def test_create_multi(self): rsd = ResourceSetDescription(name='foo', scopes=['read', 'write']) res1 = self.rsdb.create(rsd.to_json(), 'alice') assert isinstance(res1, StatusResponse) assert list(res1.keys()) == ['_id'] rsd = ResourceSetDescription(name='bar', scopes=['read']) res2 = self.rsdb.create(rsd.to_json(), 'bob') assert isinstance(res2, StatusResponse) assert list(res2.keys()) == ['_id'] # list all resource set IDs assert self.rsdb.list('alice') == [res1['_id']] assert self.rsdb.list('bob') == [res2['_id']] try: self.rsdb.list('cesar') except KeyError: pass else: assert False _rsd = self.rsdb.read('alice', res1['_id']) _rsd['scopes'] = ['read', 'write', 'delete'] _rsd['type'] = 'application' res3 = self.rsdb.update(_rsd.to_json(), 'alice', res1['_id']) res4 = self.rsdb.read('alice', res3['_id']) assert set(res4.keys()) == {'name', 'scopes', 'type', '_id'}
def test_create_multi(self): rsd = ResourceSetDescription(name='foo', scopes=['read', 'write']) res1 = self.rsdb.create(rsd.to_json(), 'alice') assert isinstance(res1, StatusResponse) assert list(res1.keys()) == ['_id'] rsd = ResourceSetDescription(name='bar', scopes=['read']) res2 = self.rsdb.create(rsd.to_json(), 'bob') assert isinstance(res2, StatusResponse) assert list(res2.keys()) == ['_id'] # list all resource set IDs assert self.rsdb.list('alice') == [res1['_id']] assert self.rsdb.list('bob') == [res2['_id']] try: self.rsdb.list('cesar') except KeyError: pass else: assert False _rsd = self.rsdb.read('alice', res1['_id']) _rsd['scopes'] = ['read', 'write', 'delete'] _rsd['type'] = 'application' res3 = self.rsdb.update(_rsd.to_json(), 'alice', res1['_id']) res4 = self.rsdb.read('alice', res3['_id']) assert set(res4.keys()) == {'name', 'scopes', 'type', '_id'}
def test_update(): rset = ResourceSetDB(DB_NAME, COLLECTION) rsd = ResourceSetDescription( name="Identity", scopes=[ "http://xenosmilus2.umdc.umu.se/uma/read/name", "http://xenosmilus2.umdc.umu.se/uma/read/phone", "http://xenosmilus2.umdc.umu.se/uma/read/email", "http://xenosmilus2.umdc.umu.se/uma/read/all" ]) status = rset.create(rsd.to_json()) assert status["status"] == "created" before = rset.read(status["_id"]) rsd["scopes"].append("http://xenosmilus2.umdc.umu.se/uma/read/contact") status2 = rset.update(rsd.to_json(), status["_id"]) assert status2["status"] == "updated" after = rset.read(status["_id"]) assert before["_rev"] != after["_rev"] assert len(after["scopes"]) == 5
def test_from_id(self): rsd = ResourceSetDescription(**{ "name": "Tweedl Social Service", "icon_uri": "http://www.example.com/icons/sharesocial.png", "scopes": [ "read-public", "post-updates", "read-private", "http://www.example.com/scopes/all" ], "type": "http://www.example.com/rsets/socialstream/140-compatible" }) res = self.rsdb.create(rsd.to_json(), 'alice') rsid = res['_id'] resdesc = self.rsdb.read(oid='alice', rsid=rsid) assert resdesc['name'] == "Tweedl Social Service" assert resdesc['icon_uri'] == 'http://www.example.com/icons/sharesocial.png' assert resdesc[ 'type'] == 'http://www.example.com/rsets/socialstream/140-compatible' assert resdesc['scopes'] == [ "read-public", "post-updates", "read-private", "http://www.example.com/scopes/all" ] _new = ResourceSetDescription(**{ "name": "Photo Album", "icon_uri": "http://www.example.com/icons/sky.png", "scopes": [ "http://photoz.example.com/dev/scopes/view", "public-read" ], "type": "http://www.example.com/rsets/photoalbum" }) res = self.rsdb.update(data=_new.to_json(), oid='alice', rsid=rsid) assert res['_id'] == rsid resdesc = self.rsdb.read(oid='alice', rsid=rsid) assert resdesc['name'] == "Photo Album" assert resdesc['icon_uri'] == 'http://www.example.com/icons/sky.png' assert resdesc['type'] == 'http://www.example.com/rsets/photoalbum' assert resdesc['scopes'] == [ "http://photoz.example.com/dev/scopes/view", "public-read"] self.rsdb.delete('alice', rsid) try: self.rsdb.read(oid='alice', rsid=rsid) except UnknownObject: pass
def test_create(): rset = ResourceSetDB(DB_NAME, COLLECTION) rsd = ResourceSetDescription( name="Photo Album", icon_uri="http://www.example.com/icons/flower.png", scopes=[ "http://photoz.example.com/dev/scopes/view", "http://photoz.example.com/dev/scopes/all"], type="http://www.example.com/rsets/photoalbum") status = rset.create(rsd.to_json()) assert status assert status["status"] == "created" assert _eq(status.keys(), ["status", "_id", "_rev"]) item = rset.read(status["_id"]) assert item assert isinstance(item, ResourceSetDescription) assert item["name"] == rsd["name"] assert item["icon_uri"] == rsd["icon_uri"] assert item["type"] == rsd["type"] try: rset.read("phoney") assert False except UnknownObject: pass
def test_senario_1(): # create ADB instance adb = ADB(KEYJAR, 3600, issuer, RESSRV, RSR_PATH) # register resource set rsd = ResourceSetDescription(name='foo', scopes=[READ, WRITE]) status = adb.resource_set.create(rsd.to_json(), 'alice') rsid = status['_id'] # assume no authorization decisions has been made # accessing a resource set will eventually result in a ticket being issued prreq = PermissionRegistrationRequest(resource_set_id=rsid, scopes=[READ]) ticket = adb.ticket_factory.pack(aud=['client_id']) adb.permission_requests[ticket] = [prreq] # Still no authz dec. So this should fail try: adb.issue_rpt(ticket, {'sub': 'roger'}) except TicketError as err: assert err.typ == 'not_authorized' else: assert False # Authz dec made permission = { 'resource_set_id': rsid, 'scopes': [READ], 'require': { 'sub': 'roger' } } pid = adb.store_permission(permission, 'alice') # Get an RPT. This should now work rpt = adb.issue_rpt(ticket, {'sub': 'roger'}) assert rpt # later use the RPT, turn into authz descriptions ad = adb.introspection(rpt) assert len(ad) == 1 assert ad[0]['resource_set_id'] == rsid assert ad[0]['scopes'] == [READ] # Get an RPT. This should not work since the ticket is 'one time use' try: adb.issue_rpt(ticket, {'sub': 'roger'}) except TicketError as err: assert err.typ == 'invalid' else: assert False # The authz on which issuing the RPT is based is removed adb.remove_permission('alice', pid=pid) # Now introspections should fail assert adb.introspection(rpt) == []
def test_create(self): rsd = ResourceSetDescription(name='foo', scopes=['read', 'write']) res = self.rsdb.create(rsd.to_json(), 'alice') assert isinstance(res, StatusResponse) assert list(res.keys()) == ['_id'] _rsd = self.rsdb.read('alice', res['_id']) assert _rsd['name'] == 'foo' assert _rsd['scopes'] == ['read', 'write']
def test_create(self): rsd = ResourceSetDescription(name='foo', scopes=['read', 'write']) res = self.rsdb.create(rsd.to_json(), 'alice') assert isinstance(res, StatusResponse) assert list(res.keys()) == ['_id'] _rsd = self.rsdb.read('alice', res['_id']) assert _rsd['name'] == 'foo' assert _rsd['scopes'] == ['read', 'write']
def test_senario_1(): # create ADB instance adb = ADB(KEYJAR, 3600, issuer, RESSRV, RSR_PATH) # register resource set rsd = ResourceSetDescription(name='foo', scopes=[READ, WRITE]) status = adb.resource_set.create(rsd.to_json(), 'alice') rsid = status['_id'] # assume no authorization decisions has been made # accessing a resource set will eventually result in a ticket being issued prreq = PermissionRegistrationRequest(resource_set_id=rsid, scopes=[READ]) ticket = adb.ticket_factory.pack(aud=['client_id']) adb.permission_requests[ticket] = [prreq] # Still no authz dec. So this should fail try: adb.issue_rpt(ticket, {'sub': 'roger'}) except TicketError as err: assert err.typ == 'not_authorized' else: assert False # Authz dec made permission = {'resource_set_id': rsid, 'scopes': [READ], 'require': {'sub': 'roger'}} pid = adb.store_permission(permission, 'alice') # Get an RPT. This should now work rpt = adb.issue_rpt(ticket, {'sub': 'roger'}) assert rpt # later use the RPT, turn into authz descriptions ad = adb.introspection(rpt) assert len(ad) == 1 assert ad[0]['resource_set_id'] == rsid assert ad[0]['scopes'] == [READ] # Get an RPT. This should not work since the ticket is 'one time use' try: adb.issue_rpt(ticket, {'sub': 'roger'}) except TicketError as err: assert err.typ == 'invalid' else: assert False # The authz on which issuing the RPT is based is removed adb.remove_permission('alice', pid=pid) # Now introspections should fail assert adb.introspection(rpt) == []
def test_rpt_endpoint(self): """ A couple of things have to happen before any action can occur on the rpt endpoint. 1. registration of Resource set 2. Registration of a permission request 3. Registration of an authorization """ # (1) register resource set read_write = [SCOPES[s] for s in ['read', 'write']] rsd = ResourceSetDescription(name='foo', scopes=read_write) resp = self.uas.resource_set_registration_endpoint_( "alice", RSR_PATH, method="POST", body=rsd.to_json(), client_id="12345678") rsid = StatusResponse().from_json(resp.message)['_id'] # (2) register a permission request read_write = [SCOPES[s] for s in ['read', 'write']] perm_reg = PermissionRegistrationRequest(resource_set_id=rsid, scopes=read_write) resp = self.uas.permission_registration_endpoint_( owner="alice", request=perm_reg.to_json(), client_id="12345678") assert isinstance(resp, Created) ticket = json.loads(resp.message)['ticket'] # (3) registration of authorization permission = {'resource_set_id': rsid, 'scopes': read_write, 'require': {'sub': 'roger'}} adb = self.uas.get_adb("12345678") adb.store_permission(permission, 'alice') # Get an RPT. This should work req = AuthorizationDataRequest(ticket=ticket) resp = self.uas.rpt_endpoint_('roger', '12345678', request=req.to_json()) assert resp
def test_resource_set_registration_endpoint(self): rsd = ResourceSetDescription(name="stuff", scopes=ALL) # Register a resource set resp = self.uas.resource_set_registration_endpoint_( "alice", RSR_PATH, method="POST", body=rsd.to_json(), client_id="12345678", if_match="xyzzy") assert resp.status == '201 Created' # Verify that it went OK _stat = StatusResponse().from_json(resp.message) _stat.verify() rsid = _stat["_id"] # The header Location parameter shold contain a URL that can be used # to access the resource set description headers = dict(resp.headers) assert headers["Location"] == "/{}/{}".format(RSR_PATH, rsid) _path = headers["Location"] # list uploaded resource sets resp = self.uas.resource_set_registration_endpoint_( "alice", RSR_PATH, method="GET", client_id="12345678") assert resp.status == '200 OK' rsid_list = json.loads(resp.message) assert len(rsid_list) == 1 assert rsid in rsid_list # get a specific resource set resp = self.uas.resource_set_registration_endpoint_( "alice", _path, method="GET", client_id="12345678") assert resp.status == '200 OK' rset = json.loads(resp.message) assert rsd['name'] == rset['name'] # Upload a new version read_write = [SCOPES[s] for s in ['read', 'write']] rsd = ResourceSetDescription(name="stuff", scopes=read_write, type='document') resp = self.uas.resource_set_registration_endpoint_( "alice", _path, method="PUT", body=rsd.to_json(), client_id="12345678") assert resp.status == '200 OK' # Verify that it went OK _stat = StatusResponse().from_json(resp.message) _stat.verify() rsid = _stat["_id"] # make sure the change came through resp = self.uas.resource_set_registration_endpoint_( "alice", _path, method="GET", client_id="12345678") assert resp.status == '200 OK' rset = json.loads(resp.message) assert _eq(rset.keys(), ['name', 'scopes', 'type', '_id']) assert rset['type'] == rsd['type'] # delete a resource set resp = self.uas.resource_set_registration_endpoint_( "alice", _path, method="DELETE", client_id="12345678") assert resp.status == '204 No Content'
def test_from_id(self): rsd = ResourceSetDescription( **{ "name": "Tweedl Social Service", "icon_uri": "http://www.example.com/icons/sharesocial.png", "scopes": [ "read-public", "post-updates", "read-private", "http://www.example.com/scopes/all" ], "type": "http://www.example.com/rsets/socialstream/140-compatible" }) res = self.rsdb.create(rsd.to_json(), 'alice') rsid = res['_id'] resdesc = self.rsdb.read(oid='alice', rsid=rsid) assert resdesc['name'] == "Tweedl Social Service" assert resdesc[ 'icon_uri'] == 'http://www.example.com/icons/sharesocial.png' assert resdesc[ 'type'] == 'http://www.example.com/rsets/socialstream/140-compatible' assert resdesc['scopes'] == [ "read-public", "post-updates", "read-private", "http://www.example.com/scopes/all" ] _new = ResourceSetDescription( **{ "name": "Photo Album", "icon_uri": "http://www.example.com/icons/sky.png", "scopes": ["http://photoz.example.com/dev/scopes/view", "public-read"], "type": "http://www.example.com/rsets/photoalbum" }) res = self.rsdb.update(data=_new.to_json(), oid='alice', rsid=rsid) assert res['_id'] == rsid resdesc = self.rsdb.read(oid='alice', rsid=rsid) assert resdesc['name'] == "Photo Album" assert resdesc['icon_uri'] == 'http://www.example.com/icons/sky.png' assert resdesc['type'] == 'http://www.example.com/rsets/photoalbum' assert resdesc['scopes'] == [ "http://photoz.example.com/dev/scopes/view", "public-read" ] self.rsdb.delete('alice', rsid) try: self.rsdb.read(oid='alice', rsid=rsid) except UnknownObject: pass
def test_resource_set_registration(): adb = ADB(KEYJAR, 3600, issuer, RESSRV, RSR_PATH) rsd = ResourceSetDescription(name='foo', scopes=[READ, WRITE]) code, msg, kwargs = adb.resource_set_registration('POST', 'alice', rsd.to_json()) assert code == 201 http_response = factory(code, msg, **kwargs) assert isinstance(http_response, Created) jm = json.loads(msg) rsid = jm['_id'] # List all rsid code, msg, kwargs = adb.resource_set_registration('GET', 'alice') assert code == 200 rsid_list = json.loads(msg) assert rsid in rsid_list # get a specific resource set code, msg, kwargs = adb.resource_set_registration('GET', 'alice', rsid=rsid) assert code == 200 rs = json.loads(msg) assert rs['name'] == rsd['name'] assert rs['scopes'] == rsd['scopes'] assert rs['_id'] == rsid # upload a new version of a resource set rsd = ResourceSetDescription(name='foo', scopes=[READ, WRITE], type='document') code, msg, kwargs = adb.resource_set_registration('PUT', 'alice', body=rsd.to_json(), rsid=rsid) assert code == 200 rs = json.loads(msg) assert rs['_id'] == rsid # make sure the change came through code, msg, kwargs = adb.resource_set_registration('GET', 'alice', rsid=rsid) assert code == 200 rs = json.loads(msg) assert _eq(list(rs.keys()),['name', 'scopes', '_id', 'type']) for key in ['name', 'scopes', 'type']: assert rs[key] == rsd[key] assert rs['_id'] == rsid # delete resource set code, msg, kwargs = adb.resource_set_registration('DELETE', 'alice', rsid=rsid) assert code == 204 # List all rsid code, msg, kwargs = adb.resource_set_registration('GET', 'alice') assert code == 200 rsid_list = json.loads(msg) assert rsid_list == []
def test_resource_set_registration(): adb = ADB(KEYJAR, 3600, issuer, RESSRV, RSR_PATH) rsd = ResourceSetDescription(name='foo', scopes=[READ, WRITE]) code, msg, kwargs = adb.resource_set_registration('POST', 'alice', rsd.to_json()) assert code == 201 http_response = factory(code, msg, **kwargs) assert isinstance(http_response, Created) jm = json.loads(msg) rsid = jm['_id'] # List all rsid code, msg, kwargs = adb.resource_set_registration('GET', 'alice') assert code == 200 rsid_list = json.loads(msg) assert rsid in rsid_list # get a specific resource set code, msg, kwargs = adb.resource_set_registration('GET', 'alice', rsid=rsid) assert code == 200 rs = json.loads(msg) assert rs['name'] == rsd['name'] assert rs['scopes'] == rsd['scopes'] assert rs['_id'] == rsid # upload a new version of a resource set rsd = ResourceSetDescription(name='foo', scopes=[READ, WRITE], type='document') code, msg, kwargs = adb.resource_set_registration('PUT', 'alice', body=rsd.to_json(), rsid=rsid) assert code == 200 rs = json.loads(msg) assert rs['_id'] == rsid # make sure the change came through code, msg, kwargs = adb.resource_set_registration('GET', 'alice', rsid=rsid) assert code == 200 rs = json.loads(msg) assert _eq(list(rs.keys()), ['name', 'scopes', '_id', 'type']) for key in ['name', 'scopes', 'type']: assert rs[key] == rsd[key] assert rs['_id'] == rsid # delete resource set code, msg, kwargs = adb.resource_set_registration('DELETE', 'alice', rsid=rsid) assert code == 204 # List all rsid code, msg, kwargs = adb.resource_set_registration('GET', 'alice') assert code == 200 rsid_list = json.loads(msg) assert rsid_list == []