def test_resource(self):
#Use a JWT token as id_token
id_token = self.getJWT()
#Mock resource ID
resource_id = "20248583"
#Create default policy
status, self.policyID = self.createTestPolicy(id_token, resource_id)
self.assertEqual(status, 200)
print("Create policy: Policy created with id: "+self.policyID)
del status
print("=======================")
print("")
with open('../tests/examples/request_template.json') as json_file:
data = json.load(json_file)
subject, action, resource = parser.load_request(data)
resource_id = resource.attributes[0]['Value']
action = action.attributes[0]['Value']
dict_values = {}
for i in range(0, len(subject.attributes)):
dict_values[subject.attributes[i]['AttributeId']] = subject.attributes[i]['Value']
print("Checking policy with a XACML")
j = policies_operations.validate_complete_policies(resource_id, action, dict_values)
self.assertEqual(j[0][0], True)
del j
print("=======================")
print("")
def test_pdp_delegation_forwarder_final_response(
self,
mock_validate_rule_with_conditions_false,
raise_for_status=None):
with open('../tests/examples/request_template_delegation.json'
) as json_file:
data = json.load(json_file)
subject, action_rsrc, resource = parser.load_request(data)
resource_id = resource.attributes[0]['Value']
action = action_rsrc.attributes[0]['Value']
dict_values = {}
decision = {0: [None, "http://localhost:5568/policy/validate"]}
for i in range(0, len(subject.attributes)):
dict_values[subject.attributes[i]
['AttributeId']] = subject.attributes[i]['Value']
mock_resp = mock.Mock()
mock_resp.raise_for_status = mock.Mock()
if raise_for_status:
mock_resp.raise_for_status.side_effect = raise_for_status
resp, status = response_handler.generate_response(
decision, subject.attributes, action_rsrc.attributes,
resource.attributes, "http://localhost:5567/policy/validate")
self.assertEqual(status, 200,
"Request was successfully forwarded to external pdp")
def test_pdp_validate_delegation_policies(
self,
mock_validate_rule_with_conditions_false,
raise_for_status=None):
with open('../tests/examples/request_template_delegation.json'
) as json_file:
data = json.load(json_file)
subject, action_rsrc, resource = parser.load_request(data)
resource_id = resource.attributes[0]['Value']
action = action_rsrc.attributes[0]['Value']
dict_values = {}
for i in range(0, len(subject.attributes)):
dict_values[subject.attributes[i]
['AttributeId']] = subject.attributes[i]['Value']
mock_resp = mock.Mock()
mock_resp.raise_for_status = mock.Mock()
if raise_for_status:
mock_resp.raise_for_status.side_effect = raise_for_status
decisions = policies_operations.validate_complete_policies(
resource_id, action, dict_values)
self.assertEqual(
type(decisions), dict,
"Should return a dictionary with the result decisions")
def test_pdp_validate_rule_with_conditions_true(
self,
mock_validate_rule_with_conditions_true,
raise_for_status=None):
with open('../tests/examples/request_template.json') as json_file:
data = json.load(json_file)
subject, action, resource = parser.load_request(data)
resource_id = "123456"
action = action.attributes[0]['Value']
dict_values = {}
for i in range(0, len(subject.attributes)):
dict_values[subject.attributes[i]
['AttributeId']] = subject.attributes[i]['Value']
dict_values['attemps'] = 5
mock_resp = mock.Mock()
mock_resp.raise_for_status = mock.Mock()
if raise_for_status:
mock_resp.raise_for_status.side_effect = raise_for_status
j = policies_operations.validate_complete_policies(
resource_id, action, dict_values)
self.assertEqual(j, True,
"Validate conditional policy rule should be true")
def test_pdp_validate_access_policies_action_false(
self,
mock_access_policies_resourceid_true_user_name_false,
raise_for_status=None):
with open('../tests/examples/request_template.json') as json_file:
data = json.load(json_file)
subject, action, resource = parser.load_request(data)
resource_id = resource.attributes[0]['Value']
action = "edit"
dict_values = {}
for i in range(0, len(subject.attributes)):
dict_values[subject.attributes[i]
['AttributeId']] = subject.attributes[i]['Value']
dict_values['userName'] = "******"
mock_resp = mock.Mock()
mock_resp.raise_for_status = mock.Mock()
if raise_for_status:
mock_resp.raise_for_status.side_effect = raise_for_status
j = policies_operations.validate_complete_policies(
resource_id, action, dict_values)
self.assertEqual(j, False,
"Validate access policies 3 should be false")
def test_pdp_parse_request_xacml(self):
with open('../tests/examples/request_template.json') as json_file:
data = json.load(json_file)
subject, action, resource = parser.load_request(data)
resource_id = resource.attributes[0]['Value']
user_name = subject.attributes[0]['Value']
self.assertEqual(isinstance(resource_id, str), True,
"Resource id should be a string")
self.assertEqual(isinstance(user_name, str), True,
"User name should be a string")
def __init__(self):
subject, action, resource = parser.load_request(kwargs.get('json'))
resource_id = resource.attributes[0]['Value']
if resource_id == "20248583":
r = response.Response(decision.PERMIT)
status = 200
self.response = json.dumps(r, cls=ClassEncoder), status
elif resource_id == "202485839":
r = response.Response(decision.DENY, "fail_to_permit",
"obligation-id",
"You cannot access this resource")
status = 401
self.response = json.dumps(r, cls=ClassEncoder), status
def test_resource(self):
#Use a JWT token as id_token
id_token = self.getJWT()
#Mock resource ID
resource_id = "20248592"
#Insert
delegate = "http://localhost:6667/policy/validate"
#Create default policy
status, self.policyID = self.createTestFederatedPolicy(
id_token, resource_id, delegate)
self.assertEqual(status, 200)
print("Create policy: Policy created with id: " + self.policyID)
del status
print("=======================")
print("")
with open('../tests/examples/request_template_delegation.json'
) as json_file:
data = json.load(json_file)
subject, action, resource = parser.load_request(data)
resource_id = resource.attributes[0]['Value']
action = action.attributes[0]['Value']
dict_values = {}
for i in range(0, len(subject.attributes)):
dict_values[subject.attributes[i]
['AttributeId']] = subject.attributes[i]['Value']
print("Checking policy for delegation decision signature")
j = policies_operations.validate_complete_policies(
resource_id, action, dict_values)
self.assertEqual(j[0][0], None)
self.assertEqual(str(j[0][1]), delegate)
del j
print("=======================")
print("")
def test_pdp_validate_invalid_issuer(self,
mock_validate_invalid_issuer,
raise_for_status=None):
with open(
'../tests/examples/request_template_issuer.json') as json_file:
data = json.load(json_file)
subject, action, resource = parser.load_request(data)
subject.attributes[0]['Issuer'] = "https://test.eoepca.io"
mock_resp = mock.Mock()
mock_resp.raise_for_status = mock.Mock()
if raise_for_status:
mock_resp.raise_for_status.side_effect = raise_for_status
handler_status_issuer = ScimHandler.get_instance().modifyAuthServerUrl(
subject.attributes[0]['Issuer'])
self.assertEqual(handler_status_issuer, False,
"Validate issuer should be false")
def test_pdp_parse_request_xacml_multiple_resources(self):
with open('../tests/examples/request_template.json') as json_file:
data = json.load(json_file)
data["Request"]["Resource"].append({
"Attribute": [{
"AttributeId": "resource-id",
"Value": "20248583",
"DataType": "string",
"IncludeInResult": "True"
}]
})
subject, action, resource = parser.load_request(data)
resource_id = resource.attributes[0]['Value']
user_name = subject.attributes[0]['Value']
self.assertEqual(isinstance(resource_id, list), True,
"Resource id should be a list")
self.assertEqual(isinstance(user_name, str), True,
"User name should be a string")
def validate_resource():
xacml = request.json
if not validate_json(xacml):
print("Invalid xacml received")
return "Valid JSON data is required", 400
subject, action_rsrc, resource = parser.load_request(xacml)
resource_id = resource.attributes[0]['Value']
user_name = subject.attributes[0]['Value']
action = action_rsrc.attributes[0]['Value']
#To be expanded when implementing more complex policies
if "Issuer" in subject.attributes[0].keys():
issuer = subject.attributes[0]['Issuer']
else:
issuer = None
handler_status_issuer = None
if issuer is not None:
handler_status_issuer, handler_issuer_message = ScimHandler.get_instance(
).modifyAuthServerUrl(issuer)
#For now it serves only as a check if the user attributes were reachable on the AS
#handler_user_attributes uses this schema: https://gluu.org/docs/gluu-server/4.1/api-guide/scim-api/#/definitions/User
# Call to be used later in development
try:
if handler_status_issuer == 200 or (issuer is None):
handler_status, handler_user_attributes = ScimHandler.get_instance(
).getUserAttributes(user_name)
if not isinstance(handler_user_attributes, dict):
print(handler_user_attributes +
", using attributes from the XACML request instead...")
handler_user_attributes = {}
for i in range(0, len(subject.attributes)):
handler_user_attributes[subject.attributes[i][
'AttributeId']] = subject.attributes[i]['Value']
if issuer is None:
handler_user_attributes['issuer'] = validate_auth_server_url()
else:
handler_user_attributes['issuer'] = issuer
else:
handler_user_attributes = {}
raise Exception()
except Exception as e:
print("Error While retrieving the user attributes")
# Pending: Complete when xacml receives several resources
if isinstance(resource_id, list):
for resource_from_list in resource.attributes[0]['Value']:
result_validation, delegate_addr = policies_operations.validate_complete_policies(
resource_from_list, action, handler_user_attributes)
if result_validation:
break
else:
decisions = policies_operations.validate_complete_policies(
resource_id, action, handler_user_attributes)
resp, status = response_handler.generate_response(decisions,
subject.attributes,
action_rsrc.attributes,
resource.attributes,
request.base_url)
return json.dumps(resp, cls=ClassEncoder), status
