def build_resource_set_descriptions(self, user): """ Will return a list of ResourceSetDescriptions covering all resource sets. :param user: Who's resources to describe :return: list of tuples of local id and ResourceSetDescription instances """ rss = [] for key, val in self.db[user].items(): if isinstance(val, list): for v in val: name = "{} {}={}".format(user, key, v) _id = "{}:{}:{}".format(user, key, v) rss.append((_id, ResourceSetDescription(scopes=self.scopes, name=name))) else: name = "{} {}={}".format(user, key, val) _id = "{}:{}:{}".format(user, key, val) rss.append( (_id, ResourceSetDescription(scopes=self.scopes, name=name))) name = "{} {}".format(user, key) _id = "{}:{}".format(user, key) rss.append( (_id, ResourceSetDescription(scopes=self.scopes, name=name))) return rss
def test_create_multi(self): rsd = ResourceSetDescription(name='foo', scopes=['read', 'write']) res1 = self.rsdb.create(rsd.to_json(), 'alice') assert isinstance(res1, StatusResponse) assert list(res1.keys()) == ['_id'] rsd = ResourceSetDescription(name='bar', scopes=['read']) res2 = self.rsdb.create(rsd.to_json(), 'bob') assert isinstance(res2, StatusResponse) assert list(res2.keys()) == ['_id'] # list all resource set IDs assert self.rsdb.list('alice') == [res1['_id']] assert self.rsdb.list('bob') == [res2['_id']] try: self.rsdb.list('cesar') except KeyError: pass else: assert False _rsd = self.rsdb.read('alice', res1['_id']) _rsd['scopes'] = ['read', 'write', 'delete'] _rsd['type'] = 'application' res3 = self.rsdb.update(_rsd.to_json(), 'alice', res1['_id']) res4 = self.rsdb.read('alice', res3['_id']) assert set(res4.keys()) == {'name', 'scopes', 'type', '_id'}
def test_update(): rset = ResourceSetDB(DB_NAME, COLLECTION) rsd = ResourceSetDescription( name="Identity", scopes=[ "http://xenosmilus2.umdc.umu.se/uma/read/name", "http://xenosmilus2.umdc.umu.se/uma/read/phone", "http://xenosmilus2.umdc.umu.se/uma/read/email", "http://xenosmilus2.umdc.umu.se/uma/read/all" ]) status = rset.create(rsd.to_json()) assert status["status"] == "created" before = rset.read(status["_id"]) rsd["scopes"].append("http://xenosmilus2.umdc.umu.se/uma/read/contact") status2 = rset.update(rsd.to_json(), status["_id"]) assert status2["status"] == "updated" after = rset.read(status["_id"]) assert before["_rev"] != after["_rev"] assert len(after["scopes"]) == 5
def test_create(): rset = ResourceSetDB(DB_NAME, COLLECTION) rsd = ResourceSetDescription( name="Photo Album", icon_uri="http://www.example.com/icons/flower.png", scopes=[ "http://photoz.example.com/dev/scopes/view", "http://photoz.example.com/dev/scopes/all"], type="http://www.example.com/rsets/photoalbum") status = rset.create(rsd.to_json()) assert status assert status["status"] == "created" assert _eq(status.keys(), ["status", "_id", "_rev"]) item = rset.read(status["_id"]) assert item assert isinstance(item, ResourceSetDescription) assert item["name"] == rsd["name"] assert item["icon_uri"] == rsd["icon_uri"] assert item["type"] == rsd["type"] try: rset.read("phoney") assert False except UnknownObject: pass
def test_from_id(self): rsd = ResourceSetDescription(**{ "name": "Tweedl Social Service", "icon_uri": "http://www.example.com/icons/sharesocial.png", "scopes": [ "read-public", "post-updates", "read-private", "http://www.example.com/scopes/all" ], "type": "http://www.example.com/rsets/socialstream/140-compatible" }) res = self.rsdb.create(rsd.to_json(), 'alice') rsid = res['_id'] resdesc = self.rsdb.read(oid='alice', rsid=rsid) assert resdesc['name'] == "Tweedl Social Service" assert resdesc['icon_uri'] == 'http://www.example.com/icons/sharesocial.png' assert resdesc[ 'type'] == 'http://www.example.com/rsets/socialstream/140-compatible' assert resdesc['scopes'] == [ "read-public", "post-updates", "read-private", "http://www.example.com/scopes/all" ] _new = ResourceSetDescription(**{ "name": "Photo Album", "icon_uri": "http://www.example.com/icons/sky.png", "scopes": [ "http://photoz.example.com/dev/scopes/view", "public-read" ], "type": "http://www.example.com/rsets/photoalbum" }) res = self.rsdb.update(data=_new.to_json(), oid='alice', rsid=rsid) assert res['_id'] == rsid resdesc = self.rsdb.read(oid='alice', rsid=rsid) assert resdesc['name'] == "Photo Album" assert resdesc['icon_uri'] == 'http://www.example.com/icons/sky.png' assert resdesc['type'] == 'http://www.example.com/rsets/photoalbum' assert resdesc['scopes'] == [ "http://photoz.example.com/dev/scopes/view", "public-read"] self.rsdb.delete('alice', rsid) try: self.rsdb.read(oid='alice', rsid=rsid) except UnknownObject: pass
def test_senario_1(): # create ADB instance adb = ADB(KEYJAR, 3600, issuer, RESSRV, RSR_PATH) # register resource set rsd = ResourceSetDescription(name='foo', scopes=[READ, WRITE]) status = adb.resource_set.create(rsd.to_json(), 'alice') rsid = status['_id'] # assume no authorization decisions has been made # accessing a resource set will eventually result in a ticket being issued prreq = PermissionRegistrationRequest(resource_set_id=rsid, scopes=[READ]) ticket = adb.ticket_factory.pack(aud=['client_id']) adb.permission_requests[ticket] = [prreq] # Still no authz dec. So this should fail try: adb.issue_rpt(ticket, {'sub': 'roger'}) except TicketError as err: assert err.typ == 'not_authorized' else: assert False # Authz dec made permission = { 'resource_set_id': rsid, 'scopes': [READ], 'require': { 'sub': 'roger' } } pid = adb.store_permission(permission, 'alice') # Get an RPT. This should now work rpt = adb.issue_rpt(ticket, {'sub': 'roger'}) assert rpt # later use the RPT, turn into authz descriptions ad = adb.introspection(rpt) assert len(ad) == 1 assert ad[0]['resource_set_id'] == rsid assert ad[0]['scopes'] == [READ] # Get an RPT. This should not work since the ticket is 'one time use' try: adb.issue_rpt(ticket, {'sub': 'roger'}) except TicketError as err: assert err.typ == 'invalid' else: assert False # The authz on which issuing the RPT is based is removed adb.remove_permission('alice', pid=pid) # Now introspections should fail assert adb.introspection(rpt) == []
def test_create(self): rsd = ResourceSetDescription(name='foo', scopes=['read', 'write']) res = self.rsdb.create(rsd.to_json(), 'alice') assert isinstance(res, StatusResponse) assert list(res.keys()) == ['_id'] _rsd = self.rsdb.read('alice', res['_id']) assert _rsd['name'] == 'foo' assert _rsd['scopes'] == ['read', 'write']
def test_senario_1(): # create ADB instance adb = ADB(KEYJAR, 3600, issuer, RESSRV, RSR_PATH) # register resource set rsd = ResourceSetDescription(name='foo', scopes=[READ, WRITE]) status = adb.resource_set.create(rsd.to_json(), 'alice') rsid = status['_id'] # assume no authorization decisions has been made # accessing a resource set will eventually result in a ticket being issued prreq = PermissionRegistrationRequest(resource_set_id=rsid, scopes=[READ]) ticket = adb.ticket_factory.pack(aud=['client_id']) adb.permission_requests[ticket] = [prreq] # Still no authz dec. So this should fail try: adb.issue_rpt(ticket, {'sub': 'roger'}) except TicketError as err: assert err.typ == 'not_authorized' else: assert False # Authz dec made permission = {'resource_set_id': rsid, 'scopes': [READ], 'require': {'sub': 'roger'}} pid = adb.store_permission(permission, 'alice') # Get an RPT. This should now work rpt = adb.issue_rpt(ticket, {'sub': 'roger'}) assert rpt # later use the RPT, turn into authz descriptions ad = adb.introspection(rpt) assert len(ad) == 1 assert ad[0]['resource_set_id'] == rsid assert ad[0]['scopes'] == [READ] # Get an RPT. This should not work since the ticket is 'one time use' try: adb.issue_rpt(ticket, {'sub': 'roger'}) except TicketError as err: assert err.typ == 'invalid' else: assert False # The authz on which issuing the RPT is based is removed adb.remove_permission('alice', pid=pid) # Now introspections should fail assert adb.introspection(rpt) == []
def test_delete_resource_set(): uas = UmaAS() data = ResourceSetDescription(name="stuff", scopes=ALL).to_json() resp = uas.resource_set_registration_endpoint_("alice", RSR_PATH, method="POST", body=data, owner="alice", client_id="12345678") _stat = StatusResponse().from_json(resp.message) rsid = _stat["_id"] read_write = [SCOPES["read"], SCOPES["write"]] uas.store_permission("alice", "roger", {rsid: read_write}) resp = uas.resource_set_registration_endpoint_("alice", RSR_PATH + rsid, method="DELETE", owner="alice", client_id="12345678") assert isinstance(resp, NoContent) resp = uas.resource_set_registration_endpoint_("alice", RSR_PATH + "/" + rsid, method="GET", owner="alice", client_id="12345678") assert isinstance(resp, NotFound) with pytest.raises(KeyError): uas.read_permission("alice", "roger", rsid) # make sure permission is removed when rs is deleted
def test_resource_set_description(): msg = """{ "name": "Photo Album", "icon_uri": "http://www.example.com/icons/flower.png", "scopes": [ "http://photoz.example.com/dev/scopes/view", "http://photoz.example.com/dev/scopes/all" ], "type": "http://www.example.com/rsets/photoalbum" }""" rsc_set = ResourceSetDescription().deserialize(msg, "json") assert _eq(list(rsc_set.keys()), ["name", "icon_uri", "scopes", "type"]) assert rsc_set["name"] == "Photo Album" assert rsc_set["icon_uri"] == "http://www.example.com/icons/flower.png" assert _eq(rsc_set["scopes"], ["http://photoz.example.com/dev/scopes/view", "http://photoz.example.com/dev/scopes/all"]) assert rsc_set["type"] == "http://www.example.com/rsets/photoalbum"
def test_resource_set_description(): msg = """{ "name": "Photo Album", "icon_uri": "http://www.example.com/icons/flower.png", "scopes": [ "http://photoz.example.com/dev/scopes/view", "http://photoz.example.com/dev/scopes/all" ], "type": "http://www.example.com/rsets/photoalbum" }""" rsc_set = ResourceSetDescription().deserialize(msg, "json") assert _eq(list(rsc_set.keys()), ["name", "icon_uri", "scopes", "type"]) assert rsc_set["name"] == "Photo Album" assert rsc_set["icon_uri"] == "http://www.example.com/icons/flower.png" assert _eq(rsc_set["scopes"], [ "http://photoz.example.com/dev/scopes/view", "http://photoz.example.com/dev/scopes/all" ]) assert rsc_set["type"] == "http://www.example.com/rsets/photoalbum"
def test_rpt_endpoint(self): """ A couple of things have to happen before any action can occur on the rpt endpoint. 1. registration of Resource set 2. Registration of a permission request 3. Registration of an authorization """ # (1) register resource set read_write = [SCOPES[s] for s in ['read', 'write']] rsd = ResourceSetDescription(name='foo', scopes=read_write) resp = self.uas.resource_set_registration_endpoint_( "alice", RSR_PATH, method="POST", body=rsd.to_json(), client_id="12345678") rsid = StatusResponse().from_json(resp.message)['_id'] # (2) register a permission request read_write = [SCOPES[s] for s in ['read', 'write']] perm_reg = PermissionRegistrationRequest(resource_set_id=rsid, scopes=read_write) resp = self.uas.permission_registration_endpoint_( owner="alice", request=perm_reg.to_json(), client_id="12345678") assert isinstance(resp, Created) ticket = json.loads(resp.message)['ticket'] # (3) registration of authorization permission = {'resource_set_id': rsid, 'scopes': read_write, 'require': {'sub': 'roger'}} adb = self.uas.get_adb("12345678") adb.store_permission(permission, 'alice') # Get an RPT. This should work req = AuthorizationDataRequest(ticket=ticket) resp = self.uas.rpt_endpoint_('roger', '12345678', request=req.to_json()) assert resp
def __init__(self, conv): super(GetRequest, self).__init__(conv) rsets = conv.client.permreg.get(conv.resource_owner, "resource_set") rset = rsets[0] rsd = ResourceSetDescription().from_json(rset["resource_set_descr"]) self.request_args = { "user": "******", "requestor": "roger", "name": rsd["name"], "perm": [OPER2SCOPE["GET"]] } _as = conv.provider_info["C"].keys()[0] self.kw_args["endpoint"] = "%s/permreg" % _as self.kw_args["http_authz"] = ("alice", "krall")
def build_resource_set_description(self, user): """ Will return a list of ResourceSetDescriptions covering all resource sets. :param user: Who's resources to describe :return: list of 2-tuples (path, ResourceSetDescription instance) """ rsd = [] path = "%s/%s" % (self.root, user) for _p in os.listdir(path): _pname = os.path.join(path, _p) rsd.append((_pname, ResourceSetDescription(name=self.url(_pname), scopes=DEF_SCOPES))) return rsd
def _register(self, user, key, val=None, scopes=None, parent=None): if val: name = "{} {}={}".format(user, key, val) _id = _local_id(user, key, val) else: name = "{} {}".format(user, key) _id = _local_id(user, key) if scopes is None: scopes = self.scopes _rsd = ResourceSetDescription(scopes=scopes, name=name) self.lid2scopes[_id] = scopes if parent is not None: try: self.child_lid[parent].append(_id) except KeyError: self.child_lid[parent] = [_id] return _id, _rsd
def _register(self, prim, key, val=None, scopes=None, parent=None): if val: name = "{} {}={}".format(prim, key, val) _id = _local_id(prim, key, val) else: name = "{} {}".format(prim, key) _id = _local_id(prim, key) if scopes is None: scopes = list(self.scopes2op.keys()) _rsd = ResourceSetDescription(scopes=scopes, name=name) if parent is not None: self.lid2scopes[_id] = scopes try: self.child_lid[parent].append(_id) except: self.child_lid[parent] = [_id] return {_id: _rsd}
def test_inital_add(): uas = UmaAS() data = ResourceSetDescription(name="stuff", scopes=ALL).to_json() resp = uas.resource_set_registration_endpoint_("alice", RSR_PATH, method="POST", body=data, client_id="12345678", if_match="xyzzy") _stat = StatusResponse().from_json(resp.message) rsid = _stat["_id"] headers = dict(resp.headers) assert headers["Location"] == "/{}/{}".format(RSR_PATH, rsid) read_write = [SCOPES["read"], SCOPES["write"]] uas.permission_registration_endpoint_("alice", request=PermissionRegistrationRequest( resource_set_id=rsid, scopes=read_write).to_json()) uas.store_permission("alice", "roger", {rsid: read_write}) scopes, ts = uas.read_permission("alice", "roger", rsid) assert _eq(scopes, read_write)
def test_permission_registration_endpoint(self): data = ResourceSetDescription(name="stuff", scopes=ALL).to_json() # Register a resource set resp = self.uas.resource_set_registration_endpoint_( "alice", RSR_PATH, method="POST", body=data, client_id="12345678", if_match="xyzzy") rsid = StatusResponse().from_json(resp.message)['_id'] read_write = [SCOPES[s] for s in ['read', 'write']] perm_reg = PermissionRegistrationRequest(resource_set_id=rsid, scopes=read_write) resp = self.uas.permission_registration_endpoint_( owner="alice", request=perm_reg.to_json(), client_id="12345678") assert isinstance(resp, Created) # Trying to register a request with an unknown rsid perm_reg = PermissionRegistrationRequest( resource_set_id='0987654321', scopes=read_write) resp = self.uas.permission_registration_endpoint_( owner="alice", request=perm_reg.to_json(), client_id="12345678") assert isinstance(resp, BadRequest)
def test_resource_set_registration(): adb = ADB(KEYJAR, 3600, issuer, RESSRV, RSR_PATH) rsd = ResourceSetDescription(name='foo', scopes=[READ, WRITE]) code, msg, kwargs = adb.resource_set_registration('POST', 'alice', rsd.to_json()) assert code == 201 http_response = factory(code, msg, **kwargs) assert isinstance(http_response, Created) jm = json.loads(msg) rsid = jm['_id'] # List all rsid code, msg, kwargs = adb.resource_set_registration('GET', 'alice') assert code == 200 rsid_list = json.loads(msg) assert rsid in rsid_list # get a specific resource set code, msg, kwargs = adb.resource_set_registration('GET', 'alice', rsid=rsid) assert code == 200 rs = json.loads(msg) assert rs['name'] == rsd['name'] assert rs['scopes'] == rsd['scopes'] assert rs['_id'] == rsid # upload a new version of a resource set rsd = ResourceSetDescription(name='foo', scopes=[READ, WRITE], type='document') code, msg, kwargs = adb.resource_set_registration('PUT', 'alice', body=rsd.to_json(), rsid=rsid) assert code == 200 rs = json.loads(msg) assert rs['_id'] == rsid # make sure the change came through code, msg, kwargs = adb.resource_set_registration('GET', 'alice', rsid=rsid) assert code == 200 rs = json.loads(msg) assert _eq(list(rs.keys()), ['name', 'scopes', '_id', 'type']) for key in ['name', 'scopes', 'type']: assert rs[key] == rsd[key] assert rs['_id'] == rsid # delete resource set code, msg, kwargs = adb.resource_set_registration('DELETE', 'alice', rsid=rsid) assert code == 204 # List all rsid code, msg, kwargs = adb.resource_set_registration('GET', 'alice') assert code == 200 rsid_list = json.loads(msg) assert rsid_list == []
def test_resource_set_registration(): adb = ADB(KEYJAR, 3600, issuer, RESSRV, RSR_PATH) rsd = ResourceSetDescription(name='foo', scopes=[READ, WRITE]) code, msg, kwargs = adb.resource_set_registration('POST', 'alice', rsd.to_json()) assert code == 201 http_response = factory(code, msg, **kwargs) assert isinstance(http_response, Created) jm = json.loads(msg) rsid = jm['_id'] # List all rsid code, msg, kwargs = adb.resource_set_registration('GET', 'alice') assert code == 200 rsid_list = json.loads(msg) assert rsid in rsid_list # get a specific resource set code, msg, kwargs = adb.resource_set_registration('GET', 'alice', rsid=rsid) assert code == 200 rs = json.loads(msg) assert rs['name'] == rsd['name'] assert rs['scopes'] == rsd['scopes'] assert rs['_id'] == rsid # upload a new version of a resource set rsd = ResourceSetDescription(name='foo', scopes=[READ, WRITE], type='document') code, msg, kwargs = adb.resource_set_registration('PUT', 'alice', body=rsd.to_json(), rsid=rsid) assert code == 200 rs = json.loads(msg) assert rs['_id'] == rsid # make sure the change came through code, msg, kwargs = adb.resource_set_registration('GET', 'alice', rsid=rsid) assert code == 200 rs = json.loads(msg) assert _eq(list(rs.keys()),['name', 'scopes', '_id', 'type']) for key in ['name', 'scopes', 'type']: assert rs[key] == rsd[key] assert rs['_id'] == rsid # delete resource set code, msg, kwargs = adb.resource_set_registration('DELETE', 'alice', rsid=rsid) assert code == 204 # List all rsid code, msg, kwargs = adb.resource_set_registration('GET', 'alice') assert code == 200 rsid_list = json.loads(msg) assert rsid_list == []
def test_resource_set_registration_endpoint(self): rsd = ResourceSetDescription(name="stuff", scopes=ALL) # Register a resource set resp = self.uas.resource_set_registration_endpoint_( "alice", RSR_PATH, method="POST", body=rsd.to_json(), client_id="12345678", if_match="xyzzy") assert resp.status == '201 Created' # Verify that it went OK _stat = StatusResponse().from_json(resp.message) _stat.verify() rsid = _stat["_id"] # The header Location parameter shold contain a URL that can be used # to access the resource set description headers = dict(resp.headers) assert headers["Location"] == "/{}/{}".format(RSR_PATH, rsid) _path = headers["Location"] # list uploaded resource sets resp = self.uas.resource_set_registration_endpoint_( "alice", RSR_PATH, method="GET", client_id="12345678") assert resp.status == '200 OK' rsid_list = json.loads(resp.message) assert len(rsid_list) == 1 assert rsid in rsid_list # get a specific resource set resp = self.uas.resource_set_registration_endpoint_( "alice", _path, method="GET", client_id="12345678") assert resp.status == '200 OK' rset = json.loads(resp.message) assert rsd['name'] == rset['name'] # Upload a new version read_write = [SCOPES[s] for s in ['read', 'write']] rsd = ResourceSetDescription(name="stuff", scopes=read_write, type='document') resp = self.uas.resource_set_registration_endpoint_( "alice", _path, method="PUT", body=rsd.to_json(), client_id="12345678") assert resp.status == '200 OK' # Verify that it went OK _stat = StatusResponse().from_json(resp.message) _stat.verify() rsid = _stat["_id"] # make sure the change came through resp = self.uas.resource_set_registration_endpoint_( "alice", _path, method="GET", client_id="12345678") assert resp.status == '200 OK' rset = json.loads(resp.message) assert _eq(rset.keys(), ['name', 'scopes', 'type', '_id']) assert rset['type'] == rsd['type'] # delete a resource set resp = self.uas.resource_set_registration_endpoint_( "alice", _path, method="DELETE", client_id="12345678") assert resp.status == '204 No Content'
def test_from_id(self): rsd = ResourceSetDescription( **{ "name": "Tweedl Social Service", "icon_uri": "http://www.example.com/icons/sharesocial.png", "scopes": [ "read-public", "post-updates", "read-private", "http://www.example.com/scopes/all" ], "type": "http://www.example.com/rsets/socialstream/140-compatible" }) res = self.rsdb.create(rsd.to_json(), 'alice') rsid = res['_id'] resdesc = self.rsdb.read(oid='alice', rsid=rsid) assert resdesc['name'] == "Tweedl Social Service" assert resdesc[ 'icon_uri'] == 'http://www.example.com/icons/sharesocial.png' assert resdesc[ 'type'] == 'http://www.example.com/rsets/socialstream/140-compatible' assert resdesc['scopes'] == [ "read-public", "post-updates", "read-private", "http://www.example.com/scopes/all" ] _new = ResourceSetDescription( **{ "name": "Photo Album", "icon_uri": "http://www.example.com/icons/sky.png", "scopes": ["http://photoz.example.com/dev/scopes/view", "public-read"], "type": "http://www.example.com/rsets/photoalbum" }) res = self.rsdb.update(data=_new.to_json(), oid='alice', rsid=rsid) assert res['_id'] == rsid resdesc = self.rsdb.read(oid='alice', rsid=rsid) assert resdesc['name'] == "Photo Album" assert resdesc['icon_uri'] == 'http://www.example.com/icons/sky.png' assert resdesc['type'] == 'http://www.example.com/rsets/photoalbum' assert resdesc['scopes'] == [ "http://photoz.example.com/dev/scopes/view", "public-read" ] self.rsdb.delete('alice', rsid) try: self.rsdb.read(oid='alice', rsid=rsid) except UnknownObject: pass