def test_create_multi(self):
rsd = ResourceSetDescription(name='foo', scopes=['read', 'write'])
res1 = self.rsdb.create(rsd.to_json(), 'alice')
assert isinstance(res1, StatusResponse)
assert list(res1.keys()) == ['_id']
rsd = ResourceSetDescription(name='bar', scopes=['read'])
res2 = self.rsdb.create(rsd.to_json(), 'bob')
assert isinstance(res2, StatusResponse)
assert list(res2.keys()) == ['_id']
# list all resource set IDs
assert self.rsdb.list('alice') == [res1['_id']]
assert self.rsdb.list('bob') == [res2['_id']]
try:
self.rsdb.list('cesar')
except KeyError:
pass
else:
assert False
_rsd = self.rsdb.read('alice', res1['_id'])
_rsd['scopes'] = ['read', 'write', 'delete']
_rsd['type'] = 'application'
res3 = self.rsdb.update(_rsd.to_json(), 'alice', res1['_id'])
res4 = self.rsdb.read('alice', res3['_id'])
assert set(res4.keys()) == {'name', 'scopes', 'type', '_id'}
def test_create_multi(self):
rsd = ResourceSetDescription(name='foo', scopes=['read', 'write'])
res1 = self.rsdb.create(rsd.to_json(), 'alice')
assert isinstance(res1, StatusResponse)
assert list(res1.keys()) == ['_id']
rsd = ResourceSetDescription(name='bar', scopes=['read'])
res2 = self.rsdb.create(rsd.to_json(), 'bob')
assert isinstance(res2, StatusResponse)
assert list(res2.keys()) == ['_id']
# list all resource set IDs
assert self.rsdb.list('alice') == [res1['_id']]
assert self.rsdb.list('bob') == [res2['_id']]
try:
self.rsdb.list('cesar')
except KeyError:
pass
else:
assert False
_rsd = self.rsdb.read('alice', res1['_id'])
_rsd['scopes'] = ['read', 'write', 'delete']
_rsd['type'] = 'application'
res3 = self.rsdb.update(_rsd.to_json(), 'alice', res1['_id'])
res4 = self.rsdb.read('alice', res3['_id'])
assert set(res4.keys()) == {'name', 'scopes', 'type', '_id'}
def test_update():
rset = ResourceSetDB(DB_NAME, COLLECTION)
rsd = ResourceSetDescription(
name="Identity",
scopes=[
"http://xenosmilus2.umdc.umu.se/uma/read/name",
"http://xenosmilus2.umdc.umu.se/uma/read/phone",
"http://xenosmilus2.umdc.umu.se/uma/read/email",
"http://xenosmilus2.umdc.umu.se/uma/read/all"
])
status = rset.create(rsd.to_json())
assert status["status"] == "created"
before = rset.read(status["_id"])
rsd["scopes"].append("http://xenosmilus2.umdc.umu.se/uma/read/contact")
status2 = rset.update(rsd.to_json(), status["_id"])
assert status2["status"] == "updated"
after = rset.read(status["_id"])
assert before["_rev"] != after["_rev"]
assert len(after["scopes"]) == 5
def test_from_id(self):
rsd = ResourceSetDescription(**{
"name": "Tweedl Social Service",
"icon_uri": "http://www.example.com/icons/sharesocial.png",
"scopes": [
"read-public",
"post-updates",
"read-private",
"http://www.example.com/scopes/all"
],
"type": "http://www.example.com/rsets/socialstream/140-compatible"
})
res = self.rsdb.create(rsd.to_json(), 'alice')
rsid = res['_id']
resdesc = self.rsdb.read(oid='alice', rsid=rsid)
assert resdesc['name'] == "Tweedl Social Service"
assert resdesc['icon_uri'] == 'http://www.example.com/icons/sharesocial.png'
assert resdesc[
'type'] == 'http://www.example.com/rsets/socialstream/140-compatible'
assert resdesc['scopes'] == [
"read-public",
"post-updates",
"read-private",
"http://www.example.com/scopes/all"
]
_new = ResourceSetDescription(**{
"name": "Photo Album",
"icon_uri": "http://www.example.com/icons/sky.png",
"scopes": [
"http://photoz.example.com/dev/scopes/view",
"public-read"
],
"type": "http://www.example.com/rsets/photoalbum"
})
res = self.rsdb.update(data=_new.to_json(), oid='alice', rsid=rsid)
assert res['_id'] == rsid
resdesc = self.rsdb.read(oid='alice', rsid=rsid)
assert resdesc['name'] == "Photo Album"
assert resdesc['icon_uri'] == 'http://www.example.com/icons/sky.png'
assert resdesc['type'] == 'http://www.example.com/rsets/photoalbum'
assert resdesc['scopes'] == [
"http://photoz.example.com/dev/scopes/view", "public-read"]
self.rsdb.delete('alice', rsid)
try:
self.rsdb.read(oid='alice', rsid=rsid)
except UnknownObject:
pass
def test_create():
rset = ResourceSetDB(DB_NAME, COLLECTION)
rsd = ResourceSetDescription(
name="Photo Album",
icon_uri="http://www.example.com/icons/flower.png",
scopes=[
"http://photoz.example.com/dev/scopes/view",
"http://photoz.example.com/dev/scopes/all"],
type="http://www.example.com/rsets/photoalbum")
status = rset.create(rsd.to_json())
assert status
assert status["status"] == "created"
assert _eq(status.keys(), ["status", "_id", "_rev"])
item = rset.read(status["_id"])
assert item
assert isinstance(item, ResourceSetDescription)
assert item["name"] == rsd["name"]
assert item["icon_uri"] == rsd["icon_uri"]
assert item["type"] == rsd["type"]
try:
rset.read("phoney")
assert False
except UnknownObject:
pass
def test_senario_1():
# create ADB instance
adb = ADB(KEYJAR, 3600, issuer, RESSRV, RSR_PATH)
# register resource set
rsd = ResourceSetDescription(name='foo', scopes=[READ, WRITE])
status = adb.resource_set.create(rsd.to_json(), 'alice')
rsid = status['_id']
# assume no authorization decisions has been made
# accessing a resource set will eventually result in a ticket being issued
prreq = PermissionRegistrationRequest(resource_set_id=rsid, scopes=[READ])
ticket = adb.ticket_factory.pack(aud=['client_id'])
adb.permission_requests[ticket] = [prreq]
# Still no authz dec. So this should fail
try:
adb.issue_rpt(ticket, {'sub': 'roger'})
except TicketError as err:
assert err.typ == 'not_authorized'
else:
assert False
# Authz dec made
permission = {
'resource_set_id': rsid,
'scopes': [READ],
'require': {
'sub': 'roger'
}
}
pid = adb.store_permission(permission, 'alice')
# Get an RPT. This should now work
rpt = adb.issue_rpt(ticket, {'sub': 'roger'})
assert rpt
# later use the RPT, turn into authz descriptions
ad = adb.introspection(rpt)
assert len(ad) == 1
assert ad[0]['resource_set_id'] == rsid
assert ad[0]['scopes'] == [READ]
# Get an RPT. This should not work since the ticket is 'one time use'
try:
adb.issue_rpt(ticket, {'sub': 'roger'})
except TicketError as err:
assert err.typ == 'invalid'
else:
assert False
# The authz on which issuing the RPT is based is removed
adb.remove_permission('alice', pid=pid)
# Now introspections should fail
assert adb.introspection(rpt) == []
def test_create(self):
rsd = ResourceSetDescription(name='foo', scopes=['read', 'write'])
res = self.rsdb.create(rsd.to_json(), 'alice')
assert isinstance(res, StatusResponse)
assert list(res.keys()) == ['_id']
_rsd = self.rsdb.read('alice', res['_id'])
assert _rsd['name'] == 'foo'
assert _rsd['scopes'] == ['read', 'write']
def test_create(self):
rsd = ResourceSetDescription(name='foo', scopes=['read', 'write'])
res = self.rsdb.create(rsd.to_json(), 'alice')
assert isinstance(res, StatusResponse)
assert list(res.keys()) == ['_id']
_rsd = self.rsdb.read('alice', res['_id'])
assert _rsd['name'] == 'foo'
assert _rsd['scopes'] == ['read', 'write']
def test_senario_1():
# create ADB instance
adb = ADB(KEYJAR, 3600, issuer, RESSRV, RSR_PATH)
# register resource set
rsd = ResourceSetDescription(name='foo', scopes=[READ, WRITE])
status = adb.resource_set.create(rsd.to_json(), 'alice')
rsid = status['_id']
# assume no authorization decisions has been made
# accessing a resource set will eventually result in a ticket being issued
prreq = PermissionRegistrationRequest(resource_set_id=rsid, scopes=[READ])
ticket = adb.ticket_factory.pack(aud=['client_id'])
adb.permission_requests[ticket] = [prreq]
# Still no authz dec. So this should fail
try:
adb.issue_rpt(ticket, {'sub': 'roger'})
except TicketError as err:
assert err.typ == 'not_authorized'
else:
assert False
# Authz dec made
permission = {'resource_set_id': rsid, 'scopes': [READ],
'require': {'sub': 'roger'}}
pid = adb.store_permission(permission, 'alice')
# Get an RPT. This should now work
rpt = adb.issue_rpt(ticket, {'sub': 'roger'})
assert rpt
# later use the RPT, turn into authz descriptions
ad = adb.introspection(rpt)
assert len(ad) == 1
assert ad[0]['resource_set_id'] == rsid
assert ad[0]['scopes'] == [READ]
# Get an RPT. This should not work since the ticket is 'one time use'
try:
adb.issue_rpt(ticket, {'sub': 'roger'})
except TicketError as err:
assert err.typ == 'invalid'
else:
assert False
# The authz on which issuing the RPT is based is removed
adb.remove_permission('alice', pid=pid)
# Now introspections should fail
assert adb.introspection(rpt) == []
def test_rpt_endpoint(self):
"""
A couple of things have to happen before any action can occur on
the rpt endpoint.
1. registration of Resource set
2. Registration of a permission request
3. Registration of an authorization
"""
# (1) register resource set
read_write = [SCOPES[s] for s in ['read', 'write']]
rsd = ResourceSetDescription(name='foo', scopes=read_write)
resp = self.uas.resource_set_registration_endpoint_(
"alice", RSR_PATH, method="POST", body=rsd.to_json(),
client_id="12345678")
rsid = StatusResponse().from_json(resp.message)['_id']
# (2) register a permission request
read_write = [SCOPES[s] for s in ['read', 'write']]
perm_reg = PermissionRegistrationRequest(resource_set_id=rsid,
scopes=read_write)
resp = self.uas.permission_registration_endpoint_(
owner="alice", request=perm_reg.to_json(), client_id="12345678")
assert isinstance(resp, Created)
ticket = json.loads(resp.message)['ticket']
# (3) registration of authorization
permission = {'resource_set_id': rsid, 'scopes': read_write,
'require': {'sub': 'roger'}}
adb = self.uas.get_adb("12345678")
adb.store_permission(permission, 'alice')
# Get an RPT. This should work
req = AuthorizationDataRequest(ticket=ticket)
resp = self.uas.rpt_endpoint_('roger', '12345678',
request=req.to_json())
assert resp
def test_resource_set_registration_endpoint(self):
rsd = ResourceSetDescription(name="stuff", scopes=ALL)
# Register a resource set
resp = self.uas.resource_set_registration_endpoint_(
"alice", RSR_PATH, method="POST", body=rsd.to_json(),
client_id="12345678", if_match="xyzzy")
assert resp.status == '201 Created'
# Verify that it went OK
_stat = StatusResponse().from_json(resp.message)
_stat.verify()
rsid = _stat["_id"]
# The header Location parameter shold contain a URL that can be used
# to access the resource set description
headers = dict(resp.headers)
assert headers["Location"] == "/{}/{}".format(RSR_PATH, rsid)
_path = headers["Location"]
# list uploaded resource sets
resp = self.uas.resource_set_registration_endpoint_(
"alice", RSR_PATH, method="GET", client_id="12345678")
assert resp.status == '200 OK'
rsid_list = json.loads(resp.message)
assert len(rsid_list) == 1
assert rsid in rsid_list
# get a specific resource set
resp = self.uas.resource_set_registration_endpoint_(
"alice", _path, method="GET", client_id="12345678")
assert resp.status == '200 OK'
rset = json.loads(resp.message)
assert rsd['name'] == rset['name']
# Upload a new version
read_write = [SCOPES[s] for s in ['read', 'write']]
rsd = ResourceSetDescription(name="stuff", scopes=read_write,
type='document')
resp = self.uas.resource_set_registration_endpoint_(
"alice", _path, method="PUT", body=rsd.to_json(),
client_id="12345678")
assert resp.status == '200 OK'
# Verify that it went OK
_stat = StatusResponse().from_json(resp.message)
_stat.verify()
rsid = _stat["_id"]
# make sure the change came through
resp = self.uas.resource_set_registration_endpoint_(
"alice", _path, method="GET", client_id="12345678")
assert resp.status == '200 OK'
rset = json.loads(resp.message)
assert _eq(rset.keys(), ['name', 'scopes', 'type', '_id'])
assert rset['type'] == rsd['type']
# delete a resource set
resp = self.uas.resource_set_registration_endpoint_(
"alice", _path, method="DELETE", client_id="12345678")
assert resp.status == '204 No Content'
def test_from_id(self):
rsd = ResourceSetDescription(
**{
"name":
"Tweedl Social Service",
"icon_uri":
"http://www.example.com/icons/sharesocial.png",
"scopes": [
"read-public", "post-updates", "read-private",
"http://www.example.com/scopes/all"
],
"type":
"http://www.example.com/rsets/socialstream/140-compatible"
})
res = self.rsdb.create(rsd.to_json(), 'alice')
rsid = res['_id']
resdesc = self.rsdb.read(oid='alice', rsid=rsid)
assert resdesc['name'] == "Tweedl Social Service"
assert resdesc[
'icon_uri'] == 'http://www.example.com/icons/sharesocial.png'
assert resdesc[
'type'] == 'http://www.example.com/rsets/socialstream/140-compatible'
assert resdesc['scopes'] == [
"read-public", "post-updates", "read-private",
"http://www.example.com/scopes/all"
]
_new = ResourceSetDescription(
**{
"name":
"Photo Album",
"icon_uri":
"http://www.example.com/icons/sky.png",
"scopes":
["http://photoz.example.com/dev/scopes/view", "public-read"],
"type":
"http://www.example.com/rsets/photoalbum"
})
res = self.rsdb.update(data=_new.to_json(), oid='alice', rsid=rsid)
assert res['_id'] == rsid
resdesc = self.rsdb.read(oid='alice', rsid=rsid)
assert resdesc['name'] == "Photo Album"
assert resdesc['icon_uri'] == 'http://www.example.com/icons/sky.png'
assert resdesc['type'] == 'http://www.example.com/rsets/photoalbum'
assert resdesc['scopes'] == [
"http://photoz.example.com/dev/scopes/view", "public-read"
]
self.rsdb.delete('alice', rsid)
try:
self.rsdb.read(oid='alice', rsid=rsid)
except UnknownObject:
pass
def test_resource_set_registration():
adb = ADB(KEYJAR, 3600, issuer, RESSRV, RSR_PATH)
rsd = ResourceSetDescription(name='foo', scopes=[READ, WRITE])
code, msg, kwargs = adb.resource_set_registration('POST', 'alice',
rsd.to_json())
assert code == 201
http_response = factory(code, msg, **kwargs)
assert isinstance(http_response, Created)
jm = json.loads(msg)
rsid = jm['_id']
# List all rsid
code, msg, kwargs = adb.resource_set_registration('GET', 'alice')
assert code == 200
rsid_list = json.loads(msg)
assert rsid in rsid_list
# get a specific resource set
code, msg, kwargs = adb.resource_set_registration('GET', 'alice', rsid=rsid)
assert code == 200
rs = json.loads(msg)
assert rs['name'] == rsd['name']
assert rs['scopes'] == rsd['scopes']
assert rs['_id'] == rsid
# upload a new version of a resource set
rsd = ResourceSetDescription(name='foo', scopes=[READ, WRITE],
type='document')
code, msg, kwargs = adb.resource_set_registration('PUT', 'alice',
body=rsd.to_json(),
rsid=rsid)
assert code == 200
rs = json.loads(msg)
assert rs['_id'] == rsid
# make sure the change came through
code, msg, kwargs = adb.resource_set_registration('GET', 'alice', rsid=rsid)
assert code == 200
rs = json.loads(msg)
assert _eq(list(rs.keys()),['name', 'scopes', '_id', 'type'])
for key in ['name', 'scopes', 'type']:
assert rs[key] == rsd[key]
assert rs['_id'] == rsid
# delete resource set
code, msg, kwargs = adb.resource_set_registration('DELETE', 'alice',
rsid=rsid)
assert code == 204
# List all rsid
code, msg, kwargs = adb.resource_set_registration('GET', 'alice')
assert code == 200
rsid_list = json.loads(msg)
assert rsid_list == []
def test_resource_set_registration():
adb = ADB(KEYJAR, 3600, issuer, RESSRV, RSR_PATH)
rsd = ResourceSetDescription(name='foo', scopes=[READ, WRITE])
code, msg, kwargs = adb.resource_set_registration('POST', 'alice',
rsd.to_json())
assert code == 201
http_response = factory(code, msg, **kwargs)
assert isinstance(http_response, Created)
jm = json.loads(msg)
rsid = jm['_id']
# List all rsid
code, msg, kwargs = adb.resource_set_registration('GET', 'alice')
assert code == 200
rsid_list = json.loads(msg)
assert rsid in rsid_list
# get a specific resource set
code, msg, kwargs = adb.resource_set_registration('GET',
'alice',
rsid=rsid)
assert code == 200
rs = json.loads(msg)
assert rs['name'] == rsd['name']
assert rs['scopes'] == rsd['scopes']
assert rs['_id'] == rsid
# upload a new version of a resource set
rsd = ResourceSetDescription(name='foo',
scopes=[READ, WRITE],
type='document')
code, msg, kwargs = adb.resource_set_registration('PUT',
'alice',
body=rsd.to_json(),
rsid=rsid)
assert code == 200
rs = json.loads(msg)
assert rs['_id'] == rsid
# make sure the change came through
code, msg, kwargs = adb.resource_set_registration('GET',
'alice',
rsid=rsid)
assert code == 200
rs = json.loads(msg)
assert _eq(list(rs.keys()), ['name', 'scopes', '_id', 'type'])
for key in ['name', 'scopes', 'type']:
assert rs[key] == rsd[key]
assert rs['_id'] == rsid
# delete resource set
code, msg, kwargs = adb.resource_set_registration('DELETE',
'alice',
rsid=rsid)
assert code == 204
# List all rsid
code, msg, kwargs = adb.resource_set_registration('GET', 'alice')
assert code == 200
rsid_list = json.loads(msg)
assert rsid_list == []
