def test_delete_resource_set():
uas = UmaAS()
data = ResourceSetDescription(name="stuff", scopes=ALL).to_json()
resp = uas.resource_set_registration_endpoint_("alice", RSR_PATH, method="POST",
body=data, owner="alice",
client_id="12345678")
_stat = StatusResponse().from_json(resp.message)
rsid = _stat["_id"]
read_write = [SCOPES["read"], SCOPES["write"]]
uas.store_permission("alice", "roger", {rsid: read_write})
resp = uas.resource_set_registration_endpoint_("alice", RSR_PATH + rsid,
method="DELETE", owner="alice",
client_id="12345678")
assert isinstance(resp, NoContent)
resp = uas.resource_set_registration_endpoint_("alice", RSR_PATH + "/" + rsid,
method="GET", owner="alice",
client_id="12345678")
assert isinstance(resp, NotFound)
with pytest.raises(KeyError):
uas.read_permission("alice", "roger", rsid) # make sure permission is removed when rs is deleted
def register_resource_set_description(self, info_filter=None, scopes=None):
res_set_desc = self.register_init(info_filter, scopes)
for lid, _desc in res_set_desc.items():
res = self.create_resource_set_description(request_args=_desc)
sr = StatusResponse().from_json(res.message)
assert res.status == "201 Created"
# The resource server should keep a map between resource and AS (
# _rev,_id)
rsid = sr['_id']
self.rsd_map[lid] = {'_id': rsid, 'resource_set_desc': _desc}
self.rsid2lid[rsid] = lid
def update(self, data, oid, rsid):
try:
_ = self.db[oid][rsid]
except KeyError:
raise UnknownObject()
_dat = json.loads(data)
_d = dict([(c, v) for c, v in list(_dat.items())
if c in RSR and c != "_id"])
_new = ResourceSetResponse(**_d)
_new["_id"] = rsid
_new.verify()
if _new:
self.db[oid][rsid] = _new
# new revision
self.etag[rsid] = str(uuid.uuid4())
status = StatusResponse(_id=rsid)
else:
status = StatusResponse(_id=rsid)
return status
def test_rpt_endpoint(self):
"""
A couple of things have to happen before any action can occur on
the rpt endpoint.
1. registration of Resource set
2. Registration of a permission request
3. Registration of an authorization
"""
# (1) register resource set
read_write = [SCOPES[s] for s in ['read', 'write']]
rsd = ResourceSetDescription(name='foo', scopes=read_write)
resp = self.uas.resource_set_registration_endpoint_(
"alice", RSR_PATH, method="POST", body=rsd.to_json(),
client_id="12345678")
rsid = StatusResponse().from_json(resp.message)['_id']
# (2) register a permission request
read_write = [SCOPES[s] for s in ['read', 'write']]
perm_reg = PermissionRegistrationRequest(resource_set_id=rsid,
scopes=read_write)
resp = self.uas.permission_registration_endpoint_(
owner="alice", request=perm_reg.to_json(), client_id="12345678")
assert isinstance(resp, Created)
ticket = json.loads(resp.message)['ticket']
# (3) registration of authorization
permission = {'resource_set_id': rsid, 'scopes': read_write,
'require': {'sub': 'roger'}}
adb = self.uas.get_adb("12345678")
adb.store_permission(permission, 'alice')
# Get an RPT. This should work
req = AuthorizationDataRequest(ticket=ticket)
resp = self.uas.rpt_endpoint_('roger', '12345678',
request=req.to_json())
assert resp
def create(self, data, oid):
rset = ResourceSetResponse().deserialize(data, "json")
rset.weed()
m = hashlib.md5(rset.to_json().encode("utf8"))
rsid = m.hexdigest()
rset["_id"] = rsid
# Need to add _id before verifying
rset.verify()
try:
self.db[oid][rsid] = rset
except KeyError:
self.db[oid] = {rsid: rset}
# backward lookup table
self.rsid2oid[rsid] = oid
# add a revision number
self.etag[rsid] = str(uuid.uuid4())
status = StatusResponse(_id=rsid)
return status
def test_inital_add():
uas = UmaAS()
data = ResourceSetDescription(name="stuff", scopes=ALL).to_json()
resp = uas.resource_set_registration_endpoint_("alice", RSR_PATH, method="POST",
body=data, client_id="12345678",
if_match="xyzzy")
_stat = StatusResponse().from_json(resp.message)
rsid = _stat["_id"]
headers = dict(resp.headers)
assert headers["Location"] == "/{}/{}".format(RSR_PATH, rsid)
read_write = [SCOPES["read"], SCOPES["write"]]
uas.permission_registration_endpoint_("alice", request=PermissionRegistrationRequest(
resource_set_id=rsid, scopes=read_write).to_json())
uas.store_permission("alice", "roger", {rsid: read_write})
scopes, ts = uas.read_permission("alice", "roger", rsid)
assert _eq(scopes, read_write)
def test_permission_registration_endpoint(self):
data = ResourceSetDescription(name="stuff", scopes=ALL).to_json()
# Register a resource set
resp = self.uas.resource_set_registration_endpoint_(
"alice", RSR_PATH, method="POST", body=data, client_id="12345678",
if_match="xyzzy")
rsid = StatusResponse().from_json(resp.message)['_id']
read_write = [SCOPES[s] for s in ['read', 'write']]
perm_reg = PermissionRegistrationRequest(resource_set_id=rsid,
scopes=read_write)
resp = self.uas.permission_registration_endpoint_(
owner="alice", request=perm_reg.to_json(), client_id="12345678")
assert isinstance(resp, Created)
# Trying to register a request with an unknown rsid
perm_reg = PermissionRegistrationRequest(
resource_set_id='0987654321', scopes=read_write)
resp = self.uas.permission_registration_endpoint_(
owner="alice", request=perm_reg.to_json(), client_id="12345678")
assert isinstance(resp, BadRequest)
def register(self, client, *args, **kwargs):
owner = self.conv.resource_owner
descs = client.dataset.build_resource_set_description(owner)
for path, desc in descs:
try:
op = ResourceSetRegistration(self.conv)
rsid = rndstr()
url, response, text = op(content=desc.to_json(), rsid=rsid)
# response should be a StatusResponse
status_resp = StatusResponse().from_json(text)
#client.register_resource_set_description(uid,
# path)
assert status_resp["status"] == "created"
client.path2rsid[path] = rsid
csi = dict(resource_set_descr=desc.to_json())
csi["_id"] = status_resp["_id"]
csi["_rev"] = status_resp["_rev"]
csi["rsid"] = rsid
client.permreg.add_resource_set_description(owner, csi)
except Exception, err:
raise
res_set_desc = ressrv.rs_handler.dataset.build_resource_set_descriptions(
RESOURCE_OWNER)
for lid, _desc in res_set_desc.items():
arg = ressrv.rs_handler.com_args(ResourceSetDescription,
"POST",
request_args=_desc,
content_type=JSON_ENCODED)
authn = arg['http_args']['headers']['Authorization']
parts = urlparse(arg['url'])
res = authzsrv.resource_set_registration_endpoint(path=parts.path,
method="POST",
authn=authn,
body=_desc.to_json())
sr = StatusResponse().from_json(res.message)
assert res.status == "201 Created"
# The resource server should keep a map between resource and AS (_rev,_id)
rsid = sr['_id']
ressrv.rs_handler.rsd_map[lid] = {'_id': rsid, 'resource_set_desc': _desc}
ressrv.rs_handler.rsid2lid[rsid] = lid
# ============================== 3 ===========================================
# The client does a first attempt at getting information from the RS
# but without a RPT it only gets information about where the AS is and a ticket.
# The RS on its side registers the necessary permission at the AS
# Assume a HTTP GET with the path+query = linda?attr=sn&attr=givenName
res_set = ressrv.rs_handler.query2permission_registration_request_primer(
def test_resource_set_registration_endpoint(self):
rsd = ResourceSetDescription(name="stuff", scopes=ALL)
# Register a resource set
resp = self.uas.resource_set_registration_endpoint_(
"alice", RSR_PATH, method="POST", body=rsd.to_json(),
client_id="12345678", if_match="xyzzy")
assert resp.status == '201 Created'
# Verify that it went OK
_stat = StatusResponse().from_json(resp.message)
_stat.verify()
rsid = _stat["_id"]
# The header Location parameter shold contain a URL that can be used
# to access the resource set description
headers = dict(resp.headers)
assert headers["Location"] == "/{}/{}".format(RSR_PATH, rsid)
_path = headers["Location"]
# list uploaded resource sets
resp = self.uas.resource_set_registration_endpoint_(
"alice", RSR_PATH, method="GET", client_id="12345678")
assert resp.status == '200 OK'
rsid_list = json.loads(resp.message)
assert len(rsid_list) == 1
assert rsid in rsid_list
# get a specific resource set
resp = self.uas.resource_set_registration_endpoint_(
"alice", _path, method="GET", client_id="12345678")
assert resp.status == '200 OK'
rset = json.loads(resp.message)
assert rsd['name'] == rset['name']
# Upload a new version
read_write = [SCOPES[s] for s in ['read', 'write']]
rsd = ResourceSetDescription(name="stuff", scopes=read_write,
type='document')
resp = self.uas.resource_set_registration_endpoint_(
"alice", _path, method="PUT", body=rsd.to_json(),
client_id="12345678")
assert resp.status == '200 OK'
# Verify that it went OK
_stat = StatusResponse().from_json(resp.message)
_stat.verify()
rsid = _stat["_id"]
# make sure the change came through
resp = self.uas.resource_set_registration_endpoint_(
"alice", _path, method="GET", client_id="12345678")
assert resp.status == '200 OK'
rset = json.loads(resp.message)
assert _eq(rset.keys(), ['name', 'scopes', 'type', '_id'])
assert rset['type'] == rsd['type']
# delete a resource set
resp = self.uas.resource_set_registration_endpoint_(
"alice", _path, method="DELETE", client_id="12345678")
assert resp.status == '204 No Content'
pat = ressrv.permreg.get("alice", "pat")
# resource description
req_args = {"name": "*****@*****.**",
"scopes": ["http_//example.com/scope/read"]}
client, (url, body, ht_args, csi) = ressrv.request_info(
"alice", ResourceSetDescription, request_args=req_args,
extra_args={"access_token": pat})
resp4 = authzsrv.resource_set_registration_endpoint("/resource_set/", "PUT",
body, "Bearer %s" % pat)
status_response = StatusResponse().from_json(resp4.message)
assert status_response["status"] == "created"
# ==================== A while later =========================================
# Try to access a resource
resp = ressrv.dataset_endpoint("/resource_set_id", "alice", {},
requestor="https://example.com/sp.xml")
# response is error response with an as_uri claim
# At this point a RPT should be sought by
idp_client = Client({}, {"client_authn_method": CLIENT_AUTHN_METHOD})
reginfo = {