def test_permission_registration_endpoint(self):
data = ResourceSetDescription(name="stuff", scopes=ALL).to_json()
# Register a resource set
resp = self.uas.resource_set_registration_endpoint_(
"alice", RSR_PATH, method="POST", body=data, client_id="12345678",
if_match="xyzzy")
rsid = StatusResponse().from_json(resp.message)['_id']
read_write = [SCOPES[s] for s in ['read', 'write']]
perm_reg = PermissionRegistrationRequest(resource_set_id=rsid,
scopes=read_write)
resp = self.uas.permission_registration_endpoint_(
owner="alice", request=perm_reg.to_json(), client_id="12345678")
assert isinstance(resp, Created)
# Trying to register a request with an unknown rsid
perm_reg = PermissionRegistrationRequest(
resource_set_id='0987654321', scopes=read_write)
resp = self.uas.permission_registration_endpoint_(
owner="alice", request=perm_reg.to_json(), client_id="12345678")
assert isinstance(resp, BadRequest)
def test_rpt_endpoint(self):
"""
A couple of things have to happen before any action can occur on
the rpt endpoint.
1. registration of Resource set
2. Registration of a permission request
3. Registration of an authorization
"""
# (1) register resource set
read_write = [SCOPES[s] for s in ['read', 'write']]
rsd = ResourceSetDescription(name='foo', scopes=read_write)
resp = self.uas.resource_set_registration_endpoint_(
"alice", RSR_PATH, method="POST", body=rsd.to_json(),
client_id="12345678")
rsid = StatusResponse().from_json(resp.message)['_id']
# (2) register a permission request
read_write = [SCOPES[s] for s in ['read', 'write']]
perm_reg = PermissionRegistrationRequest(resource_set_id=rsid,
scopes=read_write)
resp = self.uas.permission_registration_endpoint_(
owner="alice", request=perm_reg.to_json(), client_id="12345678")
assert isinstance(resp, Created)
ticket = json.loads(resp.message)['ticket']
# (3) registration of authorization
permission = {'resource_set_id': rsid, 'scopes': read_write,
'require': {'sub': 'roger'}}
adb = self.uas.get_adb("12345678")
adb.store_permission(permission, 'alice')
# Get an RPT. This should work
req = AuthorizationDataRequest(ticket=ticket)
resp = self.uas.rpt_endpoint_('roger', '12345678',
request=req.to_json())
assert resp
ir = introspect(_uma_client, ressrv, authzsrv)
assert ir["active"] is True
assert "permissions" not in ir
# The RS registers an Authorization request
REQ_SCOPES = ["http://its.umu.se/uma/attr/displayName"]
prr = PermissionRegistrationRequest(resource_set_id=_rsid, scopes=REQ_SCOPES)
client, url, ht_args = ressrv.register_init(RESOURCE_OWNER,
"permission_registration_endpoint",
prr, _rsid)
authninfo = ht_args["headers"]["Authorization"]
permresp = authzsrv.permission_registration_endpoint(prr.to_json(), authninfo)
created = PermissionRegistrationResponse().from_json(permresp.message)
_, kwargs = _uma_client.create_authorization_data_request(USER,
created["ticket"])
request = kwargs["data"]
authn_info = kwargs["headers"]["Authorization"]
res = authzsrv.authorization_request_endpoint(request, authn_info)
assert res.status == "200 OK"
# Now everything should be ready for accessing the resource
# The resource server will do an introspection of the RPT
ir = introspect(_uma_client, ressrv, authzsrv)
ht_args["headers"]["Authorization"])
ir = IntrospectionResponse().from_json(resp.message)
assert ir["active"] is True
assert "permissions" not in ir
# The RS registers an Authorization request
REQ_SCOPES = ["http://its.umu.se/uma/attr/displayName"]
prr = PermissionRegistrationRequest(resource_set_id=_rsid, scopes=REQ_SCOPES)
client, url, ht_args = ressrv.register_init(
RESOURCE_OWNER, "permission_registration_endpoint", prr, _rsid)
authninfo = ht_args["headers"]["Authorization"]
permresp = authzsrv.permission_registration_endpoint(prr.to_json(), authninfo)
created = PermissionRegistrationResponse().from_json(permresp.message)
_, kwargs = _uma_client.create_authorization_data_request(
USER, created["ticket"])
request = kwargs["data"]
authn_info = kwargs["headers"]["Authorization"]
res = authzsrv.authorization_request_endpoint(request, authn_info)
assert res.status == "200 OK"
# Now everything should be ready for accessing the resource
# The resource server will do an introspection of the RPT
_rpt = _uma_client.token[USER]["RPT"]
