def test_default_tenant_token(self, clean_mongo):
"""Connect with a device without a tenant-token, and make sure it shows up in the default tenant account"""
default_tenant = create_org(
name="default-tenant", username="******", password="******"
)
default_tenant_user = default_tenant.users[0]
# Restart the deviceauth service with the new token belonging to `default-tenant`
deviceauth_cli = CliDeviceauth()
deviceauth_cli.add_default_tenant_token(default_tenant.tenant_token)
# Retrieve user token for management API
r = self.uc.call(
"POST",
useradm.URL_LOGIN,
auth=(default_tenant_user.name, default_tenant_user.pwd),
)
assert r.status_code == 200
default_utoken = r.text
# Create a device with an empty tenant token, and try to authorize
create_random_authset(
self.devauthd, self.devauthm, default_utoken, ""
) # Emty tenant token
# Device must show up in the default tenant's account
r = self.devauthm.with_auth(default_utoken).call(
"GET", deviceauth_v2.URL_DEVICES
)
assert r.status_code == 200
api_devs = r.json()
assert len(api_devs) == 1
api_dev = api_devs[0]
assert api_dev["status"] == "pending"
def test_valid_tenant_not_duplicated_for_default_tenant(self, clean_mongo):
"""Verify that a valid tenant-token login does not show up in the default tenant's account"""
default_tenant = create_org("default-tenant", "*****@*****.**", "foobarbaz")
default_tenant_user = default_tenant.users[0]
# Restart the deviceauth service with the new token belonging to `default-tenant`
deviceauth_cli = CliDeviceauth()
deviceauth_cli.add_default_tenant_token(default_tenant.tenant_token)
# Get default user token for management api
r = self.uc.call(
"POST",
useradm.URL_LOGIN,
auth=(default_tenant_user.name, default_tenant_user.pwd),
)
assert r.status_code == 200
default_utoken = r.text
# Create a second user, which has it's own tenant token
tenant1 = create_org("tenant1", "*****@*****.**", "foobarbaz")
tenant1_user = tenant1.users[0]
r = self.uc.call(
"POST", useradm.URL_LOGIN, auth=(tenant1_user.name, tenant1_user.pwd)
)
assert r.status_code == 200
tenant1_utoken = r.text
# Create a device, and try to authorize
create_random_authset(
self.devauthd, self.devauthm, tenant1_utoken, tenant1.tenant_token
)
# Device should show up in the 'tenant1's account
r = self.devauthm.with_auth(tenant1_utoken).call(
"GET", deviceauth_v2.URL_DEVICES
)
assert r.status_code == 200
api_devs = r.json()
assert len(api_devs) == 1
api_dev = api_devs[0]
assert api_dev["status"] == "pending"
# Device must not show up in the default tenant's account
r = self.devauthm.with_auth(default_utoken).call(
"GET", deviceauth_v2.URL_DEVICES
)
assert r.status_code == 200
api_devs = r.json()
assert len(api_devs) == 0
def test_invalid_tenant_token_added_to_default_account(self, clean_mongo):
"""Verify that an invalid tenant token does show up in the default tenant account"""
default_tenant = create_org("default-tenant", "*****@*****.**", "foobarbaz")
default_tenant_user = default_tenant.users[0]
# Restart the deviceauth service with the new token belonging to `default-tenant`
deviceauth_cli = CliDeviceauth()
deviceauth_cli.add_default_tenant_token(default_tenant.tenant_token)
# Get default user auth token for management api
r = self.uc.call(
"POST",
useradm.URL_LOGIN,
auth=(default_tenant_user.name, default_tenant_user.pwd),
)
assert r.status_code == 200
default_utoken = r.text
# Create a second user, which has it's own tenant token
tenant1 = create_org("tenant1", "*****@*****.**", "foobarbaz")
tenant1_user = tenant1.users[0]
r = self.uc.call(
"POST", useradm.URL_LOGIN, auth=(tenant1_user.name, tenant1_user.pwd)
)
assert r.status_code == 200
tenant1_utoken = r.text
# Device must not show up in the 'tenant1's account, so the authset will not be pending
with pytest.raises(AssertionError) as e:
create_random_authset(
self.devauthd, self.devauthm, tenant1_utoken, "mumbojumbotoken"
)
assert "assert 0 == 1" in str(e.value)
# Double check that it is not added to tenant1
r = self.devauthm.with_auth(tenant1_utoken).call(
"GET", deviceauth_v2.URL_DEVICES
)
assert r.status_code == 200
api_devs = r.json()
assert len(api_devs) == 0
# Device must show up in the default tenant's account
r = self.devauthm.with_auth(default_utoken).call(
"GET", deviceauth_v2.URL_DEVICES
)
assert r.status_code == 200
api_devs = r.json()
assert len(api_devs) == 1
def devices(clean_migrated_mongo, user):
uc = ApiClient(useradm.URL_MGMT)
devauthm = ApiClient(deviceauth_v2.URL_MGMT)
devauthd = ApiClient(deviceauth_v1.URL_DEVICES)
r = uc.call("POST", useradm.URL_LOGIN, auth=(user.name, user.pwd))
assert r.status_code == 200
utoken = r.text
devices = []
for _ in range(5):
aset = create_random_authset(devauthd, devauthm, utoken)
dev = Device(aset.did, aset.id_data, aset.pubkey)
devices.append(dev)
yield devices
def tenants_users_devices(clean_migrated_mongo_mt, tenants_users):
uc = ApiClient(useradm.URL_MGMT)
devauthm = ApiClient(deviceauth_v2.URL_MGMT)
devauthd = ApiClient(deviceauth_v1.URL_DEVICES)
for t in tenants_users:
user = t.users[0]
r = uc.call("POST", useradm.URL_LOGIN, auth=(user.name, user.pwd))
assert r.status_code == 200
utoken = r.text
for _ in range(5):
aset = create_random_authset(devauthd, devauthm, utoken, t.tenant_token)
dev = Device(aset.did, aset.id_data, aset.pubkey, t.tenant_token)
t.devices.append(dev)
yield tenants_users