예제 #1
0
def test_get_attribute_value():
    request_json = {
        "subject": {
            "id": "a",
            "attributes": {
                "firstName": "Carl",
                "lastName": "Right"
            }
        },
        "resource": {
            "id": "a",
            "attributes": {
                "name": "Calendar"
            }
        },
        "action": {
            "id": "",
            "attributes": {}
        },
        "context": {}
    }
    request = AccessRequest.from_json(request_json)
    ctx = EvaluationContext(request)
    provider = RequestAttributeProvider(request)

    assert request_json["subject"]["attributes"]["firstName"] == provider.get_attribute_value("subject", "$.firstName",
                                                                                              ctx)
    assert request_json["subject"]["attributes"]["lastName"] == provider.get_attribute_value("subject", "$.lastName",
                                                                                             ctx)
    assert provider.get_attribute_value("subject", "$.test", ctx) is None
    assert request_json["resource"]["attributes"]["name"] == provider.get_attribute_value("resource", "$.name", ctx)
    assert provider.get_attribute_value("resource", "$.test", ctx) is None
    assert provider.get_attribute_value("action", "$.test", ctx) is None
    assert provider.get_attribute_value("context", "$.test", ctx) is None
예제 #2
0
def test_is_satisfied(rules_json, result):
    request_json = {
        "subject": {
            "id": "a",
            "attributes": {
                "firstName": "Carl",
                "lastName": "Right"
            }
        },
        "resource": {
            "id": "a",
            "attributes": {
                "name": "Calendar"
            }
        },
        "action": {
            "id": "",
            "attributes": {}
        },
        "context": {}
    }
    request = AccessRequest.from_json(request_json)
    ctx = EvaluationContext(request)
    rules = RulesSchema().load(rules_json)
    assert rules.is_satisfied(ctx) == result
예제 #3
0
def test_create():
    request_json = {
        "subject": {
            "id": "a",
            "attributes": {
                "firstName": "Carl",
                "lastName": "Right"
            }
        },
        "resource": {
            "id": "a",
            "attributes": {
                "name": "Calendar"
            }
        },
        "action": {
            "id": "",
            "attributes": {}
        },
        "context": {}
    }
    request = AccessRequest.from_json(request_json)

    assert request_json["subject"]["id"] == request._subject_id
    assert request_json["resource"]["id"] == request._resource_id
    assert request_json["action"]["id"] == request._action_id

    # Check backward compatibility
    request = Request.from_json(request_json)

    assert request_json["subject"]["id"] == request._subject_id
    assert request_json["resource"]["id"] == request._resource_id
    assert request_json["action"]["id"] == request._action_id
예제 #4
0
def test_invalid_attribute_path_error():
    request_json = {
        "subject": {
            "id": "a",
            "attributes": {
                "firstName": "Carl",
                "lastName": "Right"
            }
        },
        "resource": {
            "id": "a",
            "attributes": {
                "name": "Calendar"
            }
        },
        "action": {
            "id": "",
            "attributes": {}
        },
        "context": {}
    }
    request = AccessRequest.from_json(request_json)
    ctx = EvaluationContext(request)
    provider = RequestAttributeProvider(request)
    with pytest.raises(InvalidAttributePathError):
        provider.get_attribute_value("subject", ")", ctx)
예제 #5
0
def test_match(targets_json, result):
    request_json = {
        "subject": {
            "id": "abc",
            "attributes": {
                "firstName": "Carl",
                "lastName": "Right"
            }
        },
        "resource": {
            "id": "12",
            "attributes": {
                "name": "Calendar"
            }
        },
        "action": {
            "id": ">",
            "attributes": {}
        },
        "context": {}
    }
    request = AccessRequest.from_json(request_json)
    ctx = EvaluationContext(request)
    targets = TargetsSchema().load(targets_json)
    assert targets.match(ctx) == result
예제 #6
0
def test_get_attribute_value():
    request_json = {
        "subject": {
            "id": "a",
            "attributes": {
                "firstName": "Carl",
                "lastName": "Right",
                "middleName": ""
            }
        },
        "resource": {
            "id": "a",
            "attributes": {
                "name": "Calendar"
            }
        },
        "action": {
            "id": "",
            "attributes": {}
        },
        "context": {}
    }
    request = AccessRequest.from_json(request_json)
    context = EvaluationContext(request, providers=[EmailAttributeProvider()])
    assert context.get_attribute_value("subject", "$.firstName") == "Carl"
    assert context.get_attribute_value("subject", "$.middleName") == ""
    assert context.get_attribute_value("subject",
                                       "$.email") == "*****@*****.**"
    assert context.get_attribute_value("resource", "$.name") == "Calendar"
    assert context.get_attribute_value("context", "$.ip") is None
예제 #7
0
def test_attribute_value_raises():
    request_json = {
        "subject": {
            "id": "a",
            "attributes": {
                "firstName": "Carl",
                "lastName": "Right"
            }
        },
        "resource": {
            "id": "a",
            "attributes": {
                "name": "Calendar"
            }
        },
        "action": {
            "id": "",
            "attributes": {}
        },
        "context": {}
    }
    request = AccessRequest.from_json(request_json)
    context = EvaluationContext(request)
    with pytest.raises(InvalidAccessControlElementError):
        _ = context.attribute_value

    context.ace = "test"
    with pytest.raises(InvalidAccessControlElementError):
        _ = context.attribute_value

    context.ace = "subject"
    context.attribute_path = ")"
    with pytest.raises(InvalidAttributePathError):
        _ = context.attribute_value
예제 #8
0
def test_attribute_provider_infinite_recursion():
    request_json = {
        "subject": {
            "id": "a",
            "attributes": {
                "firstName": "Carl",
                "lastName": "Right"
            }
        },
        "resource": {
            "id": "a",
            "attributes": {
                "name": "Calendar"
            }
        },
        "action": {
            "id": "",
            "attributes": {}
        },
        "context": {}
    }
    request = AccessRequest.from_json(request_json)
    context = EvaluationContext(request, providers=[FaultyAttributeProvider()])
    assert context.get_attribute_value("subject", "$.email") is None

    context = EvaluationContext(request,
                                providers=[
                                    FaultyAttributeProvider(),
                                    EmailAttributeProvider(),
                                    FaultyAttributeProvider(),
                                    EmailAttributeProvider(),
                                    FaultyAttributeProvider()
                                ])
    assert context.get_attribute_value("subject", "$.age") is None
예제 #9
0
 def test_is_satisfied(self, condition, what, result):
     request = AccessRequest(subject={"attributes": {"what": what}},
                             resource={"attributes": {"name": {"what": what}}},
                             action={}, context={})
     ctx = EvaluationContext(request)
     ctx.ace = "subject"
     ctx.attribute_path = "$.what"
     assert condition.is_satisfied(ctx) == result
예제 #10
0
def test_create():
    request_json = {
        "subject": {
            "id": "a",
            "attributes": {
                "firstName": "Carl",
                "lastName": "Right",
                "middleName": ""
            }
        },
        "resource": {
            "id": "a",
            "attributes": {
                "name": "Calendar"
            }
        },
        "action": {
            "id": "",
            "attributes": {}
        },
        "context": {}
    }
    request = AccessRequest.from_json(request_json)
    context = EvaluationContext(request)
    assert context.subject_id == request._subject_id
    assert context.resource_id == request._resource_id
    assert context.action_id == request._action_id
    assert context._other_providers == []
    assert context.ace is None
    assert context.attribute_path is None

    context.ace = "subject"
    context.attribute_path = "$.firstName"
    assert context.attribute_value == "Carl"
    context.attribute_path = "$.lastName"
    assert context.attribute_value == "Right"
    context.attribute_path = "$.middleName"
    assert context.attribute_value == ""

    context.ace = "resource"
    context.attribute_path = "$.name"
    assert context.attribute_value == "Calendar"
예제 #11
0
def test_find_for_target(st, request_json, num):
    st.add(
        Policy.from_json({
            "uid": "1",
            "rules": {},
            "targets": {},
            "effect": "deny"
        }))
    st.add(
        Policy.from_json({
            "uid": "2",
            "rules": {},
            "targets": {
                "subject_id": "ab*"
            },
            "effect": "deny"
        }))
    st.add(
        Policy.from_json({
            "uid": "3",
            "rules": {},
            "targets": {
                "subject_id": "a*b"
            },
            "effect": "deny"
        }))
    st.add(
        Policy.from_json({
            "uid": "4",
            "rules": {},
            "targets": {
                "subject_id": "ab*c"
            },
            "effect": "deny"
        }))

    request = AccessRequest.from_json(request_json)
    found = st.get_for_target(request._subject_id, request._resource_id,
                              request._action_id)
    found = list(found)
    assert num == len(found)
예제 #12
0
def test_create_error(request_json):
    with pytest.raises(RequestCreateError):
        AccessRequest.from_json(request_json)
예제 #13
0
def test_is_allowed_highest_priority(st, desc, request_json, should_be_allowed):
    pdp = PDP(st, EvaluationAlgorithm.HIGHEST_PRIORITY, [EmailsAttributeProvider()])
    request = AccessRequest.from_json(request_json)
    assert should_be_allowed == pdp.is_allowed(request)
예제 #14
0
def test_is_allowed_allow_overrides(st, desc, request_json, should_be_allowed):
    pdp = PDP(st, EvaluationAlgorithm.ALLOW_OVERRIDES, [EmailsAttributeProvider()])
    request = AccessRequest.from_json(request_json)
    assert should_be_allowed == pdp.is_allowed(request)
예제 #15
0
 def test_fits(self, desc, policy_json, request_json, result):
     ctx = EvaluationContext(AccessRequest.from_json(request_json))
     policy = Policy.from_json(policy_json)
     assert policy.fits(ctx) == result