def test_role_authorizer_off_ledger_signature_pass(idr_cache, req_auth): authorizer = RolesAuthorizer(cache=idr_cache) req_auth._identifier = 'id_off_ledger' authorized, reason = authorizer.authorize( req_auth, AuthConstraint(role='*', sig_count=1, off_ledger_signature=True)) assert authorized
def test_role_authorizer_off_ledger_signature_not_pass(idr_cache, req_auth): authorizer = RolesAuthorizer(cache=idr_cache) req_auth._identifier = 'id_off_ledger' authorized, reason = authorizer.authorize( req_auth, AuthConstraint(role='*', sig_count=1, off_ledger_signature=False)) assert not authorized assert "DID id_off_ledger is not found in the Ledger" in reason
def test_signed_by_author_if_more_than_1_sig(idr_cache, req_multi_signed_by_non_author): authorizer = RolesAuthorizer(cache=idr_cache) authorized, reason = authorizer.authorize( req_multi_signed_by_non_author, AuthConstraint(role=STEWARD, sig_count=1)) assert not authorized assert "Author must sign the transaction" in reason
def test_role_authorizer_authorize_with_owner(idr_cache, req_auth, is_owner): req = Request(identifier=req_auth.identifier, operation={TARGET_NYM: req_auth.identifier, TXN_TYPE: NYM}, signature='signature') authorizer = RolesAuthorizer(cache=idr_cache) authorized, reason = authorizer.authorize(req, AuthConstraint(role=STEWARD, sig_count=1, need_to_be_owner=True), AuthActionAdd(txn_type=NYM, field='some_field', value='some_value', is_owner=is_owner)) assert authorized == is_owner
def test_role_authorizer_off_ledger_signature_count_2_different_pass( idr_cache, req_auth): authorizer = RolesAuthorizer(cache=idr_cache) req_auth.signature = None req_auth.signatures = { req_auth.identifier: 'signature', 'another_id_off_ledger': 'another_signature' } authorized, reason = authorizer.authorize( req_auth, AuthConstraint(role='*', sig_count=2, off_ledger_signature=True)) assert authorized
def test_role_authorizer_not_authorize_unknown_nym(idr_cache): authorizer = RolesAuthorizer(cache=idr_cache) unknown_req_auth = Request(identifier="some_unknown_identifier", reqId=2, operation=randomOperation(), signature="signature", protocolVersion=CURRENT_PROTOCOL_VERSION) authorized, reason = authorizer.authorize(unknown_req_auth, AuthConstraint(role=TRUSTEE, sig_count=1)) assert not authorized assert reason == "sender's DID {} is not found in the Ledger".format(unknown_req_auth.identifier)
def test_role_authorizer_authorize_with_role(idr_cache, req_auth): authorizer = RolesAuthorizer(cache=idr_cache) authorized, reason = authorizer.authorize( req_auth, AuthConstraint(role="SomeRole", sig_count=1)) assert authorized
def test_role_authorizer_not_authorize_role(idr_cache, req_auth): authorizer = RolesAuthorizer(cache=idr_cache) authorized, reason = authorizer.authorize( req_auth, AuthConstraint(role="SomeOtherRole", sig_count=1)) assert not authorized assert reason == "Unknown role can not do this action"
def test_role_authorizer_not_authorize_role(idr_cache, req_auth): authorizer = RolesAuthorizer(cache=idr_cache) authorized, reason = authorizer.authorize( req_auth, AuthConstraint(role=TRUSTEE, sig_count=1)) assert not authorized assert reason == "Not enough TRUSTEE signatures"
def test_role_authorizer_not_authorize_role(idr_cache, req_auth): authorizer = RolesAuthorizer(cache=idr_cache) authorized, reason = authorizer.authorize( req_auth, AuthConstraint(role=TRUSTEE, sig_count=1)) assert not authorized assert reason == "STEWARD can not do this action"
def test_role_authorizer_not_authorize_role(idr_cache, req_auth): authorizer = RolesAuthorizer(cache=idr_cache) authorized, reason = authorizer.authorize( req_auth, AuthConstraint(role="SomeOtherRole", sig_count=1)) assert not authorized assert reason == "role is not accepted"
def test_no_sign_by_author_if_0_sig(idr_cache, req_multi_signed_by_non_author): authorizer = RolesAuthorizer(cache=idr_cache) authorized, reason = authorizer.authorize( req_multi_signed_by_non_author, AuthConstraint(role=STEWARD, sig_count=0)) assert authorized