def get_adb(self, entity_id):
try:
return self.rsdb[entity_id]
except KeyError:
# Should really be done together with RS/client registration
self.rsdb[entity_id] = ADB(self.keyjar, self.rpt_lifetime,
self.baseurl, entity_id, RSR_PATH)
return self.rsdb[entity_id]
def test_senario_1():
# create ADB instance
adb = ADB(KEYJAR, 3600, issuer, RESSRV, RSR_PATH)
# register resource set
rsd = ResourceSetDescription(name='foo', scopes=[READ, WRITE])
status = adb.resource_set.create(rsd.to_json(), 'alice')
rsid = status['_id']
# assume no authorization decisions has been made
# accessing a resource set will eventually result in a ticket being issued
prreq = PermissionRegistrationRequest(resource_set_id=rsid, scopes=[READ])
ticket = adb.ticket_factory.pack(aud=['client_id'])
adb.permission_requests[ticket] = [prreq]
# Still no authz dec. So this should fail
try:
adb.issue_rpt(ticket, {'sub': 'roger'})
except TicketError as err:
assert err.typ == 'not_authorized'
else:
assert False
# Authz dec made
permission = {'resource_set_id': rsid, 'scopes': [READ],
'require': {'sub': 'roger'}}
pid = adb.store_permission(permission, 'alice')
# Get an RPT. This should now work
rpt = adb.issue_rpt(ticket, {'sub': 'roger'})
assert rpt
# later use the RPT, turn into authz descriptions
ad = adb.introspection(rpt)
assert len(ad) == 1
assert ad[0]['resource_set_id'] == rsid
assert ad[0]['scopes'] == [READ]
# Get an RPT. This should not work since the ticket is 'one time use'
try:
adb.issue_rpt(ticket, {'sub': 'roger'})
except TicketError as err:
assert err.typ == 'invalid'
else:
assert False
# The authz on which issuing the RPT is based is removed
adb.remove_permission('alice', pid=pid)
# Now introspections should fail
assert adb.introspection(rpt) == []
def test_senario_1():
# create ADB instance
adb = ADB(KEYJAR, 3600, issuer, RESSRV, RSR_PATH)
# register resource set
rsd = ResourceSetDescription(name='foo', scopes=[READ, WRITE])
status = adb.resource_set.create(rsd.to_json(), 'alice')
rsid = status['_id']
# assume no authorization decisions has been made
# accessing a resource set will eventually result in a ticket being issued
prreq = PermissionRegistrationRequest(resource_set_id=rsid, scopes=[READ])
ticket = adb.ticket_factory.pack(aud=['client_id'])
adb.permission_requests[ticket] = [prreq]
# Still no authz dec. So this should fail
try:
adb.issue_rpt(ticket, {'sub': 'roger'})
except TicketError as err:
assert err.typ == 'not_authorized'
else:
assert False
# Authz dec made
permission = {
'resource_set_id': rsid,
'scopes': [READ],
'require': {
'sub': 'roger'
}
}
pid = adb.store_permission(permission, 'alice')
# Get an RPT. This should now work
rpt = adb.issue_rpt(ticket, {'sub': 'roger'})
assert rpt
# later use the RPT, turn into authz descriptions
ad = adb.introspection(rpt)
assert len(ad) == 1
assert ad[0]['resource_set_id'] == rsid
assert ad[0]['scopes'] == [READ]
# Get an RPT. This should not work since the ticket is 'one time use'
try:
adb.issue_rpt(ticket, {'sub': 'roger'})
except TicketError as err:
assert err.typ == 'invalid'
else:
assert False
# The authz on which issuing the RPT is based is removed
adb.remove_permission('alice', pid=pid)
# Now introspections should fail
assert adb.introspection(rpt) == []
def test_resource_set_registration():
adb = ADB(KEYJAR, 3600, issuer, RESSRV, RSR_PATH)
rsd = ResourceSetDescription(name='foo', scopes=[READ, WRITE])
code, msg, kwargs = adb.resource_set_registration('POST', 'alice',
rsd.to_json())
assert code == 201
http_response = factory(code, msg, **kwargs)
assert isinstance(http_response, Created)
jm = json.loads(msg)
rsid = jm['_id']
# List all rsid
code, msg, kwargs = adb.resource_set_registration('GET', 'alice')
assert code == 200
rsid_list = json.loads(msg)
assert rsid in rsid_list
# get a specific resource set
code, msg, kwargs = adb.resource_set_registration('GET', 'alice', rsid=rsid)
assert code == 200
rs = json.loads(msg)
assert rs['name'] == rsd['name']
assert rs['scopes'] == rsd['scopes']
assert rs['_id'] == rsid
# upload a new version of a resource set
rsd = ResourceSetDescription(name='foo', scopes=[READ, WRITE],
type='document')
code, msg, kwargs = adb.resource_set_registration('PUT', 'alice',
body=rsd.to_json(),
rsid=rsid)
assert code == 200
rs = json.loads(msg)
assert rs['_id'] == rsid
# make sure the change came through
code, msg, kwargs = adb.resource_set_registration('GET', 'alice', rsid=rsid)
assert code == 200
rs = json.loads(msg)
assert _eq(list(rs.keys()),['name', 'scopes', '_id', 'type'])
for key in ['name', 'scopes', 'type']:
assert rs[key] == rsd[key]
assert rs['_id'] == rsid
# delete resource set
code, msg, kwargs = adb.resource_set_registration('DELETE', 'alice',
rsid=rsid)
assert code == 204
# List all rsid
code, msg, kwargs = adb.resource_set_registration('GET', 'alice')
assert code == 200
rsid_list = json.loads(msg)
assert rsid_list == []
def test_resource_set_registration():
adb = ADB(KEYJAR, 3600, issuer, RESSRV, RSR_PATH)
rsd = ResourceSetDescription(name='foo', scopes=[READ, WRITE])
code, msg, kwargs = adb.resource_set_registration('POST', 'alice',
rsd.to_json())
assert code == 201
http_response = factory(code, msg, **kwargs)
assert isinstance(http_response, Created)
jm = json.loads(msg)
rsid = jm['_id']
# List all rsid
code, msg, kwargs = adb.resource_set_registration('GET', 'alice')
assert code == 200
rsid_list = json.loads(msg)
assert rsid in rsid_list
# get a specific resource set
code, msg, kwargs = adb.resource_set_registration('GET',
'alice',
rsid=rsid)
assert code == 200
rs = json.loads(msg)
assert rs['name'] == rsd['name']
assert rs['scopes'] == rsd['scopes']
assert rs['_id'] == rsid
# upload a new version of a resource set
rsd = ResourceSetDescription(name='foo',
scopes=[READ, WRITE],
type='document')
code, msg, kwargs = adb.resource_set_registration('PUT',
'alice',
body=rsd.to_json(),
rsid=rsid)
assert code == 200
rs = json.loads(msg)
assert rs['_id'] == rsid
# make sure the change came through
code, msg, kwargs = adb.resource_set_registration('GET',
'alice',
rsid=rsid)
assert code == 200
rs = json.loads(msg)
assert _eq(list(rs.keys()), ['name', 'scopes', '_id', 'type'])
for key in ['name', 'scopes', 'type']:
assert rs[key] == rsd[key]
assert rs['_id'] == rsid
# delete resource set
code, msg, kwargs = adb.resource_set_registration('DELETE',
'alice',
rsid=rsid)
assert code == 204
# List all rsid
code, msg, kwargs = adb.resource_set_registration('GET', 'alice')
assert code == 200
rsid_list = json.loads(msg)
assert rsid_list == []