def test_permission_registration_endpoint(self): data = ResourceSetDescription(name="stuff", scopes=ALL).to_json() # Register a resource set resp = self.uas.resource_set_registration_endpoint_( "alice", RSR_PATH, method="POST", body=data, client_id="12345678", if_match="xyzzy") rsid = StatusResponse().from_json(resp.message)['_id'] read_write = [SCOPES[s] for s in ['read', 'write']] perm_reg = PermissionRegistrationRequest(resource_set_id=rsid, scopes=read_write) resp = self.uas.permission_registration_endpoint_( owner="alice", request=perm_reg.to_json(), client_id="12345678") assert isinstance(resp, Created) # Trying to register a request with an unknown rsid perm_reg = PermissionRegistrationRequest( resource_set_id='0987654321', scopes=read_write) resp = self.uas.permission_registration_endpoint_( owner="alice", request=perm_reg.to_json(), client_id="12345678") assert isinstance(resp, BadRequest)
def test_rpt_endpoint(self): """ A couple of things have to happen before any action can occur on the rpt endpoint. 1. registration of Resource set 2. Registration of a permission request 3. Registration of an authorization """ # (1) register resource set read_write = [SCOPES[s] for s in ['read', 'write']] rsd = ResourceSetDescription(name='foo', scopes=read_write) resp = self.uas.resource_set_registration_endpoint_( "alice", RSR_PATH, method="POST", body=rsd.to_json(), client_id="12345678") rsid = StatusResponse().from_json(resp.message)['_id'] # (2) register a permission request read_write = [SCOPES[s] for s in ['read', 'write']] perm_reg = PermissionRegistrationRequest(resource_set_id=rsid, scopes=read_write) resp = self.uas.permission_registration_endpoint_( owner="alice", request=perm_reg.to_json(), client_id="12345678") assert isinstance(resp, Created) ticket = json.loads(resp.message)['ticket'] # (3) registration of authorization permission = {'resource_set_id': rsid, 'scopes': read_write, 'require': {'sub': 'roger'}} adb = self.uas.get_adb("12345678") adb.store_permission(permission, 'alice') # Get an RPT. This should work req = AuthorizationDataRequest(ticket=ticket) resp = self.uas.rpt_endpoint_('roger', '12345678', request=req.to_json()) assert resp
ir = introspect(_uma_client, ressrv, authzsrv) assert ir["active"] is True assert "permissions" not in ir # The RS registers an Authorization request REQ_SCOPES = ["http://its.umu.se/uma/attr/displayName"] prr = PermissionRegistrationRequest(resource_set_id=_rsid, scopes=REQ_SCOPES) client, url, ht_args = ressrv.register_init(RESOURCE_OWNER, "permission_registration_endpoint", prr, _rsid) authninfo = ht_args["headers"]["Authorization"] permresp = authzsrv.permission_registration_endpoint(prr.to_json(), authninfo) created = PermissionRegistrationResponse().from_json(permresp.message) _, kwargs = _uma_client.create_authorization_data_request(USER, created["ticket"]) request = kwargs["data"] authn_info = kwargs["headers"]["Authorization"] res = authzsrv.authorization_request_endpoint(request, authn_info) assert res.status == "200 OK" # Now everything should be ready for accessing the resource # The resource server will do an introspection of the RPT ir = introspect(_uma_client, ressrv, authzsrv)
ht_args["headers"]["Authorization"]) ir = IntrospectionResponse().from_json(resp.message) assert ir["active"] is True assert "permissions" not in ir # The RS registers an Authorization request REQ_SCOPES = ["http://its.umu.se/uma/attr/displayName"] prr = PermissionRegistrationRequest(resource_set_id=_rsid, scopes=REQ_SCOPES) client, url, ht_args = ressrv.register_init( RESOURCE_OWNER, "permission_registration_endpoint", prr, _rsid) authninfo = ht_args["headers"]["Authorization"] permresp = authzsrv.permission_registration_endpoint(prr.to_json(), authninfo) created = PermissionRegistrationResponse().from_json(permresp.message) _, kwargs = _uma_client.create_authorization_data_request( USER, created["ticket"]) request = kwargs["data"] authn_info = kwargs["headers"]["Authorization"] res = authzsrv.authorization_request_endpoint(request, authn_info) assert res.status == "200 OK" # Now everything should be ready for accessing the resource # The resource server will do an introspection of the RPT _rpt = _uma_client.token[USER]["RPT"]