def test_ssh_success(vo, rest_client): """AUTHENTICATION (REST): SSH RSA public key exchange (correct credentials).""" root = InternalAccount('root', vo=vo) try: add_account_identity(PUBLIC_KEY, IdentityType.SSH, root, email='*****@*****.**') except Duplicate: pass # might already exist, can skip headers_dict = {'X-Rucio-Account': 'root'} response = rest_client.get('/auth/ssh_challenge_token', headers=headers(hdrdict(headers_dict), vohdr(vo))) assert response.status_code == 200 assert 'challenge-' in response.headers.get('X-Rucio-SSH-Challenge-Token') signature = ssh_sign(PRIVATE_KEY, response.headers.get('X-Rucio-SSH-Challenge-Token')) headers_dict = { 'X-Rucio-Account': 'root', 'X-Rucio-SSH-Signature': signature } response = rest_client.get('/auth/ssh', headers=headers(hdrdict(headers_dict), vohdr(vo))) assert response.status_code == 200 assert len(response.headers.get('X-Rucio-Auth-Token')) > 32 del_account_identity(PUBLIC_KEY, IdentityType.SSH, root)
def test_list_scope(rest_client, auth_token): """ SCOPE (REST): send a GET list all scopes for one account """ tmp_val = account_name_generator() headers_dict = {'Rucio-Type': 'user', 'X-Rucio-Account': 'root'} data = {'type': 'USER', 'email': '*****@*****.**'} response = rest_client.post('/accounts/%s' % tmp_val, headers=headers(auth(auth_token), hdrdict(headers_dict)), json=data) assert response.status_code == 201 scopes = [scope_name_generator() for _ in range(5)] for scope in scopes: response = rest_client.post('/accounts/%s/scopes/%s' % (tmp_val, scope), headers=headers(auth(auth_token)), json={}) assert response.status_code == 201 response = rest_client.get('/accounts/%s/scopes/' % tmp_val, headers=headers(auth(auth_token))) assert response.status_code == 200 svr_list = loads(response.get_data(as_text=True)) for scope in scopes: assert scope in svr_list
def test_saml_fail(vo, rest_client): """AUTHENTICATION (REST): SAML Username and password (wrong credentials).""" headers_dict = {'X-Rucio-Account': 'root'} userpass = {'username': '******', 'password': '******'} response = rest_client.get('/auth/saml', headers=headers(hdrdict(headers_dict), vohdr(vo))) if not response.headers.get('X-Rucio-Auth-Token'): SAML_auth_url = response.headers.get('X-Rucio-SAML-Auth-URL') response = session().post(SAML_auth_url, data=userpass, verify=False, allow_redirects=True) response = rest_client.get('/auth/saml', headers=headers(hdrdict(headers_dict))) assert response.status_code == 401
def check_error_api(params, exception_class, exception_message, code): headers_dict = {'X-Rucio-Type': 'user', 'X-Rucio-Account': 'root'} response = rest_client.get('/requests/list', query_string=params, headers=headers(auth(auth_token), vohdr(vo), hdrdict(headers_dict))) assert response.status_code == code body = parse_response(response.get_data(as_text=True)) assert body['ExceptionClass'] == exception_class assert body['ExceptionMessage'] == exception_message
def check_correct_api(params, expected_requests): headers_dict = {'X-Rucio-Type': 'user', 'X-Rucio-Account': 'root'} response = rest_client.get('/requests/list', query_string=params, headers=headers(auth(auth_token), vohdr(vo), hdrdict(headers_dict))) assert response.status_code == 200 requests = set() for request in response.get_data(as_text=True).split('\n')[:-1]: request = parse_response(request) requests.add((request['state'], request['source_rse_id'], request['dest_rse_id'], request['name'])) assert requests == expected_requests
def test_userpass(rest_client, auth_token): """ ACCOUNT (REST): send a POST to add an identity to an account.""" username = uuid() # normal addition headers_dict = { 'X-Rucio-Username': username, 'X-Rucio-Password': '******', 'X-Rucio-Email': 'email' } response = rest_client.put('/identities/root/userpass', headers=headers(auth(auth_token), hdrdict(headers_dict))) assert response.status_code == 201
def test_ssh_fail(vo, rest_client): """AUTHENTICATION (REST): SSH RSA public key exchange (wrong credentials).""" root = InternalAccount('root', vo=vo) try: add_account_identity(PUBLIC_KEY, IdentityType.SSH, root, email='*****@*****.**') except Duplicate: pass # might already exist, can skip signature = ssh_sign(PRIVATE_KEY, 'sign_something_else') headers_dict = { 'X-Rucio-Account': 'root', 'X-Rucio-SSH-Signature': signature } response = rest_client.get('/auth/ssh', headers=headers(hdrdict(headers_dict), vohdr(vo))) assert response.status_code == 401 del_account_identity(PUBLIC_KEY, IdentityType.SSH, root)