended_user.open_requests[0].negotiation_id)
        sap_response = Negotiation.create_counter_proposal(neg, ProposalStatusEnum.ACCEPTED, ProposalOriginatorEnum.PROVIDER)
        sap_response2 = self.org_client.negotiate(sap_response)

        #Now check the user after the negotiation has been accepted and the role granted
        extended_user = self.identity_management_service.get_user_info_extension(user_info_id, org_id=ion_org._id)
        self.assertEqual(user_info_obj.type_,extended_user.resource.type_)
        self.assertEqual(len(extended_user.roles),2)
        self.assertEqual(len(extended_user.open_requests),0)
        self.assertEqual(len(extended_user.closed_requests),1)
        self.assertEqual(extended_user.closed_requests[0].org_id, ion_org._id)
        self.assertEqual(extended_user.closed_requests[0].user_id, user_info_id)
        self.assertEqual(extended_user.closed_requests[0].request_type, OT.RequestRoleProposal)

        self.identity_management_service.delete_user_info(user_info_id)

        self.org_client.revoke_role(org_id=ion_org._id, actor_id=actor_id, role_name=ORG_MANAGER_ROLE)

        self.identity_management_service.unregister_user_credentials(actor_id, self.subject)

        self.identity_management_service.delete_actor_identity(actor_id)



    def test_account_merge(self):
        certificate =  """-----BEGIN CERTIFICATE-----
MIIEMzCCAxugAwIBAgICBQAwDQYJKoZIhvcNAQEFBQAwajETMBEGCgmSJomT8ixkARkWA29yZzEX
MBUGCgmSJomT8ixkARkWB2NpbG9nb24xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdDSUxvZ29uMRsw
GQYDVQQDExJDSUxvZ29uIEJhc2ljIENBIDEwHhcNMTAxMTE4MjIyNTA2WhcNMTAxMTE5MTAzMDA2
WjBvMRMwEQYKCZImiZPyLGQBGRMDb3JnMRcwFQYKCZImiZPyLGQBGRMHY2lsb2dvbjELMAkGA1UE
BhMCVVMxFzAVBgNVBAoTDlByb3RlY3ROZXR3b3JrMRkwFwYDVQQDExBSb2dlciBVbndpbiBBMjU0
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6QhsWxhUXbIxg+1ZyEc7d+hIGvchVmtb
g0kKLmivgoVsA4U7swNDRH6svW242THta0oTf6crkRx7kOKg6jma2lcAC1sjOSddqX7/92ChoUPq
7LWt2T6GVVA10ex5WAeB/o7br/Z4U8/75uCBis+ru7xEDl09PToK20mrkcz9M4HqIv1eSoPkrs3b
2lUtQc6cjuHRDU4NknXaVMXTBHKPM40UxEDHJueFyCiZJFg3lvQuSsAl4JL5Z8pC02T8/bODBuf4
dszsqn2SC8YDw1xrujvW2Bd7Q7BwMQ/gO+dZKM1mLJFpfEsR9WrjMeg6vkD2TMWLMr0/WIkGC8u+
6M6SMQIDAQABo4HdMIHaMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgSwMBMGA1UdJQQMMAoG
CCsGAQUFBwMCMBgGA1UdIAQRMA8wDQYLKwYBBAGCkTYBAgEwagYDVR0fBGMwYTAuoCygKoYoaHR0
cDovL2NybC5jaWxvZ29uLm9yZy9jaWxvZ29uLWJhc2ljLmNybDAvoC2gK4YpaHR0cDovL2NybC5k
b2Vncmlkcy5vcmcvY2lsb2dvbi1iYXNpYy5jcmwwHwYDVR0RBBgwFoEUaXRzYWdyZWVuMUB5YWhv
by5jb20wDQYJKoZIhvcNAQEFBQADggEBAEYHQPMY9Grs19MHxUzMwXp1GzCKhGpgyVKJKW86PJlr
HGruoWvx+DLNX75Oj5FC4t8bOUQVQusZGeGSEGegzzfIeOI/jWP1UtIjzvTFDq3tQMNvsgROSCx5
CkpK4nS0kbwLux+zI7BWON97UpMIzEeE05pd7SmNAETuWRsHMP+x6i7hoUp/uad4DwbzNUGIotdK
f8b270icOVgkOKRdLP/Q4r/x8skKSCRz1ZsRdR+7+B/EgksAJj7Ut3yiWoUekEMxCaTdAHPTMD/g
Mh9xL90hfMJyoGemjJswG5g3fAdTP/Lv0I6/nWeH/cLjwwpQgIEjEAVXl7KHuzX5vPD/wqQ=
-----END CERTIFICATE-----"""
        subject = "/DC=org/DC=cilogon/C=US/O=ProtectNetwork/CN=Roger Unwin A254"
        certificate_2 = """-----BEGIN CERTIFICATE-----
MIIEMzCCAxugAwIBAgIDAJ/lMA0GCSqGSIb3DQEBCwUAMGsxEzARBgoJkiaJk/IsZAEZFgNvcmcx
FzAVBgoJkiaJk/IsZAEZFgdjaWxvZ29uMQswCQYDVQQGEwJVUzEQMA4GA1UEChMHQ0lMb2dvbjEc
MBoGA1UEAxMTQ0lMb2dvbiBPcGVuSUQgQ0EgMTAeFw0xMjEwMTcwMDE2NDlaFw0xMjEwMTcxMjIx
NDlaMGkxEzARBgoJkiaJk/IsZAEZEwNvcmcxFzAVBgoJkiaJk/IsZAEZEwdjaWxvZ29uMQswCQYD
VQQGEwJVUzEPMA0GA1UEChMGR29vZ2xlMRswGQYDVQQDExJPd2VuIE93bmVycmVwIEE4OTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYLdpgg88sntivH+af4oamlp7blsUQcCQ5Yc/b
VDP/dwEKfxTcW36tMV3asLO7GcL7z4FESG761LAe86siT9rcwg2ttLkRjI9KeA3sFjC28N8XjKZ1
estCqG3odqw2pjo3VEFaU57219vIYMJhjmHKEgSnlMQeChMYun/sYIO5uNFba9BfiB6/PRS+bgee
cXRsIAm1vkB89AHdEjqdvH0uSN+jGjF6aAPXsESh70DUAHzs14lbFAomig7AZafT+weh0G5pnayC
lutVnhb9SyS3s1+A6kx8z9mkDUwY/NKXisuDeXa+WbRVq51D+Lc7ffOI+Ph+ynyfFGMcCBzbMADX
AgMBAAGjgeEwgd4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBLAwEwYDVR0lBAwwCgYIKwYB
BQUHAwIwGAYDVR0gBBEwDzANBgsrBgEEAYKRNgEDAzBsBgNVHR8EZTBjMC+gLaArhilodHRwOi8v
Y3JsLmNpbG9nb24ub3JnL2NpbG9nb24tb3BlbmlkLmNybDAwoC6gLIYqaHR0cDovL2NybC5kb2Vn
cmlkcy5vcmcvY2lsb2dvbi1vcGVuaWQuY3JsMCEGA1UdEQQaMBiBFm93ZW5vd25lcnJlcEBnbWFp
bC5jb20wDQYJKoZIhvcNAQELBQADggEBAHWd6ZOjSmJyOUyyLgZAPJpkSuk7DT5mFRhszJhfTGnu
gANHRIJZMs5e/LCMypE+ftxb8mnhAE+kURA2DmeucazHUDP5oYofU+8KMYqcNKnPpLnuiw+bCJPa
3BDxrYoi+vVislHb0U+QDjVYtUtQ2b1/Xhv8ShH89O9i65bbOq+sqez6z2AD9RWOEwRwpQLc9D65
9lkrsKGmJtuG8q3NTpZ1DSuaLOtn0QqttdmCg3pu5edRtgdpGadaSGR4s222JasV439bSTL8Z0Ug
HtjSclGqi8IBmvRkTZI61zTVbGdOKMP90LV1p8noJVLRkZpWRjLxI5xy9El8daAWMdjfrSc=
-----END CERTIFICATE-----"""
        subject_2 = "/DC=org/DC=cilogon/C=US/O=Google/CN=Owen Ownerrep A893"

        # Try to merge with nonexistent email account
        with self.assertRaises(NotFound):
            self.identity_management_service.initiate_account_merge("*****@*****.**")
        with self.assertRaises(BadRequest):
            self.identity_management_service.initiate_account_merge()

        # Create two users
        id, valid_until, registered = self.identity_management_service.signon(certificate, True)
        self.assertFalse(registered)
        id_2, valid_until_2, registered_2 = self.identity_management_service.signon(certificate_2, True)
        self.assertFalse(registered_2)

        # Validate the two accounts are different
        self.assertNotEqual(id, id_2, "The two accounts should have two different user id")

        # Create UserInfo
        contact_info_obj = IonObject("ContactInformation",{"email": "*****@*****.**"})
        user_info_obj = IonObject("UserInfo", {"name": "Dude", "contact": contact_info_obj})
        user_info_id = self.identity_management_service.create_user_info(id, user_info_obj)

        contact_info_obj_2 = IonObject("ContactInformation",{"email": "*****@*****.**"})
        user_info_obj_2 = IonObject("UserInfo", {"name": "theDude", "contact": contact_info_obj_2})
        user_info_id_2 = self.identity_management_service.create_user_info(id_2, user_info_obj_2)

        # Make sure the two users are registered
        id, valid_until, registered = self.identity_management_service.signon(certificate, True)
        self.assertTrue(registered)
        id_2, valid_until_2, registered_2 = self.identity_management_service.signon(certificate_2, True)
        self.assertTrue(registered_2)

        token = self.identity_management_service.initiate_account_merge("*****@*****.**",  headers={'ion-actor-id':id})

        # Try merging accounts with invalid token string
        with self.assertRaises(NotFound):
            self.identity_management_service.complete_account_merge(token_string="0xBeeF", headers={'ion-actor-id':id})
        with self.assertRaises(BadRequest):
            self.identity_management_service.complete_account_merge()

        # Try merging accounts with a different user
        # Since this user hasn't initiated account merge, the token doesn't exist in his/her UserInfo
        with self.assertRaises(NotFound):
            self.identity_management_service.complete_account_merge(token, headers={'ion-actor-id':id_2})

        self.identity_management_service.complete_account_merge(token, headers={'ion-actor-id':id})

        # Try merging the account again
        with self.assertRaises(BadRequest):
            self.identity_management_service.complete_account_merge(token, headers={'ion-actor-id':id})

        # Signon again and verify the two accounts have been merged
        id, valid_until, registered = self.identity_management_service.signon(certificate, True)
        self.assertTrue(registered)
        id_2, valid_until_2, registered_2 = self.identity_management_service.signon(certificate_2, True)
        self.assertTrue(registered_2)

        # Validate the two accounts are the same
        self.assertEqual(id, id_2, "The two accounts should have the same id")

        # Try to merge to your own account
        with self.assertRaises(BadRequest):
            token = self.identity_management_service.initiate_account_merge("*****@*****.**",  headers={'ion-actor-id':id})

        #  Done testing. Delete user
        self.identity_management_service.delete_user_info(user_info_id)
        self.identity_management_service.unregister_user_credentials(id, subject)
        self.identity_management_service.delete_actor_identity(id)
class TestIdentityManagementServiceInt(IonIntegrationTestCase):
    
    def setUp(self):
        self.subject = "/DC=org/DC=cilogon/C=US/O=ProtectNetwork/CN=Roger Unwin A254"

        # Start container
        self._start_container()
        self.container.start_rel_from_url('res/deploy/r2coi.yml')

        self.identity_management_service = IdentityManagementServiceClient(node=self.container.node)

    def test_actor_identity(self):
        actor_identity_obj = IonObject("ActorIdentity", {"name": self.subject})        
        user_id = self.identity_management_service.create_actor_identity(actor_identity_obj)

        actor_identity = self.identity_management_service.read_actor_identity(user_id)

        actor_identity.name = 'Updated subject'
        self.identity_management_service.update_actor_identity(actor_identity)

        self.identity_management_service.delete_actor_identity(user_id)
 
        with self.assertRaises(NotFound) as cm:
            self.identity_management_service.read_actor_identity(user_id)
        self.assertTrue("does not exist" in cm.exception.message)
 
        with self.assertRaises(NotFound) as cm:
            self.identity_management_service.delete_actor_identity(user_id)
        self.assertTrue("does not exist" in cm.exception.message)

    def test_user_credentials(self):
        actor_identity_obj = IonObject("ActorIdentity", {"name": self.subject})        
        user_id = self.identity_management_service.create_actor_identity(actor_identity_obj)

        user_credentials_obj = IonObject("UserCredentials", {"name": self.subject})        
        self.identity_management_service.register_user_credentials(user_id, user_credentials_obj)

        with self.assertRaises(NotFound) as cm:
            self.identity_management_service.unregister_user_credentials("bad", self.subject)
        self.assertTrue("does not exist" in cm.exception.message)

        with self.assertRaises(NotFound) as cm:
            self.identity_management_service.unregister_user_credentials(user_id, "bad")
        self.assertTrue("does not exist" in cm.exception.message)

        with self.assertRaises(NotFound) as cm:
            self.identity_management_service.unregister_user_credentials('bad', 'bad')
        self.assertTrue("does not exist" in cm.exception.message)

        self.identity_management_service.unregister_user_credentials(user_id, self.subject)

        self.identity_management_service.delete_actor_identity(user_id)

    def test_user_info(self):
        actor_identity_obj = IonObject("ActorIdentity", {"name": self.subject})        
        user_id = self.identity_management_service.create_actor_identity(actor_identity_obj)

        user_credentials_obj = IonObject("UserCredentials", {"name": self.subject})        
        self.identity_management_service.register_user_credentials(user_id, user_credentials_obj)

        user_info_obj = IonObject("UserInfo", {"name": "Foo"})        
        user_info = self.identity_management_service.create_user_info(user_id, user_info_obj)

        with self.assertRaises(Conflict) as cm:
            self.identity_management_service.create_user_info(user_id, user_info_obj)
        self.assertTrue("UserInfo already exists for user id" in cm.exception.message)

        user_info_obj = self.identity_management_service.find_user_info_by_id(user_id)

        user_info_obj = self.identity_management_service.find_user_info_by_name("Foo")

        user_info_obj = self.identity_management_service.find_user_info_by_subject(self.subject)

        user_info_obj = self.identity_management_service.read_user_info(user_info)
        
        user_info_obj.name = 'Jane Doe'
        
        self.identity_management_service.update_user_info(user_info_obj)
        
        self.identity_management_service.delete_user_info(user_info)

        with self.assertRaises(NotFound) as cm:
            self.identity_management_service.read_user_info(user_info)
        self.assertTrue('does not exist' in cm.exception.message)

        with self.assertRaises(NotFound) as cm:
            self.identity_management_service.delete_user_info(user_info)
        self.assertTrue('does not exist' in cm.exception.message)

        with self.assertRaises(NotFound) as cm:
            self.identity_management_service.find_user_info_by_name("John Doe")
        self.assertEqual(cm.exception.message, 'UserInfo with name John Doe does not exist')

        with self.assertRaises(NotFound) as cm:
            self.identity_management_service.find_user_info_by_subject("Bogus subject")
        self.assertEqual(cm.exception.message, "UserCredentials with subject Bogus subject does not exist")

        self.identity_management_service.unregister_user_credentials(user_id, self.subject)

        self.identity_management_service.delete_actor_identity(user_id)

    def test_signon(self):
        certificate =  """-----BEGIN CERTIFICATE-----
MIIEMzCCAxugAwIBAgICBQAwDQYJKoZIhvcNAQEFBQAwajETMBEGCgmSJomT8ixkARkWA29yZzEX
MBUGCgmSJomT8ixkARkWB2NpbG9nb24xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdDSUxvZ29uMRsw
GQYDVQQDExJDSUxvZ29uIEJhc2ljIENBIDEwHhcNMTAxMTE4MjIyNTA2WhcNMTAxMTE5MTAzMDA2
WjBvMRMwEQYKCZImiZPyLGQBGRMDb3JnMRcwFQYKCZImiZPyLGQBGRMHY2lsb2dvbjELMAkGA1UE
BhMCVVMxFzAVBgNVBAoTDlByb3RlY3ROZXR3b3JrMRkwFwYDVQQDExBSb2dlciBVbndpbiBBMjU0
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6QhsWxhUXbIxg+1ZyEc7d+hIGvchVmtb
g0kKLmivgoVsA4U7swNDRH6svW242THta0oTf6crkRx7kOKg6jma2lcAC1sjOSddqX7/92ChoUPq
7LWt2T6GVVA10ex5WAeB/o7br/Z4U8/75uCBis+ru7xEDl09PToK20mrkcz9M4HqIv1eSoPkrs3b
2lUtQc6cjuHRDU4NknXaVMXTBHKPM40UxEDHJueFyCiZJFg3lvQuSsAl4JL5Z8pC02T8/bODBuf4
dszsqn2SC8YDw1xrujvW2Bd7Q7BwMQ/gO+dZKM1mLJFpfEsR9WrjMeg6vkD2TMWLMr0/WIkGC8u+
6M6SMQIDAQABo4HdMIHaMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgSwMBMGA1UdJQQMMAoG
CCsGAQUFBwMCMBgGA1UdIAQRMA8wDQYLKwYBBAGCkTYBAgEwagYDVR0fBGMwYTAuoCygKoYoaHR0
cDovL2NybC5jaWxvZ29uLm9yZy9jaWxvZ29uLWJhc2ljLmNybDAvoC2gK4YpaHR0cDovL2NybC5k
b2Vncmlkcy5vcmcvY2lsb2dvbi1iYXNpYy5jcmwwHwYDVR0RBBgwFoEUaXRzYWdyZWVuMUB5YWhv
by5jb20wDQYJKoZIhvcNAQEFBQADggEBAEYHQPMY9Grs19MHxUzMwXp1GzCKhGpgyVKJKW86PJlr
HGruoWvx+DLNX75Oj5FC4t8bOUQVQusZGeGSEGegzzfIeOI/jWP1UtIjzvTFDq3tQMNvsgROSCx5
CkpK4nS0kbwLux+zI7BWON97UpMIzEeE05pd7SmNAETuWRsHMP+x6i7hoUp/uad4DwbzNUGIotdK
f8b270icOVgkOKRdLP/Q4r/x8skKSCRz1ZsRdR+7+B/EgksAJj7Ut3yiWoUekEMxCaTdAHPTMD/g
Mh9xL90hfMJyoGemjJswG5g3fAdTP/Lv0I6/nWeH/cLjwwpQgIEjEAVXl7KHuzX5vPD/wqQ=
-----END CERTIFICATE-----"""
        id, valid_until, registered = self.identity_management_service.signon(certificate, True)

        self.assertFalse(registered)

        id2, valid_until2, registered2 = self.identity_management_service.signon(certificate, True)

        self.assertFalse(registered2)
        self.assertTrue(id == id2)
        self.assertTrue(valid_until == valid_until2)

        user_info_obj = IonObject("UserInfo", {"name": "Foo"})        
        self.identity_management_service.create_user_info(id, user_info_obj)

        id3, valid_until3, registered3 = self.identity_management_service.signon(certificate, True)

        self.assertTrue(registered3)
        self.assertTrue(id == id3)
        self.assertTrue(valid_until == valid_until3)
Esempio n. 3
0
class TestIdentityManagementServiceInt(IonIntegrationTestCase):
    def setUp(self):
        self.subject = "/DC=org/DC=cilogon/C=US/O=ProtectNetwork/CN=Roger Unwin A254"

        # Start container
        self._start_container()
        self.container.start_rel_from_url('res/deploy/r2deploy.yml')

        self.resource_registry = ResourceRegistryServiceClient(
            node=self.container.node)
        self.identity_management_service = IdentityManagementServiceClient(
            node=self.container.node)
        self.org_client = OrgManagementServiceClient(node=self.container.node)

    def test_actor_identity(self):
        actor_identity_obj = IonObject("ActorIdentity", {"name": self.subject})
        user_id = self.identity_management_service.create_actor_identity(
            actor_identity_obj)

        actor_identity = self.identity_management_service.read_actor_identity(
            user_id)

        actor_identity.name = 'Updated subject'
        self.identity_management_service.update_actor_identity(actor_identity)

        ai = self.identity_management_service.find_actor_identity_by_name(
            actor_identity.name)
        self._baseAssertEqual(ai.name, actor_identity.name)
        with self.assertRaises(NotFound):
            ai = self.identity_management_service.find_actor_identity_by_name(
                "Yeah, well, you know, that's just, like, your opinion, man.")

        self._baseAssertEqual(ai.name, actor_identity.name)

        self.identity_management_service.delete_actor_identity(user_id)

        with self.assertRaises(NotFound) as cm:
            self.identity_management_service.read_actor_identity(user_id)
        self.assertTrue("does not exist" in cm.exception.message)

        with self.assertRaises(NotFound) as cm:
            self.identity_management_service.delete_actor_identity(user_id)
        self.assertTrue("does not exist" in cm.exception.message)

    def test_user_credentials(self):
        actor_identity_obj = IonObject("ActorIdentity", {"name": self.subject})
        user_id = self.identity_management_service.create_actor_identity(
            actor_identity_obj)

        user_credentials_obj = IonObject("UserCredentials",
                                         {"name": self.subject})
        self.identity_management_service.register_user_credentials(
            user_id, user_credentials_obj)

        with self.assertRaises(NotFound) as cm:
            self.identity_management_service.unregister_user_credentials(
                "bad", self.subject)
        self.assertTrue("does not exist" in cm.exception.message)

        with self.assertRaises(NotFound) as cm:
            self.identity_management_service.unregister_user_credentials(
                user_id, "bad")
        self.assertTrue("does not exist" in cm.exception.message)

        with self.assertRaises(NotFound) as cm:
            self.identity_management_service.unregister_user_credentials(
                'bad', 'bad')
        self.assertTrue("does not exist" in cm.exception.message)

        self.identity_management_service.unregister_user_credentials(
            user_id, self.subject)

        self.identity_management_service.delete_actor_identity(user_id)

    def test_user_info(self):
        actor_identity_obj = IonObject("ActorIdentity", {"name": self.subject})
        user_id = self.identity_management_service.create_actor_identity(
            actor_identity_obj)

        user_credentials_obj = IonObject("UserCredentials",
                                         {"name": self.subject})
        self.identity_management_service.register_user_credentials(
            user_id, user_credentials_obj)

        user_info_obj = IonObject("UserInfo", {"name": "Foo"})
        user_info = self.identity_management_service.create_user_info(
            user_id, user_info_obj)

        with self.assertRaises(Conflict) as cm:
            self.identity_management_service.create_user_info(
                user_id, user_info_obj)
        self.assertTrue(
            "UserInfo already exists for user id" in cm.exception.message)

        user_info_obj = self.identity_management_service.find_user_info_by_id(
            user_id)

        user_info_obj = self.identity_management_service.find_user_info_by_name(
            "Foo")

        user_info_obj = self.identity_management_service.find_user_info_by_subject(
            self.subject)

        user_info_obj = self.identity_management_service.read_user_info(
            user_info)

        user_info_obj.name = 'Jane Doe'

        self.identity_management_service.update_user_info(user_info_obj)

        self.identity_management_service.delete_user_info(user_info)

        with self.assertRaises(NotFound) as cm:
            self.identity_management_service.read_user_info(user_info)
        self.assertTrue('does not exist' in cm.exception.message)

        with self.assertRaises(NotFound) as cm:
            self.identity_management_service.delete_user_info(user_info)
        self.assertTrue('does not exist' in cm.exception.message)

        with self.assertRaises(NotFound) as cm:
            self.identity_management_service.find_user_info_by_name("John Doe")
        self.assertEqual(cm.exception.message,
                         'UserInfo with name John Doe does not exist')

        with self.assertRaises(NotFound) as cm:
            self.identity_management_service.find_user_info_by_subject(
                "Bogus subject")
        self.assertEqual(
            cm.exception.message,
            "UserCredentials with subject Bogus subject does not exist")

        self.identity_management_service.unregister_user_credentials(
            user_id, self.subject)

        self.identity_management_service.delete_actor_identity(user_id)

    def test_signon(self):
        certificate = """-----BEGIN CERTIFICATE-----
MIIEMzCCAxugAwIBAgICBQAwDQYJKoZIhvcNAQEFBQAwajETMBEGCgmSJomT8ixkARkWA29yZzEX
MBUGCgmSJomT8ixkARkWB2NpbG9nb24xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdDSUxvZ29uMRsw
GQYDVQQDExJDSUxvZ29uIEJhc2ljIENBIDEwHhcNMTAxMTE4MjIyNTA2WhcNMTAxMTE5MTAzMDA2
WjBvMRMwEQYKCZImiZPyLGQBGRMDb3JnMRcwFQYKCZImiZPyLGQBGRMHY2lsb2dvbjELMAkGA1UE
BhMCVVMxFzAVBgNVBAoTDlByb3RlY3ROZXR3b3JrMRkwFwYDVQQDExBSb2dlciBVbndpbiBBMjU0
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6QhsWxhUXbIxg+1ZyEc7d+hIGvchVmtb
g0kKLmivgoVsA4U7swNDRH6svW242THta0oTf6crkRx7kOKg6jma2lcAC1sjOSddqX7/92ChoUPq
7LWt2T6GVVA10ex5WAeB/o7br/Z4U8/75uCBis+ru7xEDl09PToK20mrkcz9M4HqIv1eSoPkrs3b
2lUtQc6cjuHRDU4NknXaVMXTBHKPM40UxEDHJueFyCiZJFg3lvQuSsAl4JL5Z8pC02T8/bODBuf4
dszsqn2SC8YDw1xrujvW2Bd7Q7BwMQ/gO+dZKM1mLJFpfEsR9WrjMeg6vkD2TMWLMr0/WIkGC8u+
6M6SMQIDAQABo4HdMIHaMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgSwMBMGA1UdJQQMMAoG
CCsGAQUFBwMCMBgGA1UdIAQRMA8wDQYLKwYBBAGCkTYBAgEwagYDVR0fBGMwYTAuoCygKoYoaHR0
cDovL2NybC5jaWxvZ29uLm9yZy9jaWxvZ29uLWJhc2ljLmNybDAvoC2gK4YpaHR0cDovL2NybC5k
b2Vncmlkcy5vcmcvY2lsb2dvbi1iYXNpYy5jcmwwHwYDVR0RBBgwFoEUaXRzYWdyZWVuMUB5YWhv
by5jb20wDQYJKoZIhvcNAQEFBQADggEBAEYHQPMY9Grs19MHxUzMwXp1GzCKhGpgyVKJKW86PJlr
HGruoWvx+DLNX75Oj5FC4t8bOUQVQusZGeGSEGegzzfIeOI/jWP1UtIjzvTFDq3tQMNvsgROSCx5
CkpK4nS0kbwLux+zI7BWON97UpMIzEeE05pd7SmNAETuWRsHMP+x6i7hoUp/uad4DwbzNUGIotdK
f8b270icOVgkOKRdLP/Q4r/x8skKSCRz1ZsRdR+7+B/EgksAJj7Ut3yiWoUekEMxCaTdAHPTMD/g
Mh9xL90hfMJyoGemjJswG5g3fAdTP/Lv0I6/nWeH/cLjwwpQgIEjEAVXl7KHuzX5vPD/wqQ=
-----END CERTIFICATE-----"""
        id, valid_until, registered = self.identity_management_service.signon(
            certificate, True)

        self.assertFalse(registered)

        id2, valid_until2, registered2 = self.identity_management_service.signon(
            certificate, True)

        self.assertFalse(registered2)
        self.assertTrue(id == id2)
        self.assertTrue(valid_until == valid_until2)

        user_info_obj = IonObject("UserInfo", {"name": "Foo"})
        self.identity_management_service.create_user_info(id, user_info_obj)

        id3, valid_until3, registered3 = self.identity_management_service.signon(
            certificate, True)

        self.assertTrue(registered3)
        self.assertTrue(id == id3)
        self.assertTrue(valid_until == valid_until3)

    @attr('EXT')
    def test_get_extended_user_identity(self):

        actor_identity_obj = IonObject("ActorIdentity", {"name": self.subject})
        actor_id = self.identity_management_service.create_actor_identity(
            actor_identity_obj)

        user_credentials_obj = IonObject("UserCredentials",
                                         {"name": self.subject})
        self.identity_management_service.register_user_credentials(
            actor_id, user_credentials_obj)

        user_info_obj = IonObject("UserInfo", {"name": "Foo"})
        user_info_id = self.identity_management_service.create_user_info(
            actor_id, user_info_obj)

        ion_org = self.org_client.find_org()

        #Build the Service Agreement Proposal to to request a role but never close it
        sap = IonObject(OT.RequestRoleProposal,
                        consumer=actor_id,
                        provider=ion_org._id,
                        role_name=ORG_MANAGER_ROLE)
        sap_response = self.org_client.negotiate(sap)

        #Just grant the role anyway
        #self.org_client.grant_role(ion_org._id, actor_id, ORG_MANAGER_ROLE)

        with self.assertRaises(NotFound):
            self.identity_management_service.get_user_info_extension(
                'That rug really tied the room together.')
        with self.assertRaises(BadRequest):
            self.identity_management_service.get_user_info_extension()

        #Check the user without the negotiation role request
        extended_user = self.identity_management_service.get_user_info_extension(
            user_info_id, org_id=ion_org._id)
        self.assertEqual(user_info_obj.type_, extended_user.resource.type_)
        self.assertEqual(len(extended_user.roles), 1)
        self.assertEqual(len(extended_user.open_requests), 1)
        self.assertEqual(extended_user.open_requests[0].org_id, ion_org._id)
        self.assertEqual(extended_user.open_requests[0].user_id, user_info_id)
        self.assertEqual(extended_user.open_requests[0].request_type,
                         OT.RequestRoleProposal)
        self.assertEqual(len(extended_user.closed_requests), 0)
        self.assertEqual(extended_user.open_requests[0]._id,
                         extended_user.open_requests[0].negotiation_id)

        neg = self.resource_registry.read(
            object_id=extended_user.open_requests[0].negotiation_id)
        sap_response = Negotiation.create_counter_proposal(
            neg, ProposalStatusEnum.ACCEPTED, ProposalOriginatorEnum.PROVIDER)
        sap_response2 = self.org_client.negotiate(sap_response)

        #Now check the user after the negotiation has been accepted and the role granted
        extended_user = self.identity_management_service.get_user_info_extension(
            user_info_id, org_id=ion_org._id)
        self.assertEqual(user_info_obj.type_, extended_user.resource.type_)
        self.assertEqual(len(extended_user.roles), 2)
        self.assertEqual(len(extended_user.open_requests), 0)
        self.assertEqual(len(extended_user.closed_requests), 1)
        self.assertEqual(extended_user.closed_requests[0].org_id, ion_org._id)
        self.assertEqual(extended_user.closed_requests[0].user_id,
                         user_info_id)
        self.assertEqual(extended_user.closed_requests[0].request_type,
                         OT.RequestRoleProposal)

        self.identity_management_service.delete_user_info(user_info_id)

        self.org_client.revoke_role(org_id=ion_org._id,
                                    actor_id=actor_id,
                                    role_name=ORG_MANAGER_ROLE)

        self.identity_management_service.unregister_user_credentials(
            actor_id, self.subject)

        self.identity_management_service.delete_actor_identity(actor_id)

    def test_account_merge(self):
        certificate = """-----BEGIN CERTIFICATE-----
MIIEMzCCAxugAwIBAgICBQAwDQYJKoZIhvcNAQEFBQAwajETMBEGCgmSJomT8ixkARkWA29yZzEX
MBUGCgmSJomT8ixkARkWB2NpbG9nb24xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdDSUxvZ29uMRsw
GQYDVQQDExJDSUxvZ29uIEJhc2ljIENBIDEwHhcNMTAxMTE4MjIyNTA2WhcNMTAxMTE5MTAzMDA2
WjBvMRMwEQYKCZImiZPyLGQBGRMDb3JnMRcwFQYKCZImiZPyLGQBGRMHY2lsb2dvbjELMAkGA1UE
BhMCVVMxFzAVBgNVBAoTDlByb3RlY3ROZXR3b3JrMRkwFwYDVQQDExBSb2dlciBVbndpbiBBMjU0
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6QhsWxhUXbIxg+1ZyEc7d+hIGvchVmtb
g0kKLmivgoVsA4U7swNDRH6svW242THta0oTf6crkRx7kOKg6jma2lcAC1sjOSddqX7/92ChoUPq
7LWt2T6GVVA10ex5WAeB/o7br/Z4U8/75uCBis+ru7xEDl09PToK20mrkcz9M4HqIv1eSoPkrs3b
2lUtQc6cjuHRDU4NknXaVMXTBHKPM40UxEDHJueFyCiZJFg3lvQuSsAl4JL5Z8pC02T8/bODBuf4
dszsqn2SC8YDw1xrujvW2Bd7Q7BwMQ/gO+dZKM1mLJFpfEsR9WrjMeg6vkD2TMWLMr0/WIkGC8u+
6M6SMQIDAQABo4HdMIHaMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgSwMBMGA1UdJQQMMAoG
CCsGAQUFBwMCMBgGA1UdIAQRMA8wDQYLKwYBBAGCkTYBAgEwagYDVR0fBGMwYTAuoCygKoYoaHR0
cDovL2NybC5jaWxvZ29uLm9yZy9jaWxvZ29uLWJhc2ljLmNybDAvoC2gK4YpaHR0cDovL2NybC5k
b2Vncmlkcy5vcmcvY2lsb2dvbi1iYXNpYy5jcmwwHwYDVR0RBBgwFoEUaXRzYWdyZWVuMUB5YWhv
by5jb20wDQYJKoZIhvcNAQEFBQADggEBAEYHQPMY9Grs19MHxUzMwXp1GzCKhGpgyVKJKW86PJlr
HGruoWvx+DLNX75Oj5FC4t8bOUQVQusZGeGSEGegzzfIeOI/jWP1UtIjzvTFDq3tQMNvsgROSCx5
CkpK4nS0kbwLux+zI7BWON97UpMIzEeE05pd7SmNAETuWRsHMP+x6i7hoUp/uad4DwbzNUGIotdK
f8b270icOVgkOKRdLP/Q4r/x8skKSCRz1ZsRdR+7+B/EgksAJj7Ut3yiWoUekEMxCaTdAHPTMD/g
Mh9xL90hfMJyoGemjJswG5g3fAdTP/Lv0I6/nWeH/cLjwwpQgIEjEAVXl7KHuzX5vPD/wqQ=
-----END CERTIFICATE-----"""
        subject = "/DC=org/DC=cilogon/C=US/O=ProtectNetwork/CN=Roger Unwin A254"
        certificate_2 = """-----BEGIN CERTIFICATE-----
MIIEMzCCAxugAwIBAgIDAJ/lMA0GCSqGSIb3DQEBCwUAMGsxEzARBgoJkiaJk/IsZAEZFgNvcmcx
FzAVBgoJkiaJk/IsZAEZFgdjaWxvZ29uMQswCQYDVQQGEwJVUzEQMA4GA1UEChMHQ0lMb2dvbjEc
MBoGA1UEAxMTQ0lMb2dvbiBPcGVuSUQgQ0EgMTAeFw0xMjEwMTcwMDE2NDlaFw0xMjEwMTcxMjIx
NDlaMGkxEzARBgoJkiaJk/IsZAEZEwNvcmcxFzAVBgoJkiaJk/IsZAEZEwdjaWxvZ29uMQswCQYD
VQQGEwJVUzEPMA0GA1UEChMGR29vZ2xlMRswGQYDVQQDExJPd2VuIE93bmVycmVwIEE4OTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYLdpgg88sntivH+af4oamlp7blsUQcCQ5Yc/b
VDP/dwEKfxTcW36tMV3asLO7GcL7z4FESG761LAe86siT9rcwg2ttLkRjI9KeA3sFjC28N8XjKZ1
estCqG3odqw2pjo3VEFaU57219vIYMJhjmHKEgSnlMQeChMYun/sYIO5uNFba9BfiB6/PRS+bgee
cXRsIAm1vkB89AHdEjqdvH0uSN+jGjF6aAPXsESh70DUAHzs14lbFAomig7AZafT+weh0G5pnayC
lutVnhb9SyS3s1+A6kx8z9mkDUwY/NKXisuDeXa+WbRVq51D+Lc7ffOI+Ph+ynyfFGMcCBzbMADX
AgMBAAGjgeEwgd4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBLAwEwYDVR0lBAwwCgYIKwYB
BQUHAwIwGAYDVR0gBBEwDzANBgsrBgEEAYKRNgEDAzBsBgNVHR8EZTBjMC+gLaArhilodHRwOi8v
Y3JsLmNpbG9nb24ub3JnL2NpbG9nb24tb3BlbmlkLmNybDAwoC6gLIYqaHR0cDovL2NybC5kb2Vn
cmlkcy5vcmcvY2lsb2dvbi1vcGVuaWQuY3JsMCEGA1UdEQQaMBiBFm93ZW5vd25lcnJlcEBnbWFp
bC5jb20wDQYJKoZIhvcNAQELBQADggEBAHWd6ZOjSmJyOUyyLgZAPJpkSuk7DT5mFRhszJhfTGnu
gANHRIJZMs5e/LCMypE+ftxb8mnhAE+kURA2DmeucazHUDP5oYofU+8KMYqcNKnPpLnuiw+bCJPa
3BDxrYoi+vVislHb0U+QDjVYtUtQ2b1/Xhv8ShH89O9i65bbOq+sqez6z2AD9RWOEwRwpQLc9D65
9lkrsKGmJtuG8q3NTpZ1DSuaLOtn0QqttdmCg3pu5edRtgdpGadaSGR4s222JasV439bSTL8Z0Ug
HtjSclGqi8IBmvRkTZI61zTVbGdOKMP90LV1p8noJVLRkZpWRjLxI5xy9El8daAWMdjfrSc=
-----END CERTIFICATE-----"""
        subject_2 = "/DC=org/DC=cilogon/C=US/O=Google/CN=Owen Ownerrep A893"

        # Try to merge with nonexistent email account
        with self.assertRaises(NotFound):
            self.identity_management_service.initiate_account_merge(
                "*****@*****.**")
        with self.assertRaises(BadRequest):
            self.identity_management_service.initiate_account_merge()

        # Create two users
        id, valid_until, registered = self.identity_management_service.signon(
            certificate, True)
        self.assertFalse(registered)
        id_2, valid_until_2, registered_2 = self.identity_management_service.signon(
            certificate_2, True)
        self.assertFalse(registered_2)

        # Validate the two accounts are different
        self.assertNotEqual(
            id, id_2, "The two accounts should have two different user id")

        # Create UserInfo
        contact_info_obj = IonObject("ContactInformation",
                                     {"email": "*****@*****.**"})
        user_info_obj = IonObject("UserInfo", {
            "name": "Dude",
            "contact": contact_info_obj
        })
        user_info_id = self.identity_management_service.create_user_info(
            id, user_info_obj)

        contact_info_obj_2 = IonObject("ContactInformation",
                                       {"email": "*****@*****.**"})
        user_info_obj_2 = IonObject("UserInfo", {
            "name": "theDude",
            "contact": contact_info_obj_2
        })
        user_info_id_2 = self.identity_management_service.create_user_info(
            id_2, user_info_obj_2)

        # Make sure the two users are registered
        id, valid_until, registered = self.identity_management_service.signon(
            certificate, True)
        self.assertTrue(registered)
        id_2, valid_until_2, registered_2 = self.identity_management_service.signon(
            certificate_2, True)
        self.assertTrue(registered_2)

        token = self.identity_management_service.initiate_account_merge(
            "*****@*****.**", headers={'ion-actor-id': id})

        # Try merging accounts with invalid token string
        with self.assertRaises(NotFound):
            self.identity_management_service.complete_account_merge(
                token_string="0xBeeF", headers={'ion-actor-id': id})
        with self.assertRaises(BadRequest):
            self.identity_management_service.complete_account_merge()

        # Try merging accounts with a different user
        # Since this user hasn't initiated account merge, the token doesn't exist in his/her UserInfo
        with self.assertRaises(NotFound):
            self.identity_management_service.complete_account_merge(
                token, headers={'ion-actor-id': id_2})

        self.identity_management_service.complete_account_merge(
            token, headers={'ion-actor-id': id})

        # Try merging the account again
        with self.assertRaises(BadRequest):
            self.identity_management_service.complete_account_merge(
                token, headers={'ion-actor-id': id})

        # Signon again and verify the two accounts have been merged
        id, valid_until, registered = self.identity_management_service.signon(
            certificate, True)
        self.assertTrue(registered)
        id_2, valid_until_2, registered_2 = self.identity_management_service.signon(
            certificate_2, True)
        self.assertTrue(registered_2)

        # Validate the two accounts are the same
        self.assertEqual(id, id_2, "The two accounts should have the same id")

        # Try to merge to your own account
        with self.assertRaises(BadRequest):
            token = self.identity_management_service.initiate_account_merge(
                "*****@*****.**", headers={'ion-actor-id': id})

        #  Done testing. Delete user
        self.identity_management_service.delete_user_info(user_info_id)
        self.identity_management_service.unregister_user_credentials(
            id, subject)
        self.identity_management_service.delete_actor_identity(id)
class TestRegisterAndActivate(IonIntegrationTestCase):
    """
    Integration test cases to confirm registration and activation services
    for marine device resources.
    """

    def setUp(self):
        """
        Test setup.
        """

        # Resources used in the tests.
        # General resources.
        self.actor_id = None
        self.user_info_id = None
        self.org_id = None
        self.obs_id = None

        # Cabled infrastructure.
        self.cabled_platform_model_id = None
        self.cabled_platform_site_id = None
        self.cabled_platform_device_id = None
        self.cabled_platform_agent_id = None
        self.cabled_platform_agent_instance_id = None
        self.cabled_platform_deployment_id = None
        self.cabled_instrument_deployment_id = None
        self.cabled_instrument_model_id = None
        self.cabled_instrument_site_id = None
        self.cabled_instrument_device_id = None
        self.cabled_instrument_agent_id = None
        self.cabled_instrument_agent_instance_id = None
        self.cabled_instrument_deployment_id = None

        # Uncabled infrastructure.
        self.uncabled_platform_model_id = None
        self.uncabled_platform_site_id = None
        self.uncabled_platform_device_id = None
        self.uncabled_platform_agent_id = None
        self.uncabled_platform_agent_instance_id = None
        self.uncabled_instrument_model_id = None
        self.uncabled_instrument_site_id = None
        self.uncabled_instrument_device_id = None
        self.uncabled_instrument_agent_id = None
        self.uncabled_instrument_agent_instance_id = None
        self.uncabled_site_deployment_id = None

        # Start container.
        log.info('Staring capability container.')
        self._start_container()

        # Bring up services in a deploy file (no need to message)
        log.info('Staring deploy services.')
        self.container.start_rel_from_url('res/deploy/r2deploy.yml')

        # Setup service clients.
        self.idms = IdentityManagementServiceClient(node=self.container.node)
        self.oms = ObservatoryManagementServiceClient(node=self.container.node)

        # Add generic resources.
        self._load_system_actors()
        self._create_user()
        self._create_org()
        self._create_observatory()

        # Add cleanup routine.
        self.addCleanup(self._cleanup_resources)


    def _cleanup_resources(self):
        """
        Delete resources created by the tests.
        """

        # Check and clean up cabled resources.
        if self.cabled_instrument_model_id:
            self.oms.unassign_instrument_model_from_instrument_site(
                self.cabled_instrument_model_id, self.cabled_instrument_site_id)
            self.ims.delete_instrument_model(self.cabled_instrument_model_id)
            self.cabled_instrument_model_id = None

        if self.cabled_platform_model_id:
            self.oms.unassign_platform_model_from_platform_site(
                self.cabled_platform_model_id, self.cabled_platform_site_id)
            self.ims.delete_platform_model(self.cabled_platform_model_id)
            self.cabled_platform_model_id = None

        if self.cabled_instrument_site_id:
            self.oms.unassign_site_from_site(self.cabled_instrument_site_id,
                                             self.cabled_platform_site_id)
            self.oms.delete_instrument_site(self.cabled_instrument_site_id)
            self.cabled_instrument_site_id = None

        if self.cabled_platform_site_id:
            self.oms.unassign_site_from_site(self.cabled_platform_site_id,
                                             self.obs_id)
            self.oms.delete_platform_site(self.cabled_platform_site_id)
            self.cabled_platform_site_id = None

        # Check and clean up unclabled resources.
        # TODO

        # Clean up generic resources.
        if self.user_info_id:
            self.idms.delete_user_info(self.user_info_id)
            self.user_info_id = None

        if self.actor_id:
            self.idms.delete_actor_identity(self.actor_id)
            self.actor_id = None

        if self.obs_id:
            self.oms.delete_observatory(self.obs_id)
            self.obs_id = None

        if self.org_id:
            self.container.resource_registry.delete(self.org_id)
            self.org_id = None


    def _load_system_actors(self):
        """
        Retrieve system and webauth actors and headers for later use.
        """

        # Retrieve and store system actor and headers.
        system_actor, _ = self.container.resource_registry.find_resources(
            RT.ActorIdentity,
            name=CFG.system.system_actor,
            id_only=False)
        self.system_actor = system_actor[0] if system_actor else None
        self.system_actor_id = system_actor[0]._id if system_actor \
            else 'anonymous'
        self.system_actor_headers = {
            'ion-actor-id': self.system_actor_id,
            'ion-actor-roles': {'ION': ['ION_MANAGER', 'ORG_MANAGER']},
            'expiry':'0'
        }

        # Retrieve and store webauth actor and headers.
        webauth_actor, _ = self.container.resource_registry.find_resources(
            RT.ActorIdentity,
            name=CFG.get_safe("system.web_authentication_actor",
                              "web_authentication"), id_only=False)
        self.webauth_actor = webauth_actor[0] if webauth_actor else None
        self.webauth_actor_id = webauth_actor[0]._id if webauth_actor \
            else 'anonymous'
        self.webauth_actor_headers = {
            'ion-actor-id': self.webauth_actor_id,
            'ion-actor-roles': {'ION': ['ION_MANAGER', 'ORG_MANAGER']},
            'expiry':'0'
        }


    def _create_user(self):
        """
        Create user resources that serve as device owners.
        This test user does not have contact information,
        user credentials or notification preferences.
        Results in these objects:
        ActorIdentity({'_rev': '1',
            '_id': '07f92986b34e426bba0fca00b73cf4a5',
            'lcstate': 'DEPLOYED',
            'alt_ids': [],
            'description': '',
            'ts_updated': '1391542388312',
            'actor_type': 1,
            'addl': {},
            'ts_created': '1391542388312',
            'availability': 'AVAILABLE',
            'name': 'Identity for Adam Activationtest'})
        UserInfo({'_rev': '1',
            '_id': 'ac8d368e6ea247d996fd60dd0f9c7f89',
            'lcstate': 'DEPLOYED',
            'alt_ids': [],
            'description': 'Activation Test User',
            'tokens': [],
            'ts_updated': '1391542388345',
            'contact': ContactInformation({'individual_names_given': '',
                'city': '', 'roles': [], 'administrative_area': '', 'url': '',
                'country': '', 'variables': [{'name': '', 'value': ''}],
                'organization_name': '', 'postal_code': '',
                'individual_name_family': '', 'phones': [], 'position_name': '',
                'email': '', 'street_address': ''}),
            'variables': [{'name': '', 'value': ''}],
            'addl': {},
            'ts_created': '1391542388345',
            'availability': 'AVAILABLE',
            'name': 'Adam Activationtest'})
        """

        # Basic user attributes for test user.
        user_attrs = {
            'name' : 'Adam Activationtest',
            'description' : 'Activation Test User'
        }

        # Create ActorIdentity.
        actor_name = "Identity for %s" % user_attrs['name']
        actor_identity_obj = IonObject("ActorIdentity", name=actor_name)
        log.trace("creating user %s with headers: %r", user_attrs['name'],
                  self.webauth_actor_headers)
        self.actor_id = self.idms.create_actor_identity(actor_identity_obj,
                                            headers=self.webauth_actor_headers)

        # Create UserInfo.
        user_info_obj = IonObject("UserInfo", **user_attrs)
        self.user_info_id = self.idms.create_user_info(self.actor_id,
                            user_info_obj,headers=self.webauth_actor_headers)


    def _create_org(self):
        """
        Create an org that contains all test infrastructure.
        Results in this object:
        Org({'message_controllable': True,
            '_rev': '1',
            '_id': '9ff82d9f6c7b41f886c6137f54a3086c',
            'lcstate': 'DEPLOYED',
            'alt_ids': [],
            'url': '',
            'description':
            'An Org for Activation Tests',
            'contacts': [],
            'org_governance_name': 'ActiveOrg',
            'institution': Institution({'website': '', 'phone': '',
                'name': '', 'email': ''}),
            'ts_updated': '1391542388395',
            'monitorable': True,
            'org_type': 2,
            'addl': {},
            'ts_created': '1391542388395',
            'availability': 'AVAILABLE',
            'name': 'ActiveOrg'})
        """

        org_attrs = {
            'name' : 'ActiveOrg',
            'description' : 'An Org for Activation Tests',
            'org_type' : OrgTypeEnum.MARINE_FACILITY
        }
        org_obj = IonObject('Org', **org_attrs)
        self.org_id = self.oms.create_marine_facility(org_obj,
                                headers=self.system_actor_headers)


    def _create_observatory(self):
        """
        Create a top level obsevaotry site for the tests.
        Results in this object:
        Observatory({'reference_designator': '',
            'spatial_area_name': '',
            '_id': 'fdcda51901464575913858f98aaf0f41',
            '_rev': '1',
            'lcstate': 'DEPLOYED',
            'alt_ids': [],
            'url': '',
            'description': 'An Observatory for Activation Tests',
            'coordinate_reference_system': GeospatialCoordinateReferenceSystem(
                {'geospatial_latitude_units': '',
                'geospatial_vertical_crs': '',
                'geospatial_geodetic_crs': '',
                'geospatial_vertical_positive': '',
                'geospatial_vertical_units': '',
                'geospatial_longitude_units': ''}),
            'constraint_list': [],
            'environment': 1,
            'ts_updated': '1391544601340',
            'local_name': '',
            'geospatial_point_center': GeospatialIndex({'lat': 0.0, 'lon': 0.0}),
            'addl': {},
            'ts_created': '1391544601340',
            'availability': 'AVAILABLE',
            'name': 'ActiveObservatory'})
        """
        obs_attrs = {
            'name': 'ActiveObservatory',
            'description' : 'An Observatory for Activation Tests'
        }
        obs_obj = IonObject('Observatory', **obs_attrs)
        self.obs_id = self.oms.create_observatory(obs_obj, self.org_id)


    def _create_cabled_resources(self):
        """
        Create preexisting infrastructure for the cabled test environment:
        sites, deployments, models. These are resources that already
        exist in the system due to preload or incremental preload updates.
        PlatformModel
        InstrumentModel
        PlatformSite
        InstrumentSite
        """
        platform_model_attrs = {
            'name' : 'LP Jbox',
            'description' : 'Node Type: LJ',
            'manufacturer' : 'University of Washington',
            'platform_type' : 'Cable Node',
            'platform_family' : 'Low Power JBox',
            'ci_onboard' : False,
            'shore_networked' : True
        }

        instrument_model_attrs = {
            'name': 'Diffuse Vent Fluid 3-D Temperature Array (TMPSF-A)',
            'description': 'Measures temperatures of diffuse flow across the seafloor',
            'reference_designator': 'TMPSFA',
            'class_name': 'Temperature seafloor',
            'mixed_sampling_mode': True,
            'integrated_inductive_modem_available': True,
            'internal_battery': True,
            'addl': {'comments': '', 'connector': '',
                     'makemodel_description': 'XR-420',
                     'input_voltage_range': '',
                     'interface': '',
                     'output_description': '',
                     'class_long_name': 'Temperature_seafloor'},
            'ooi_make_model': 'XR-420',
            'series_name': 'TMPSF Series A',
            'inline_management': True,
            'series_id': 'TMPSFA',
            'subseries_name': 'TMPSF Series A Sub 01',
            'primary_interface': 1,
            'manufacturer': 'RBR Global',
            'family_name': 'Seafloor Properties',
            'class_description': 'Measures temperatures of diffuse flow across the seafloor',
            'class_alternate_name': 'Diffuse Vent Fluid 3-D Temperature Array',
            'subseries_id': 'TMPSFA01',
            'class_id': 'TMPSF',
            'family_id': 'SFL',
            'has_clock': True
        }

        platform_site_attrs = {
            'name' : 'Cabled LP JBOX Platform Site',
            'description' : 'Test Site for a Cabled LP JBOX Platform'
        }

        instrument_site_attrs = {
            'name' : 'Cabled TMPSF Instrument Site',
            'description' : 'Test Site for a Cabled TMPSF Instrument'
        }

        # Create the cabled model preloaded resources.
        platform_model = IonObject('PlatformModel', **platform_model_attrs)
        self.cabled_platform_model_id = self.ims.create_platform_model(platform_model)
        instrument_model = IonObject('InstrumentModel', **instrument_model_attrs)
        self.cabled_instrument_model_id = self.ims.create_instrument_model(
            instrument_model)

        # Create the cabled sites and link them appropriately.
        platform_site = IonObject('', **platform_site_attrs)
        self.cabled_platform_site_id = self.oms.create_platform_site(platform_site)
        self.oms.assign_site_to_site(self.cabled_platform_site_id, self.obs_id)
        instrument_site = IonObject('', **instrument_site_attrs)
        self.cabled_instrument_site_id = self.oms.create_instrument_site(instrument_site)
        self.oms.assign_site_to_site(self.cabled_instrument_site_id, self.cabled_platform_site_id)

        # Assign models to available sites.
        self.oms.assign_platform_model_to_platform_site(
            self.cabled_platform_model_id, self.cabled_platform_site_id)
        self.oms.assign_instrument_model_to_instrument_site(
            self.cabled_instrument_model_id, self.cabled_instrument_site_id)


    def _create_uncabled_resources(self):
        """
        Create preexisting infrastructure for the uncabled test environment:
        sites, deployments, models.
        """
        pass


    def test_cabled_device_activation(self):
        """
        Test registration and activation of cabled device infrastructure.
        """
        pass


    def test_uncabled_device_activation(self):
        """
        Test registration and activation of uncabled device infrastructure.
        """
        pass
Esempio n. 5
0
class TestIdentityManagementServiceInt(IonIntegrationTestCase):
    def setUp(self):
        self.subject = "/DC=org/DC=cilogon/C=US/O=ProtectNetwork/CN=Roger Unwin A254"

        # Start container
        self._start_container()
        self.container.start_rel_from_url('res/deploy/r2coi.yml')

        self.identity_management_service = IdentityManagementServiceClient(
            node=self.container.node)

    def test_actor_identity(self):
        actor_identity_obj = IonObject("ActorIdentity", {"name": self.subject})
        user_id = self.identity_management_service.create_actor_identity(
            actor_identity_obj)

        actor_identity = self.identity_management_service.read_actor_identity(
            user_id)

        actor_identity.name = 'Updated subject'
        self.identity_management_service.update_actor_identity(actor_identity)

        self.identity_management_service.delete_actor_identity(user_id)

        with self.assertRaises(NotFound) as cm:
            self.identity_management_service.read_actor_identity(user_id)
        self.assertTrue("does not exist" in cm.exception.message)

        with self.assertRaises(NotFound) as cm:
            self.identity_management_service.delete_actor_identity(user_id)
        self.assertTrue("does not exist" in cm.exception.message)

    def test_user_credentials(self):
        actor_identity_obj = IonObject("ActorIdentity", {"name": self.subject})
        user_id = self.identity_management_service.create_actor_identity(
            actor_identity_obj)

        user_credentials_obj = IonObject("UserCredentials",
                                         {"name": self.subject})
        self.identity_management_service.register_user_credentials(
            user_id, user_credentials_obj)

        with self.assertRaises(NotFound) as cm:
            self.identity_management_service.unregister_user_credentials(
                "bad", self.subject)
        self.assertTrue("does not exist" in cm.exception.message)

        with self.assertRaises(NotFound) as cm:
            self.identity_management_service.unregister_user_credentials(
                user_id, "bad")
        self.assertTrue("does not exist" in cm.exception.message)

        with self.assertRaises(NotFound) as cm:
            self.identity_management_service.unregister_user_credentials(
                'bad', 'bad')
        self.assertTrue("does not exist" in cm.exception.message)

        self.identity_management_service.unregister_user_credentials(
            user_id, self.subject)

        self.identity_management_service.delete_actor_identity(user_id)

    def test_user_info(self):
        actor_identity_obj = IonObject("ActorIdentity", {"name": self.subject})
        user_id = self.identity_management_service.create_actor_identity(
            actor_identity_obj)

        user_credentials_obj = IonObject("UserCredentials",
                                         {"name": self.subject})
        self.identity_management_service.register_user_credentials(
            user_id, user_credentials_obj)

        user_info_obj = IonObject("UserInfo", {"name": "Foo"})
        user_info = self.identity_management_service.create_user_info(
            user_id, user_info_obj)

        with self.assertRaises(Conflict) as cm:
            self.identity_management_service.create_user_info(
                user_id, user_info_obj)
        self.assertTrue(
            "UserInfo already exists for user id" in cm.exception.message)

        user_info_obj = self.identity_management_service.find_user_info_by_id(
            user_id)

        user_info_obj = self.identity_management_service.find_user_info_by_name(
            "Foo")

        user_info_obj = self.identity_management_service.find_user_info_by_subject(
            self.subject)

        user_info_obj = self.identity_management_service.read_user_info(
            user_info)

        user_info_obj.name = 'Jane Doe'

        self.identity_management_service.update_user_info(user_info_obj)

        self.identity_management_service.delete_user_info(user_info)

        with self.assertRaises(NotFound) as cm:
            self.identity_management_service.read_user_info(user_info)
        self.assertTrue('does not exist' in cm.exception.message)

        with self.assertRaises(NotFound) as cm:
            self.identity_management_service.delete_user_info(user_info)
        self.assertTrue('does not exist' in cm.exception.message)

        with self.assertRaises(NotFound) as cm:
            self.identity_management_service.find_user_info_by_name("John Doe")
        self.assertEqual(cm.exception.message,
                         'UserInfo with name John Doe does not exist')

        with self.assertRaises(NotFound) as cm:
            self.identity_management_service.find_user_info_by_subject(
                "Bogus subject")
        self.assertEqual(
            cm.exception.message,
            "UserCredentials with subject Bogus subject does not exist")

        self.identity_management_service.unregister_user_credentials(
            user_id, self.subject)

        self.identity_management_service.delete_actor_identity(user_id)

    def test_signon(self):
        certificate = """-----BEGIN CERTIFICATE-----
MIIEMzCCAxugAwIBAgICBQAwDQYJKoZIhvcNAQEFBQAwajETMBEGCgmSJomT8ixkARkWA29yZzEX
MBUGCgmSJomT8ixkARkWB2NpbG9nb24xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdDSUxvZ29uMRsw
GQYDVQQDExJDSUxvZ29uIEJhc2ljIENBIDEwHhcNMTAxMTE4MjIyNTA2WhcNMTAxMTE5MTAzMDA2
WjBvMRMwEQYKCZImiZPyLGQBGRMDb3JnMRcwFQYKCZImiZPyLGQBGRMHY2lsb2dvbjELMAkGA1UE
BhMCVVMxFzAVBgNVBAoTDlByb3RlY3ROZXR3b3JrMRkwFwYDVQQDExBSb2dlciBVbndpbiBBMjU0
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6QhsWxhUXbIxg+1ZyEc7d+hIGvchVmtb
g0kKLmivgoVsA4U7swNDRH6svW242THta0oTf6crkRx7kOKg6jma2lcAC1sjOSddqX7/92ChoUPq
7LWt2T6GVVA10ex5WAeB/o7br/Z4U8/75uCBis+ru7xEDl09PToK20mrkcz9M4HqIv1eSoPkrs3b
2lUtQc6cjuHRDU4NknXaVMXTBHKPM40UxEDHJueFyCiZJFg3lvQuSsAl4JL5Z8pC02T8/bODBuf4
dszsqn2SC8YDw1xrujvW2Bd7Q7BwMQ/gO+dZKM1mLJFpfEsR9WrjMeg6vkD2TMWLMr0/WIkGC8u+
6M6SMQIDAQABo4HdMIHaMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgSwMBMGA1UdJQQMMAoG
CCsGAQUFBwMCMBgGA1UdIAQRMA8wDQYLKwYBBAGCkTYBAgEwagYDVR0fBGMwYTAuoCygKoYoaHR0
cDovL2NybC5jaWxvZ29uLm9yZy9jaWxvZ29uLWJhc2ljLmNybDAvoC2gK4YpaHR0cDovL2NybC5k
b2Vncmlkcy5vcmcvY2lsb2dvbi1iYXNpYy5jcmwwHwYDVR0RBBgwFoEUaXRzYWdyZWVuMUB5YWhv
by5jb20wDQYJKoZIhvcNAQEFBQADggEBAEYHQPMY9Grs19MHxUzMwXp1GzCKhGpgyVKJKW86PJlr
HGruoWvx+DLNX75Oj5FC4t8bOUQVQusZGeGSEGegzzfIeOI/jWP1UtIjzvTFDq3tQMNvsgROSCx5
CkpK4nS0kbwLux+zI7BWON97UpMIzEeE05pd7SmNAETuWRsHMP+x6i7hoUp/uad4DwbzNUGIotdK
f8b270icOVgkOKRdLP/Q4r/x8skKSCRz1ZsRdR+7+B/EgksAJj7Ut3yiWoUekEMxCaTdAHPTMD/g
Mh9xL90hfMJyoGemjJswG5g3fAdTP/Lv0I6/nWeH/cLjwwpQgIEjEAVXl7KHuzX5vPD/wqQ=
-----END CERTIFICATE-----"""
        id, valid_until, registered = self.identity_management_service.signon(
            certificate, True)

        self.assertFalse(registered)

        id2, valid_until2, registered2 = self.identity_management_service.signon(
            certificate, True)

        self.assertFalse(registered2)
        self.assertTrue(id == id2)
        self.assertTrue(valid_until == valid_until2)

        user_info_obj = IonObject("UserInfo", {"name": "Foo"})
        self.identity_management_service.create_user_info(id, user_info_obj)

        id3, valid_until3, registered3 = self.identity_management_service.signon(
            certificate, True)

        self.assertTrue(registered3)
        self.assertTrue(id == id3)
        self.assertTrue(valid_until == valid_until3)