def test_auth_start_election_group_count(db_session, is_owner, is_allowed, client, logged_in_user, election_keys_foo, countable_election_group, owned_countable_election_group): """Allowed and denied scenario tests of startElectionGroupCount.""" election_group = (owned_countable_election_group(db_session, logged_in_user.person) if is_owner else countable_election_group(db_session)) variables = { 'id': str(election_group.id), 'electionKey': election_keys_foo['private'] } mutation = """ mutation startElectionGroupCount($id: UUID!, $electionKey: String!) { startElectionGroupCount(id: $id, electionKey: $electionKey) { success code } } """ execution = client.execute( mutation, variables=variables, context=get_test_context(db_session)) response = execution['data']['startElectionGroupCount'] assert response['success'] == is_allowed if not is_allowed: assert response['code'] == 'permission-denied'
def test_auth_publish_election_group(db_session, is_owner, is_publisher, is_allowed, client, logged_in_user, simple_election_group, owned_election_group, make_person_publisher): """Allowed and denied scenario of publishElectionGroup.""" election_group = (owned_election_group(db_session, logged_in_user.person) if is_owner else simple_election_group(db_session)) if is_publisher: make_person_publisher(db_session, logged_in_user.person) variables = {'id': str(election_group.id)} mutation = """ mutation ($id: UUID!) { publishElectionGroup(id: $id) { success code } } """ execution = client.execute( mutation, variables=variables, context=get_test_context(db_session)) result = execution['data']['publishElectionGroup'] assert result['success'] == is_allowed if not is_allowed: assert result['code'] == 'permission-denied'
def test_auth_update_voter_info(db_session, is_owner, is_allowed, client, logged_in_user, simple_election_group, owned_election_group): """Allowed and denied scenario tests of updateVoterInfo.""" election_group = (owned_election_group(db_session, logged_in_user.person) if is_owner else simple_election_group(db_session)) elections = [{'id': str(e.id), 'mandatePeriodStart': str(e.mandate_period_start), 'mandatePeriodEnd': str(e.mandate_period_end + datetime.timedelta(days=3))} for e in election_group.elections] variables = {'elections': elections} mutation = """ mutation ($elections: [ElectionVoterInfoInput]!) { updateVoterInfo(elections: $elections) { ok } } """ execution = client.execute( mutation, variables=variables, context=get_test_context(db_session)) response = execution['data']['updateVoterInfo'] assert response['ok'] == is_allowed
def test_auth_update_pref_elec_candidate(db_session, is_owner, is_allowed, client, logged_in_user, multiple_election_group, owned_multiple_election_group): """Allowed and denied scenario tests of updatePrefElecCandidate.""" election_group = (owned_multiple_election_group(db_session, logged_in_user.person) if is_owner else multiple_election_group(db_session)) election_list = election_group.elections[0].lists[0] candidate = election_group.elections[0].lists[0].candidates[0] new_name = '{} Testesen'.format(candidate.name) variables = { 'gender': candidate.meta['gender'], 'listId': str(election_list.id), 'id': str(candidate.id), 'name': new_name } mutation = """ mutation ($gender: String!, $listId: UUID!, $id: UUID!, $name: String!) { updatePrefElecCandidate(gender: $gender, listId: $listId, id: $id, name: $name) { ok } } """ execution = client.execute( mutation, variables=variables, context=get_test_context(db_session)) response = execution['data']['updatePrefElecCandidate'] assert response['ok'] == is_allowed
def test_allow_create_new_election_group(db_session, ou, client, logged_in_user): """ Allow and deny scenario of createNewElectionGroup. This mutations is always allowed so no need to test denying. We need to include the logged_in_user fixture to have a user to run the mutation. """ variables = { 'ouId': str(ou.id), 'template': True, 'templateName': 'uio_dean' } mutation = """ mutation ($ouId: UUID!, $template: Boolean!, $templateName: String!) { createNewElectionGroup(ouId: $ouId, template: $template, templateName: $templateName) { ok } } """ execution = client.execute( mutation, variables=variables, context=get_test_context(db_session)) response = execution['data']['createNewElectionGroup'] assert response['ok']
def test_auth_add_team_pref_elec_candidate(db_session, is_owner, is_allowed, client, logged_in_user, simple_election_group, owned_election_group): """Allowed and denied scenario tests of addTeamPrefElecCandidate.""" election_group = (owned_election_group(db_session, logged_in_user.person) if is_owner else simple_election_group(db_session)) election_list = election_group.elections[0].lists[0] variables = { 'coCandidates': [{'name': 'Test Testemeresen'}], 'listId': str(election_list.id), 'name': 'Test Testesen' } mutation = """ mutation ($coCandidates: [CoCandidatesInput]!, $listId: UUID!, $name: String!) { addTeamPrefElecCandidate(coCandidates: $coCandidates, listId: $listId , name: $name) { ok } } """ execution = client.execute( mutation, variables=variables, context=get_test_context(db_session)) response = execution['data']['addTeamPrefElecCandidate'] assert response['ok'] == is_allowed
def test_auth_add_pref_elec_candidate(db_session, is_owner, is_allowed, client, logged_in_user, multiple_election_group, owned_multiple_election_group): """Allowed and denied scenario tests of addPrefElecCandidate.""" election_group = (owned_multiple_election_group(db_session, logged_in_user.person) if is_owner else multiple_election_group(db_session)) election_list = election_group.elections[0].lists[0] variables = { 'gender': 'female', 'listId': str(election_list.id), 'name': 'Test Testesen' } mutation = """ mutation ($gender: String!, $listId: UUID!, $name: String!) { addPrefElecCandidate(gender: $gender, listId: $listId , name: $name) { ok } } """ execution = client.execute( mutation, variables=variables, context=get_test_context(db_session)) response = execution['data']['addPrefElecCandidate'] assert response['ok'] == is_allowed
def test_auth_add_voter_by_person_id(db_session, is_owner, is_allowed, client, logged_in_user, simple_person, simple_election_group, owned_election_group): """Allowed and denied scenario tests of addVoterByPersonId.""" election_group = (owned_election_group(db_session, logged_in_user.person) if is_owner else simple_election_group(db_session)) pollbook = election_group.elections[0].pollbooks[0] variables = { 'personId': str(simple_person(db_session).id), 'pollbookId': str(pollbook.id) } mutation = """ mutation ($personId: UUID!, $pollbookId: UUID!) { addVoterByPersonId(personId: $personId, pollbookId: $pollbookId) { id } } """ execution = client.execute( mutation, variables=variables, context=get_test_context(db_session)) response = execution['data']['addVoterByPersonId'] assert (response is not None) == is_allowed
def test_auth_update_voter_pollbook(db_session, is_owner, is_allowed, client, logged_in_user, simple_election_group, owned_election_group): """Allowed and denied scenario tests of updateVoterPollbook.""" election_group = (owned_election_group(db_session, logged_in_user.person) if is_owner else simple_election_group(db_session)) pollbook_1 = election_group.elections[0].pollbooks[0] pollbook_2 = election_group.elections[0].pollbooks[1] voter = next(x for x in pollbook_1.voters if not x.self_added) variables = {'id': str(voter.id), 'pollbookId': str(pollbook_2.id)} mutation = """ mutation ($id: UUID!, $pollbookId: UUID!) { updateVoterPollbook(id: $id, pollbookId: $pollbookId) { ok } } """ execution = client.execute( mutation, variables=variables, context=get_test_context(db_session)) response = execution['data']['updateVoterPollbook'] assert response['ok'] == is_allowed
def test_auth_add_voter_by_identifier(db_session, is_owner, is_allowed, client, logged_in_user, simple_person, simple_election_group, owned_election_group): """Allowed and denied scenario tests of addVoterByIdentifier.""" election_group = (owned_election_group(db_session, logged_in_user.person) if is_owner else simple_election_group(db_session)) pollbook = election_group.elections[0].pollbooks[0] feide_id = next(i for i in simple_person(db_session).identifiers if i.id_type == 'feide_id') variables = { 'idType': feide_id.id_type, 'idValue': feide_id.id_value, 'pollbookId': str(pollbook.id) } mutation = """ mutation ($idType: PersonIdType!, $idValue: String!, $pollbookId: UUID!) { addVoterByIdentifier(idType: $idType, idValue: $idValue, pollbookId: $pollbookId) { id } } """ execution = client.execute( mutation, variables=variables, context=get_test_context(db_session)) response = execution['data']['addVoterByIdentifier'] assert (response is not None) == is_allowed
def test_update_voter_reason(db_session, as_logged_in_user, is_allowed, client, logged_in_user, logged_in_votable_election_group): """Allow and deny scenarios for updateVoterReason.""" election_group = logged_in_votable_election_group( db_session, logged_in_user.person) pollbook = election_group.elections[0].pollbooks[0] logged_in_feide_id = next(x.id_value for x in logged_in_user.person.identifiers if x.id_type == 'feide_id') if as_logged_in_user: voter = next(x for x in pollbook.voters if x.id_value == logged_in_feide_id) else: voter = next(x for x in pollbook.voters if x.id_value != logged_in_feide_id) variables = {'id': str(voter.id), 'reason': 'Test 123'} mutation = """ mutation ($id: UUID!, $reason: String!) { updateVoterReason(id: $id, reason: $reason) { ok } } """ execution = client.execute( mutation, variables=variables, context=get_test_context(db_session)) response = execution['data']['updateVoterReason'] assert response['ok'] == is_allowed
def test_auth_delete_voter(db_session, is_owner, is_allowed, client, logged_in_user, simple_election_group, owned_election_group): """Allow and deny scenarios for deleteVoter.""" election_group = (owned_election_group(db_session, logged_in_user.person) if is_owner else simple_election_group(db_session)) voters = election_group.elections[0].pollbooks[0].voters voter = next(x for x in voters if not x.self_added) variables = {'id': str(voter.id)} mutation = """ mutation ($id: UUID!) { deleteVoter(id: $id) { ok } } """ execution = client.execute( mutation, variables=variables, context=get_test_context(db_session)) response = execution['data']['deleteVoter'] assert response['ok'] == is_allowed
def test_auth_remove_election_group_role_by_grant(db_session, is_owner, is_allowed, client, logged_in_user, election_group_grant, owned_election_group_grant): """Allow and deny scenarios for removeElectionGroupRoleByGrant.""" grant = (owned_election_group_grant(db_session, logged_in_user.person) if is_owner else election_group_grant(db_session)) variables = {'grantId': str(grant.grant_id)} mutation = """ mutation ($grantId: UUID!) { removeElectionGroupRoleByGrant(grantId: $grantId) { success code } } """ execution = client.execute( mutation, variables=variables, context=get_test_context(db_session)) response = execution['data']['removeElectionGroupRoleByGrant'] assert response['success'] == is_allowed if not is_allowed: assert response['code'] == 'permission-denied'
def test_auth_update_voting_periods(db_session, is_owner, is_allowed, client, logged_in_user, multiple_election_group, owned_multiple_election_group): """Allowed and denied scenario tests of updateVotingPeriods.""" election_group = (owned_multiple_election_group( db_session, logged_in_user.person) if is_owner else multiple_election_group(db_session)) elections = [{'id': str(e.id), 'start': str(e.start - datetime.timedelta(days=3)), 'end': str(e.end)} for e in election_group.elections] variables = {'hasMultipleTimes': False, 'elections': elections} mutation = """ mutation ($hasMultipleTimes: Boolean!, $elections: [ElectionVotingPeriodInput]!) { updateVotingPeriods(hasMultipleTimes: $hasMultipleTimes, elections: $elections) { ok } } """ execution = client.execute( mutation, variables=variables, context=get_test_context(db_session)) response = execution['data']['updateVotingPeriods'] assert response['ok'] == is_allowed
def test_auth_person_with_multiple_verified_voters_deny( db_session, client, logged_in_user, votable_election_group): """Test auth for the electionGroup query.""" election_group = votable_election_group(db_session) variables = {'id': str(election_group.id)} execution = client.execute(queries['personsWithMultipleVerifiedVoters'], variables=variables, context=get_test_context(db_session)) response = execution['data']['personsWithMultipleVerifiedVoters'] assert not response
def test_auth_election_template(db_session, client): """ Test auth for the electionTemplate query. Always allowed. """ execution = client.execute(queries['electionTemplate'], context=get_test_context(db_session)) response = execution['data']['electionTemplate'] assert response
def test_auth_election_group_owned(db_session, client, logged_in_user, owned_election_group): """Test auth for the electionGroup query.""" election_group = owned_election_group(db_session, logged_in_user.person) variables = {'id': str(election_group.id)} execution = client.execute(queries['electionGroup'], variables=variables, context=get_test_context(db_session)) response = execution['data']['electionGroup'] validate_election_group_info(response, True)
def test_auth_election_group_key_meta_not_owned(db_session, client, logged_in_user, votable_election_group): """Test auth for the electionGroup query.""" election_group = votable_election_group(db_session) variables = {'id': str(election_group.id)} execution = client.execute(queries['electionGroupKeyMeta'], variables=variables, context=get_test_context(db_session)) assert not execution['data']['electionGroupKeyMeta']
def test_auth_master_keys(db_session, client, master_key): """ Test auth for the masterKeys query. Always allowed. """ private_key, master_key = master_key(db_session) execution = client.execute(queries['masterKeys'], context=get_test_context(db_session)) response = execution['data']['masterKeys'] assert len(response) == 1 assert response[0]['publicKey'] == master_key.public_key
def test_auth_election_groups_votable(db_session, client, logged_in_user, simple_election_group, votable_election_group): """Test auth for the electionGroup query.""" # Visible votable_election_group(db_session) # Not visible simple_election_group(db_session) execution = client.execute(queries['electionGroups'], context=get_test_context(db_session)) print(execution) response = execution['data']['electionGroups'] assert len(response) == 1
def test_auth_election_group_key_meta_owned(db_session, client, logged_in_user, owned_votable_election_group): """Test auth for the electionGroup query.""" election_group = owned_votable_election_group(db_session, logged_in_user.person) variables = {'id': str(election_group.id)} execution = client.execute(queries['electionGroupKeyMeta'], variables=variables, context=get_test_context(db_session)) response = execution['data']['electionGroupKeyMeta'] assert response['generatedAt'] validate_person_return_data(response['generatedBy'], True)
def test_auth_search_voters_not_owned(db_session, client, logged_in_user, votable_election_group): """Test auth for the electionGroup query.""" election_group = votable_election_group(db_session) voter = election_group.elections[0].pollbooks[0].voters[0] variables = { 'electionGroupId': str(election_group.id), 'search': voter.id_value } execution = client.execute(queries['searchVoters'], variables=variables, context=get_test_context(db_session)) assert execution['data']['searchVoters'] == [None]
def test_auth_election_group_counting_results_not_owned( db_session, client, logged_in_user, counted_election_group): """Test auth for the electionGroup query.""" election_group = counted_election_group(db_session) variables = {'id': str(election_group.id)} execution = client.execute(queries['electionGroupCountingResults'], variables=variables, context=get_test_context(db_session)) response = execution['data']['electionGroupCountingResults'] assert len(response) == 1 assert response[0]['id'] assert not response[0]['groupId'] assert not response[0]['initiatedAt'] assert not response[0]['finishedAt'] assert not response[0]['status']
def test_auth_election_group_count_owned(db_session, client, logged_in_user, owned_counted_election_group): """Test auth for the electionGroup query.""" election_group = owned_counted_election_group(db_session, logged_in_user.person) count = get_latest_election_group_count(db_session, election_group.id) variables = {'id': str(count.id)} execution = client.execute(queries['electionGroupCount'], variables=variables, context=get_test_context(db_session)) response = execution['data']['electionGroupCount'] assert response['id'] assert response['groupId'] assert response['initiatedAt'] assert response['finishedAt'] assert response['status']
def test_auth_person_for_voter_not_in_my_election(client, db_session, logged_in_user, simple_election_group, simple_person): """Test that we are not allowed to lookup the person for voter.""" election_group = simple_election_group(db_session) pollbook = election_group.elections[0].pollbooks[0] person = simple_person(db_session) voter_policy = ElectionVoterPolicy(db_session) voter = voter_policy.add_voter(pollbook, person, self_added=False) variables = {'voterId': str(voter.id)} execution = client.execute(queries['personForVoter'], variables=variables, context=get_test_context(db_session)) response = execution['data']['personForVoter'] validate_person_return_data(response, False)
def test_auth_vote(db_session, is_owner, as_logged_in_user, is_allowed, client, blank_pref_election_ballot_data, votable_election_group, logged_in_votable_election_group, owned_logged_in_votable_election_group, owned_votable_election_group, logged_in_user): """Allow and deny scenarios for vote.""" if as_logged_in_user: election_group = (owned_logged_in_votable_election_group( db_session, logged_in_user.person) if is_owner else logged_in_votable_election_group( db_session, logged_in_user.person)) else: election_group = (owned_votable_election_group( db_session, logged_in_user.person) if is_owner else votable_election_group(db_session)) pollbook = election_group.elections[0].pollbooks[0] logged_in_feide_id = next(x.id_value for x in logged_in_user.person.identifiers if x.id_type == 'feide_id') if as_logged_in_user: voter = next(x for x in pollbook.voters if x.id_value == logged_in_feide_id) else: voter = pollbook.voters[0] variables = { 'voterId': str(voter.id), 'ballot': json.dumps(blank_pref_election_ballot_data) } mutation = """ mutation ($voterId: UUID!, $ballot: JSONString!) { vote(voterId: $voterId, ballot: $ballot) { ballotId ok } } """ execution = client.execute( mutation, variables=variables, context=get_test_context(db_session)) response = execution['data']['vote'] assert response['ok'] == is_allowed
def test_auth_search_voters_owned(db_session, client, logged_in_user, owned_votable_election_group): """Test auth for the electionGroup query.""" election_group = owned_votable_election_group(db_session, logged_in_user.person) voter = election_group.elections[0].pollbooks[0].voters[0] variables = { 'electionGroupId': str(election_group.id), 'search': voter.id_value } execution = client.execute(queries['searchVoters'], variables=variables, context=get_test_context(db_session)) response = execution['data']['searchVoters'] assert len(response) == 1 assert response[0]['id'] assert response[0]['idValue'] == voter.id_value assert response[0]['idType'] == voter.id_type
def test_auth_voters_for_person_in_my_election(client, db_session, logged_in_user, owned_election_group, simple_person): """Test that we are allowed to lookup the person in owned election.""" election_group = owned_election_group(db_session, logged_in_user.person) pollbook = election_group.elections[0].pollbooks[0] person = simple_person(db_session) voter_policy = ElectionVoterPolicy(db_session) voter = voter_policy.add_voter(pollbook, person, self_added=False) variables = {'id': str(person.id)} execution = client.execute(queries['votersForPerson'], variables=variables, context=get_test_context(db_session)) response = execution['data']['votersForPerson'] assert len(response) == 1 validate_voter_return_data(response[0], True)
def test_auth_election_result_not_owned(db_session, client, logged_in_user, counted_election_group): """Test auth for the electionGroup query.""" election_group = counted_election_group(db_session) count = get_latest_election_group_count(db_session, election_group.id) election_result = count.election_results[0] variables = {'id': str(election_result.id)} execution = client.execute(queries['electionResult'], variables=variables, context=get_test_context(db_session)) response = execution['data']['electionResult'] assert response['id'] assert not response['electionProtocol'] assert not response['ballots'] assert not response['electionId'] assert not response['electionGroupCountId'] assert not response['result'] assert not response['pollbookStats'] assert not response['ballotsWithMetadata']
def test_auth_upload_census_file(db_session, is_owner, is_allowed, client, logged_in_user, simple_election_group, owned_election_group, feide_id_plane_text_census_builder, celery_app, monkeypatch): """Allow and deny scenarios for uploadCensusFile.""" # Mokeypatch away the celery job. monkeypatch.setattr( 'evalg.tasks.flask_celery.make_celery', lambda a: celery_app) monkeypatch.setattr( 'evalg.tasks.celery_worker.import_census_file_task.delay', lambda x, y: f"Patched {x}-{y}") election_group = (owned_election_group(db_session, logged_in_user.person) if is_owner else simple_election_group(db_session)) pollbook = election_group.elections[0].pollbooks[0] variables = { 'censusFile': feide_id_plane_text_census_builder.files['file'], 'pollbookId': str(pollbook.id) } mutation = """ mutation ($censusFile: Upload!, $pollbookId: UUID!) { uploadCensusFile(censusFile: $censusFile, pollbookId: $pollbookId) { success code numFailed numOk } } """ execution = client.execute( mutation, variables=variables, context=get_test_context(db_session)) response = execution['data']['uploadCensusFile'] assert response['success'] == is_allowed if not is_allowed: assert response['code'] == 'permission-denied'