def test_get_requests(self): ad0 = AuthzDescription(resource_set_id='rsid0', scopes=['read', 'write']) ad1 = AuthzDescription(resource_set_id='rsid0', scopes=['read', 'exec']) self.perm_db.set('alice', 'rpt0', ad0) self.perm_db.set('alice', 'rpt1', ad1) _spec = self.perm_db.keys('alice') assert _eq(_spec, ['rpt0', 'rpt1'])
def test_alice_client_read(tmpdir): root_dir = os.path.join(tmpdir.strpath, "resource/") jrs = JsonResourceServer(root_dir, "info/", "https://example.com") create_alice_resource(jrs) body = json.dumps({"bar": "soap"}) environ = { "REQUEST_METHOD": "GET", "REMOTE_USER": "******", 'wsgi.input': StringIO(body), "CONTENT_LENGTH": len(body) } ad = AuthzDescription(resource_set_id=0, scopes=DEF_SCOPES, expires_at=epoch_in_a_while(minutes=45)) ir = IntrospectionResponse(valid=True, expires_at=epoch_in_a_while(minutes=45), issued_at=utc_time_sans_frac, permissions=[ad]) resp = jrs.do("info/alice/1", environ, permission=ir) assert not isinstance(resp, ErrorResponse) assert isinstance(resp, Response)
def test_roger_patch(tmpdir): root_dir = os.path.join(tmpdir.strpath, "resource/") jrs = JsonResourceServer(root_dir, "info/", "https://example.com") create_alice_resource(jrs) body = json.dumps({"bar": "soap"}) environ = { "REQUEST_METHOD": "PATCH", "REMOTE_USER": "******", 'wsgi.input': StringIO(body), "CONTENT_LENGTH": len(body) } ad = AuthzDescription(resource_set_id=0, scopes=[ "http://dirg.org.umu.se/uma/scopes/read", "http://dirg.org.umu.se/uma/scopes/patch" ], expires_at=epoch_in_a_while(minutes=45)) ir = IntrospectionResponse(valid=True, expires_at=epoch_in_a_while(minutes=45), issued_at=utc_time_sans_frac, permissions=[ad]) resp = jrs.do("info/alice/1", environ, permission=ir) assert not isinstance(resp, ErrorResponse) assert resp.message == '{"_id": "1"}'
def test_delete_request_by_resource_id(self): ad0 = AuthzDescription(resource_set_id='rsid0', scopes=['read', 'write']) ad1 = AuthzDescription(resource_set_id='rsid1', scopes=['read', 'exec']) self.perm_db.set('alice', 'rpt_roger', ad0) self.perm_db.set('alice', 'rpt_bob1', ad0) self.perm_db.set('alice', 'rpt_bob2', ad1) self.perm_db.delete_rsid('alice', 'rsid0') _spec = self.perm_db.keys('alice') assert _spec == ['rpt_bob2'] _spec = self.perm_db.get('alice', 'rpt_bob2') assert len(_spec) == 1
def register_permission(self, owner, rpt, rsid, scopes): now = utc_time_sans_frac() perm = AuthzDescription(resource_set_id=rsid, scopes=scopes, exp=now + self.session.lifetime, iat=now) self.permit.set_accepted(owner, rpt, perm)
def test_permisson_get(self): ad = AuthzDescription(resource_set_id='rsid0', scopes=['read', 'write']) self.perm_db.set('alice', 'rpt', ad) _spec = self.perm_db.get('alice', 'rpt') assert _spec[0]["scopes"] == ['read', 'write'] assert _spec[0]['resource_set_id'] == 'rsid0'
def test_permisson_get_fail(self): ad = AuthzDescription(resource_set_id='rsid', scopes=['read', 'write']) self.perm_db.set('alice', 'rpt', ad) with pytest.raises(KeyError): self.perm_db.get('alice', 'rsid') with pytest.raises(KeyError): self.perm_db.get('alice', 'xxxx')
def register_permission(self, owner, rpt, rsid, scopes): """ :param owner: Resource owner :param rpt: Requesting party token :param rsid: Resource set id :param scopes: list of scopes """ now = utc_time_sans_frac() authz = AuthzDescription(resource_set_id=rsid, scopes=scopes, exp=now + self.authzdesc_lifetime, iat=now) self.permit.set(owner, rpt, authz)
def test_roger_read(tmpdir): root_dir = os.path.join(tmpdir.strpath, "resource/") jrs = JsonResourceServer(root_dir, "info/", "https://example.com") create_alice_resource(jrs) environ = {"REQUEST_METHOD": "GET", "REMOTE_USER": "******"} ad = AuthzDescription(resource_set_id=0, scopes=["http://dirg.org.umu.se/uma/scopes/read"], expires_at=epoch_in_a_while(minutes=45)) ir = IntrospectionResponse(valid=True, expires_at=epoch_in_a_while(minutes=45), issued_at=utc_time_sans_frac, permissions=[ad]) resp = jrs.do("info/alice/1", environ, permission=ir) assert not isinstance(resp, ErrorResponse) assert resp.message in [ '{"foo": "bar", "_id": 1}', '{"_id": 1, "foo": "bar"}' ]
def test_roger_create(): jrs = JsonResourceServer("resource/", "info/", "https://example.com") body = json.dumps({"bar": "soap"}) environ = { "REQUEST_METHOD": "POST", "REMOTE_USER": "******", 'wsgi.input': StringIO(body), "CONTENT_LENGTH": len(body) } ad = AuthzDescription(resource_set_id=0, scopes=["http://dirg.org.umu.se/uma/scopes/read"], expires_at=epoch_in_a_while(minutes=45)) ir = IntrospectionResponse(valid=True, expires_at=epoch_in_a_while(minutes=45), issued_at=utc_time_sans_frac, permissions=[ad]) resp = jrs.do("info/alice/1", environ, permission=ir) assert isinstance(resp, ErrorResponse)
def test_1(): authz_db = AuthzDB(AuthzDescription, DB_NAME, COLLECTION) authz_db.restart(COLLECTION) rsd = AuthzDescription( resource_set_id="https://idp.catalogix.se/id/[email protected]", entity="https://lingon.ladok.umu.se:8087/sp.xml", scopes=[ "%s/givenName/Roland" % ATTR, "%s/surName/Hedberg" % ATTR, "%s/displayName/Roland%%20Hedberg" % ATTR, "%s/cn/Roland%%20Hedberg" % ATTR, "%s/eduPersonScopedAffiliation/[email protected]" % ATTR, "%s/eduPersonScopedAffiliation/[email protected]" % ATTR, "%s/eduPersonScopedAffiliation/[email protected]" % ATTR ], ) rid = authz_db.store(rsd.to_json()) item = authz_db.read(rid) assert item assert isinstance(item, AuthzDescription) for key, val in list(rsd.items()): assert key in item assert item[key] == val try: authz_db.read("phoney") assert False except UnknownObject: pass except BSONError: pass res = authz_db.match( resource_set_id="https://idp.catalogix.se/id/[email protected]", entity="https://lingon.ladok.umu.se:8087/sp.xml") assert res res = authz_db.match( resource_set_id="https://idp.catalogix.se/id/[email protected]", entity="https://lingon.ladok.umu.se:8087/sp.xml", scopes=["%s/givenName/Roland" % ATTR]) assert res res = authz_db.match( resource_set_id="https://idp.catalogix.se/id/[email protected]", entity="https://lingon.ladok.umu.se:8087/sp.xml", scopes=["%s/sn/Magnusson" % ATTR]) assert res is False res = authz_db.match( resource_set_id="https://idp.catalogix.se/id/[email protected]", entity="https://lingon.catalogix.se:8087/sp.xml") assert res is False
def construct_authz_desc(rsid, scopes, lifetime=3600): now = utc_time_sans_frac() return AuthzDescription(resource_set_id=rsid, scopes=scopes, exp=now + lifetime, iat=now)