def collection_batch_no_projects():
"""Create and commit a batch of Collection instances
without projects, for testing the update API - we cannot
assign projects to collections, only the other way around."""
collections = [CollectionFactory() for _ in range(randint(3, 5))]
for collection in collections:
ClientFactory.create_batch(randint(0, 3), collection=collection)
RoleFactory.create_batch(randint(0, 3), collection=collection)
return collections
def collection_batch():
"""Create and commit a batch of Collection instances,
with associated projects, clients and roles."""
collections = [CollectionFactory() for _ in range(randint(3, 5))]
ProjectFactory.create_batch(randint(0, 3), collections=collections)
for collection in collections:
ClientFactory.create_batch(randint(0, 3), collection=collection)
RoleFactory.create_batch(randint(0, 3), collection=collection)
return collections
def client_build(collection=None, **id):
"""Build and return an uncommitted Client instance.
Referenced scopes and/or collection are however committed."""
return ClientFactory.build(
**id,
scopes=ScopeFactory.create_batch(randint(1, 3)),
collection=collection
or (collection := CollectionFactory() if randint(0, 1) else None),
collection_id=collection.id if collection else None,
)
def client_batch(hydra_admin_api):
"""Create and commit a batch of Client instances, and create
an OAuth2 client config on Hydra for each."""
clients = []
for n in range(randint(3, 5)):
clients += [
client := ClientFactory(
scopes=(scopes := ScopeFactory.create_batch(randint(1, 3))),
is_collection_client=n in (1, 2) or randint(0, 1),
)
]
def test_user_info():
client = ClientFactory()
role1 = RoleFactory()
role2 = RoleFactory()
user = UserFactory(roles=(role1, role2))
actual_user_info = get_user_info(user.id, client.id)
expected_user_info = UserInfo(
sub=user.id,
email=user.email,
email_verified=user.verified,
name=user.name,
picture=None,
roles=[role1.id, role2.id],
)
assert expected_user_info == actual_user_info
def test_platform_roles():
scopes = ScopeFactory.create_batch(8, type='odp')
client = ClientFactory(scopes=scopes[1:7])
role1 = RoleFactory(scopes=scopes[:3])
role2 = RoleFactory(scopes=scopes[5:])
user = UserFactory(roles=(role1, role2))
actual_user_perm = get_user_permissions(user.id, client.id)
expected_user_perm = {
scope.id: '*'
for n, scope in enumerate(scopes) if n in (1, 2, 5, 6)
}
assert_compare(expected_user_perm, actual_user_perm)
actual_client_perm = get_client_permissions(client.id)
expected_client_perm = {scope.id: '*' for scope in scopes[1:7]}
assert_compare(expected_client_perm, actual_client_perm)
def test_user_info_collection_roles_and_client():
client = ClientFactory(is_collection_client=True)
role1 = RoleFactory()
role2 = RoleFactory(collection=client.collection)
role3 = RoleFactory(collection=client.collection)
role4 = RoleFactory(is_collection_role=True)
user = UserFactory(roles=(role1, role2, role3, role4))
actual_user_info = get_user_info(user.id, client.id)
expected_user_info = UserInfo(
sub=user.id,
email=user.email,
email_verified=user.verified,
name=user.name,
picture=None,
roles=[role1.id, role2.id, role3.id],
)
assert expected_user_info == actual_user_info
def test_collection_client_platform_collection_role_mix():
scopes = ScopeFactory.create_batch(8, type='odp')
client = ClientFactory(scopes=scopes[1:7], is_collection_client=True)
role1 = RoleFactory(scopes=scopes[:3])
role2 = RoleFactory(scopes=scopes[3:5], is_collection_role=True)
role3 = RoleFactory(scopes=scopes[5:], collection=client.collection)
user = UserFactory(roles=(role1, role2, role3))
actual_user_perm = get_user_permissions(user.id, client.id)
expected_user_perm = {
scope.id: [client.collection_id]
for n, scope in enumerate(scopes) if n in (1, 2, 5, 6)
}
assert_compare(expected_user_perm, actual_user_perm)
actual_client_perm = get_client_permissions(client.id)
expected_client_perm = {
scope.id: [client.collection_id]
for scope in scopes[1:7]
}
assert_compare(expected_client_perm, actual_client_perm)
def scoped_client(scopes, collection=None):
ClientFactory(
id='odp.test',
scopes=[ScopeFactory(id=s.value, type='odp') for s in scopes],
collection=collection,
)
token = OAuth2Session(
client_id='odp.test',
client_secret='secret',
scope=' '.join(s.value for s in odp.ODPScope),
).fetch_token(
f'{hydra_public_url}/oauth2/token',
grant_type='client_credentials',
timeout=1.0,
)
api_client = TestClient(app=odp.api.app)
api_client.headers = {
'Accept': 'application/json',
'Authorization': 'Bearer ' + token['access_token'],
}
return api_client
def test_collection_roles():
scopes = ScopeFactory.create_batch(8, type='odp')
client = ClientFactory(scopes=scopes[1:7])
role1 = RoleFactory(scopes=scopes[:5], is_collection_role=True)
role2 = RoleFactory(scopes=scopes[3:], is_collection_role=True)
user = UserFactory(roles=(role1, role2))
actual_user_perm = get_user_permissions(user.id, client.id)
expected_user_perm = {
scope.id: [role1.collection_id]
for n, scope in enumerate(scopes) if n in (1, 2)
} | {
scope.id: [role1.collection_id, role2.collection_id]
for n, scope in enumerate(scopes) if n in (3, 4)
} | {
scope.id: [role2.collection_id]
for n, scope in enumerate(scopes) if n in (5, 6)
}
assert_compare(expected_user_perm, actual_user_perm)
actual_client_perm = get_client_permissions(client.id)
expected_client_perm = {scope.id: '*' for scope in scopes[1:7]}
assert_compare(expected_client_perm, actual_client_perm)
def setUpClass(cls):
super(GetClientByIdTestCase, cls).setUpClass()
clients = ClientFactory.build_batch(10)
db.session.bulk_save_objects(clients)
db.session.commit()
def test_create_client_with_scopes():
scopes = ScopeFactory.create_batch(5)
client = ClientFactory(scopes=scopes)
result = Session.execute(select(ClientScope)).scalars()
assert [(row.client_id, row.scope_id, row.scope_type) for row in result] \
== [(client.id, scope.id, scope.type) for scope in scopes]
def test_create_client_with_collection():
client = ClientFactory(is_collection_client=True)
result = Session.execute(select(Client, Collection).join(Collection)).one()
assert (result.Client.id, result.Client.collection_id, result.Collection.name) \
== (client.id, client.collection.id, client.collection.name)
def test_create_client():
client = ClientFactory()
result = Session.execute(select(Client)).scalar_one()
assert (result.id, result.collection_id) == (client.id, None)