Esempio n. 1
0
 def get_adb(self, entity_id):
     try:
         return self.rsdb[entity_id]
     except KeyError:
         # Should really be done together with RS/client registration
         self.rsdb[entity_id] = ADB(self.keyjar, self.rpt_lifetime,
                                    self.baseurl, entity_id, RSR_PATH)
         return self.rsdb[entity_id]
Esempio n. 2
0
def test_senario_1():
    # create ADB instance
    adb = ADB(KEYJAR, 3600, issuer, RESSRV, RSR_PATH)

    # register resource set
    rsd = ResourceSetDescription(name='foo', scopes=[READ, WRITE])
    status = adb.resource_set.create(rsd.to_json(), 'alice')
    rsid = status['_id']

    # assume no authorization decisions has been made
    # accessing a resource set will eventually result in a ticket being issued
    prreq = PermissionRegistrationRequest(resource_set_id=rsid, scopes=[READ])
    ticket = adb.ticket_factory.pack(aud=['client_id'])
    adb.permission_requests[ticket] = [prreq]

    # Still no authz dec. So this should fail
    try:
        adb.issue_rpt(ticket, {'sub': 'roger'})
    except TicketError as err:
        assert err.typ == 'not_authorized'
    else:
        assert False

    # Authz dec made
    permission = {'resource_set_id': rsid, 'scopes': [READ],
                  'require': {'sub': 'roger'}}
    pid = adb.store_permission(permission, 'alice')

    # Get an RPT. This should now work
    rpt = adb.issue_rpt(ticket, {'sub': 'roger'})
    assert rpt

    # later use the RPT, turn into authz descriptions
    ad = adb.introspection(rpt)

    assert len(ad) == 1
    assert ad[0]['resource_set_id'] == rsid
    assert ad[0]['scopes'] == [READ]

    # Get an RPT. This should not work since the ticket is 'one time use'
    try:
        adb.issue_rpt(ticket, {'sub': 'roger'})
    except TicketError as err:
        assert err.typ == 'invalid'
    else:
        assert False

    # The authz on which issuing the RPT is based is removed
    adb.remove_permission('alice', pid=pid)

    # Now introspections should fail
    assert adb.introspection(rpt) == []
Esempio n. 3
0
def test_senario_1():
    # create ADB instance
    adb = ADB(KEYJAR, 3600, issuer, RESSRV, RSR_PATH)

    # register resource set
    rsd = ResourceSetDescription(name='foo', scopes=[READ, WRITE])
    status = adb.resource_set.create(rsd.to_json(), 'alice')
    rsid = status['_id']

    # assume no authorization decisions has been made
    # accessing a resource set will eventually result in a ticket being issued
    prreq = PermissionRegistrationRequest(resource_set_id=rsid, scopes=[READ])
    ticket = adb.ticket_factory.pack(aud=['client_id'])
    adb.permission_requests[ticket] = [prreq]

    # Still no authz dec. So this should fail
    try:
        adb.issue_rpt(ticket, {'sub': 'roger'})
    except TicketError as err:
        assert err.typ == 'not_authorized'
    else:
        assert False

    # Authz dec made
    permission = {
        'resource_set_id': rsid,
        'scopes': [READ],
        'require': {
            'sub': 'roger'
        }
    }
    pid = adb.store_permission(permission, 'alice')

    # Get an RPT. This should now work
    rpt = adb.issue_rpt(ticket, {'sub': 'roger'})
    assert rpt

    # later use the RPT, turn into authz descriptions
    ad = adb.introspection(rpt)

    assert len(ad) == 1
    assert ad[0]['resource_set_id'] == rsid
    assert ad[0]['scopes'] == [READ]

    # Get an RPT. This should not work since the ticket is 'one time use'
    try:
        adb.issue_rpt(ticket, {'sub': 'roger'})
    except TicketError as err:
        assert err.typ == 'invalid'
    else:
        assert False

    # The authz on which issuing the RPT is based is removed
    adb.remove_permission('alice', pid=pid)

    # Now introspections should fail
    assert adb.introspection(rpt) == []
Esempio n. 4
0
def test_resource_set_registration():
    adb = ADB(KEYJAR, 3600, issuer, RESSRV, RSR_PATH)

    rsd = ResourceSetDescription(name='foo', scopes=[READ, WRITE])

    code, msg, kwargs = adb.resource_set_registration('POST', 'alice',
                                                      rsd.to_json())

    assert code == 201
    http_response = factory(code, msg, **kwargs)
    assert isinstance(http_response, Created)
    jm = json.loads(msg)

    rsid = jm['_id']

    # List all rsid
    code, msg, kwargs = adb.resource_set_registration('GET', 'alice')
    assert code == 200
    rsid_list = json.loads(msg)
    assert rsid in rsid_list

    # get a specific resource set
    code, msg, kwargs = adb.resource_set_registration('GET', 'alice', rsid=rsid)

    assert code == 200
    rs = json.loads(msg)
    assert rs['name'] == rsd['name']
    assert rs['scopes'] == rsd['scopes']
    assert rs['_id'] == rsid

    # upload a new version of a resource set
    rsd = ResourceSetDescription(name='foo', scopes=[READ, WRITE],
                                 type='document')

    code, msg, kwargs = adb.resource_set_registration('PUT', 'alice',
                                                      body=rsd.to_json(),
                                                      rsid=rsid)

    assert code == 200
    rs = json.loads(msg)
    assert rs['_id'] == rsid

    # make sure the change came through
    code, msg, kwargs = adb.resource_set_registration('GET', 'alice', rsid=rsid)
    assert code == 200
    rs = json.loads(msg)
    assert _eq(list(rs.keys()),['name', 'scopes', '_id', 'type'])
    for key in ['name', 'scopes', 'type']:
        assert rs[key] == rsd[key]
    assert rs['_id'] == rsid

    # delete resource set
    code, msg, kwargs = adb.resource_set_registration('DELETE', 'alice',
                                                      rsid=rsid)

    assert code == 204

    # List all rsid
    code, msg, kwargs = adb.resource_set_registration('GET', 'alice')
    assert code == 200
    rsid_list = json.loads(msg)
    assert rsid_list == []
Esempio n. 5
0
def test_resource_set_registration():
    adb = ADB(KEYJAR, 3600, issuer, RESSRV, RSR_PATH)

    rsd = ResourceSetDescription(name='foo', scopes=[READ, WRITE])

    code, msg, kwargs = adb.resource_set_registration('POST', 'alice',
                                                      rsd.to_json())

    assert code == 201
    http_response = factory(code, msg, **kwargs)
    assert isinstance(http_response, Created)
    jm = json.loads(msg)

    rsid = jm['_id']

    # List all rsid
    code, msg, kwargs = adb.resource_set_registration('GET', 'alice')
    assert code == 200
    rsid_list = json.loads(msg)
    assert rsid in rsid_list

    # get a specific resource set
    code, msg, kwargs = adb.resource_set_registration('GET',
                                                      'alice',
                                                      rsid=rsid)

    assert code == 200
    rs = json.loads(msg)
    assert rs['name'] == rsd['name']
    assert rs['scopes'] == rsd['scopes']
    assert rs['_id'] == rsid

    # upload a new version of a resource set
    rsd = ResourceSetDescription(name='foo',
                                 scopes=[READ, WRITE],
                                 type='document')

    code, msg, kwargs = adb.resource_set_registration('PUT',
                                                      'alice',
                                                      body=rsd.to_json(),
                                                      rsid=rsid)

    assert code == 200
    rs = json.loads(msg)
    assert rs['_id'] == rsid

    # make sure the change came through
    code, msg, kwargs = adb.resource_set_registration('GET',
                                                      'alice',
                                                      rsid=rsid)
    assert code == 200
    rs = json.loads(msg)
    assert _eq(list(rs.keys()), ['name', 'scopes', '_id', 'type'])
    for key in ['name', 'scopes', 'type']:
        assert rs[key] == rsd[key]
    assert rs['_id'] == rsid

    # delete resource set
    code, msg, kwargs = adb.resource_set_registration('DELETE',
                                                      'alice',
                                                      rsid=rsid)

    assert code == 204

    # List all rsid
    code, msg, kwargs = adb.resource_set_registration('GET', 'alice')
    assert code == 200
    rsid_list = json.loads(msg)
    assert rsid_list == []