def test_create_and_get_namespace(service_port, mongo): storage = get_storage_instance(mongo) t = Token('foobar') # fail to create a namespace r = requests.put('http://localhost:' + service_port + '/api/v1/namespace/myns', headers={'Authorization': 'local ' + t.token}) assert_json_error_correct( r.json(), { 'error': { 'httpcode': 401, 'httpstatus': 'Unauthorized', 'appcode': 10020, 'apperror': 'Invalid token', 'message': '10020 Invalid token' } }) assert r.status_code == 401 # succeed at creating a namespace storage.create_local_user(Username('user1'), t.get_hashed_token()) storage.set_local_user_as_admin(Username('user1'), True) r = requests.put('http://localhost:' + service_port + '/api/v1/namespace/myns', headers={'Authorization': 'local ' + t.token}) assert r.status_code == 204 # get the namespace with a populated user list r = requests.get('http://localhost:' + service_port + '/api/v1/namespace/myns', headers={'Authorization': 'local ' + t.token}) assert r.json() == { 'namespace': 'myns', 'publicly_mappable': False, 'users': [] } assert r.status_code == 200 # fail getting a namespace r = requests.get('http://localhost:' + service_port + '/api/v1/namespace/myns1') assert_json_error_correct( r.json(), { 'error': { 'httpcode': 404, 'httpstatus': 'Not Found', 'appcode': 50010, 'apperror': 'No such namespace', 'message': '50010 No such namespace: myns1' } }) assert r.status_code == 404
def test_set_public_and_list_namespaces(service_port, mongo): storage = get_storage_instance(mongo) lut = Token('foobar') u = Username('lu') storage.create_local_user(u, lut.get_hashed_token()) priv = NamespaceID('priv') storage.create_namespace(priv) storage.add_user_to_namespace(priv, User(AuthsourceID('local'), u)) storage.set_namespace_publicly_mappable(priv, True) pub = NamespaceID('pub') storage.create_namespace(pub) storage.add_user_to_namespace(pub, User(AuthsourceID('local'), u)) r = requests.put('http://localhost:' + service_port + '/api/v1/namespace/priv/set?publicly_mappable=false', headers={'Authorization': 'local ' + lut.token}) assert r.status_code == 204 r = requests.put('http://localhost:' + service_port + '/api/v1/namespace/pub/set?publicly_mappable=true', headers={'Authorization': 'local ' + lut.token}) assert r.status_code == 204 r = requests.get('http://localhost:' + service_port + '/api/v1/namespace') assert r.json() == { 'publicly_mappable': ['pub'], 'privately_mappable': ['priv'] } r = requests.put('http://localhost:' + service_port + '/api/v1/namespace/missing/set?publicly_mappable=false', headers={'Authorization': 'local ' + lut.token}) assert_json_error_correct( r.json(), { 'error': { 'httpcode': 404, 'httpstatus': 'Not Found', 'appcode': 50010, 'apperror': 'No such namespace', 'message': '50010 No such namespace: missing' } }) assert r.status_code == 404
def test_hash_token(): t = Token('foo') ht = t.get_hashed_token() assert ht.token_hash == '2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae'
def test_mapping(service_port, mongo): storage = get_storage_instance(mongo) lut = Token('foobar') u = Username('lu') storage.create_local_user(u, lut.get_hashed_token()) priv = NamespaceID('priv') storage.create_namespace(priv) storage.add_user_to_namespace(priv, User(AuthsourceID('local'), u)) pub = NamespaceID('pub') storage.create_namespace(pub) storage.set_namespace_publicly_mappable(pub, True) # create mappings # test that the service ignores incorrect headers r = requests.put('http://localhost:' + service_port + '/api/v1/mapping/priv/pub', headers={ 'Authorization': 'local ' + lut.token, 'content-type': 'x-www-form-urlencoded' }, data=json.dumps({ 'id1': 'id2', 'id3': 'id4', 'id5': 'id6' })) assert r.status_code == 204 # fail create mappings r = requests.put('http://localhost:' + service_port + '/api/v1/mapping/priv/pub', headers={'Authorization': 'focal ' + lut.token}, data=json.dumps({'id10': 'id11'})) assert_json_error_correct( r.json(), { 'error': { 'httpcode': 404, 'httpstatus': 'Not Found', 'appcode': 50020, 'apperror': 'No such authentication source', 'message': '50020 No such authentication source: focal' } }) assert r.status_code == 404 # get mappings r = requests.get('http://localhost:' + service_port + '/api/v1/mapping/pub?separate', headers={'Authorization': 'local ' + lut.token}, data=json.dumps({'ids': ['id2', 'id4', 'id8']})) assert r.json() == { 'id2': { 'other': [{ 'ns': 'priv', 'id': 'id1' }], 'admin': [] }, 'id4': { 'other': [{ 'ns': 'priv', 'id': 'id3' }], 'admin': [] }, 'id8': { 'other': [], 'admin': [] } } # fail get mappings r = requests.get('http://localhost:' + service_port + '/api/v1/mapping/plub?separate', headers={'Authorization': 'local ' + lut.token}, data=json.dumps({'ids': ['id2', 'id4', 'id8']})) assert_json_error_correct( r.json(), { 'error': { 'httpcode': 404, 'httpstatus': 'Not Found', 'appcode': 50010, 'apperror': 'No such namespace', 'message': "50010 No such namespace: ['plub']" } }) assert r.status_code == 404 # delete mappings r = requests.delete('http://localhost:' + service_port + '/api/v1/mapping/priv/pub', headers={ 'Authorization': 'local ' + lut.token, 'content-type': 'x-www-form-urlencoded' }, data=json.dumps({ 'id1': 'id7', 'id3': 'id4', 'id5': 'id6' })) assert r.status_code == 204 # get mappings r = requests.get('http://localhost:' + service_port + '/api/v1/mapping/pub', headers={'Authorization': 'local ' + lut.token}, data=json.dumps({'ids': ['id2', 'id4']})) assert r.json() == { 'id2': { 'mappings': [{ 'ns': 'priv', 'id': 'id1' }] }, 'id4': { 'mappings': [] } } # fail delete mappings r = requests.delete('http://localhost:' + service_port + '/api/v1/mapping/pub/priv', headers={ 'Authorization': 'local ' + lut.token, 'content-type': 'x-www-form-urlencoded' }, data=json.dumps({'id2': 'id1'})) assert_json_error_correct( r.json(), { 'error': { 'httpcode': 403, 'httpstatus': 'Forbidden', 'appcode': 20000, 'apperror': 'Unauthorized', 'message': ('20000 Unauthorized: User local/lu may not administrate ' + 'namespace pub') } }) assert r.status_code == 403 # test mapping to same namespace r = requests.put('http://localhost:' + service_port + '/api/v1/mapping/priv/priv', headers={'Authorization': 'local ' + lut.token}, data=json.dumps({'id20': 'id21'})) assert r.status_code == 204 # get mappings r = requests.get('http://localhost:' + service_port + '/api/v1/mapping/priv?separate', headers={'Authorization': 'local ' + lut.token}, data=json.dumps({'ids': ['id1', 'id21', 'id20']})) assert r.json() == { 'id1': { 'admin': [{ 'ns': 'pub', 'id': 'id2' }], 'other': [] }, 'id21': { 'other': [{ 'ns': 'priv', 'id': 'id20' }], 'admin': [] }, 'id20': { 'other': [], 'admin': [{ 'ns': 'priv', 'id': 'id21' }] } }
def test_add_remove_user(service_port, mongo): storage = get_storage_instance(mongo) lut = Token('foobar') storage.create_local_user(Username('lu'), lut.get_hashed_token()) storage.set_local_user_as_admin(Username('lu'), True) storage.create_namespace(NamespaceID('myns')) # add a user # tests integration with all parts of the kbase user handler with requests_mock.Mocker(real_http=True) as m: m.get(KBASE_URL + '/api/V2/token', request_headers={'Authorization': 'mytoken'}, json={ 'user': '******', 'expires': 4800, 'cachefor': 5600 }) m.get(KBASE_URL + '/api/V2/me', request_headers={'Authorization': 'mytoken'}, json={'customroles': [KBASE_ADMIN_ROLE]}) m.get(KBASE_URL + '/api/V2/users/?list=imauser', request_headers={'Authorization': KBASE_TOKEN}, json={'imauser': '******'}) r = requests.put('http://localhost:' + service_port + '/api/v1/namespace/myns/user/kbase/imauser', headers={'Authorization': 'kbase mytoken'}) assert r.status_code == 204 # check the user is there r = requests.get('http://localhost:' + service_port + '/api/v1/namespace/myns', headers={'Authorization': 'local ' + lut.token}) assert r.json() == { 'namespace': 'myns', 'publicly_mappable': False, 'users': ['kbase/imauser'] } # fail adding the same user. The KBase info is cached now so we don't need to mock it again r = requests.put('http://localhost:' + service_port + '/api/v1/namespace/myns/user/kbase/imauser', headers={'Authorization': 'kbase mytoken'}) assert_json_error_correct( r.json(), { 'error': { 'httpcode': 400, 'httpstatus': 'Bad Request', 'appcode': 40000, 'apperror': 'User already exists', 'message': ('40000 User already exists: User kbase/imauser already ' + 'administrates namespace myns') } }) assert r.status_code == 400 # remove the user using a local admin r = requests.delete('http://localhost:' + service_port + '/api/v1/namespace/myns/user/kbase/imauser', headers={'Authorization': 'local ' + lut.token}) assert r.status_code == 204 # check the user is gone r = requests.get('http://localhost:' + service_port + '/api/v1/namespace/myns', headers={'Authorization': 'local ' + lut.token}) assert r.json() == { 'namespace': 'myns', 'publicly_mappable': False, 'users': [] } # fail removing the user with a kbase admin r = requests.delete('http://localhost:' + service_port + '/api/v1/namespace/myns/user/kbase/imauser', headers={'Authorization': 'kbase mytoken'}) assert_json_error_correct( r.json(), { 'error': { 'httpcode': 404, 'httpstatus': 'Not Found', 'appcode': 50000, 'apperror': 'No such user', 'message': ('50000 No such user: User kbase/imauser does not ' + 'administrate namespace myns') } }) assert r.status_code == 404
def get_user( self, token: Token) -> Tuple[User, bool, Optional[int], Optional[int]]: not_none(token, 'token') username, admin = self._store.get_user(token.get_hashed_token()) return (User(self.LOCAL, username), admin, None, 300)