def test_delete_identity_of_account(self):
""" ACCOUNT (REST): send a DELETE to remove an identity of an account."""
mw = []
account = account_name_generator()
identity = uuid()
password = '******'
add_account(account, 'USER', '*****@*****.**', 'root', **self.vo)
add_identity(identity, IdentityType.USERPASS, '*****@*****.**', password)
add_account_identity(identity, IdentityType.USERPASS, InternalAccount(account, **self.vo), '*****@*****.**')
headers1 = {'X-Rucio-Account': account, 'X-Rucio-Username': identity, 'X-Rucio-Password': password}
headers1.update(self.vo_header)
res1 = TestApp(auth_app.wsgifunc(*mw)).get('/userpass', headers=headers1, expect_errors=True)
token = str(res1.header('X-Rucio-Auth-Token'))
# normal deletion
headers2 = {'X-Rucio-Auth-Token': str(token)}
data = dumps({'authtype': 'USERPASS', 'identity': identity})
res2 = TestApp(account_app.wsgifunc(*mw)).delete('/' + account + '/identities', headers=headers2, params=data, expect_errors=True)
assert_equal(res2.status, 200)
# unauthorized deletion
other_account = account_name_generator()
headers2 = {'X-Rucio-Auth-Token': str(token)}
data = dumps({'authtype': 'USERPASS', 'identity': identity})
res2 = TestApp(account_app.wsgifunc(*mw)).delete('/' + other_account + '/identities', headers=headers2, params=data, expect_errors=True)
assert_equal(res2.status, 401)
def test_add_identity_to_account(self):
""" ACCOUNT (REST): send a POST to add an identity to an account."""
mw = []
account = 'root'
headers1 = {'X-Rucio-Account': account, 'X-Rucio-Username': '******', 'X-Rucio-Password': '******'}
headers1.update(self.vo_header)
res1 = TestApp(auth_app.wsgifunc(*mw)).get('/userpass', headers=headers1, expect_errors=True)
assert_equal(res1.status, 200)
token = str(res1.header('X-Rucio-Auth-Token'))
identity = uuid()
# normal addition
headers2 = {'X-Rucio-Auth-Token': str(token)}
data = dumps({'authtype': 'USERPASS', 'email': '*****@*****.**', 'password': '******', 'identity': identity})
res2 = TestApp(account_app.wsgifunc(*mw)).post('/' + account + '/identities', headers=headers2, params=data, expect_errors=True)
assert_equal(res2.status, 201)
# duplicate identity
res4 = TestApp(account_app.wsgifunc(*mw)).post('/' + account + '/identities', headers=headers2, params=data, expect_errors=True)
assert_equal(res4.status, 409)
# missing password
identity = uuid()
data = dumps({'authtype': 'USERPASS', 'email': '*****@*****.**', 'identity': identity})
res3 = TestApp(account_app.wsgifunc(*mw)).post('/' + account + '/identities', headers=headers2, params=data, expect_errors=True)
assert_equal(res3.status, 400)
def test_update_account(self):
""" ACCOUNT (REST): send a PUT to update an account."""
mw = []
headers1 = {'X-Rucio-Account': 'root', 'X-Rucio-Username': '******', 'X-Rucio-Password': '******'}
headers1.update(self.vo_header)
res1 = TestApp(auth_app.wsgifunc(*mw)).get('/userpass', headers=headers1, expect_errors=True)
assert_equal(res1.status, 200)
token = str(res1.header('X-Rucio-Auth-Token'))
acntusr = account_name_generator()
headers2 = {'X-Rucio-Auth-Token': str(token)}
data = dumps({'type': 'USER', 'email': '*****@*****.**'})
res2 = TestApp(account_app.wsgifunc(*mw)).post('/' + acntusr, headers=headers2, params=data, expect_errors=True)
assert_equal(res2.status, 201)
data = dumps({'status': 'SUSPENDED', 'email': 'test'})
headers3 = {'X-Rucio-Auth-Token': str(token)}
res3 = TestApp(account_app.wsgifunc(*mw)).put('/' + acntusr, headers=headers3, params=data, expect_errors=True)
assert_equal(res3.status, 200)
headers4 = {'X-Rucio-Auth-Token': str(token)}
res4 = TestApp(account_app.wsgifunc(*mw)).get('/' + acntusr, headers=headers4, expect_errors=True)
body = loads(res4.body.decode())
assert_equal(body['status'], 'SUSPENDED')
assert_equal(body['email'], 'test')
assert_equal(res4.status, 200)
def test_add_attribute(self):
""" ACCOUNT (REST): add/get/delete attribute."""
mw = []
headers1 = {'X-Rucio-Account': 'root', 'X-Rucio-Username': '******', 'X-Rucio-Password': '******'}
headers1.update(self.vo_header)
res1 = TestApp(auth_app.wsgifunc(*mw)).get('/userpass', headers=headers1, expect_errors=True)
assert_equal(res1.status, 200)
token = str(res1.header('X-Rucio-Auth-Token'))
acntusr = account_name_generator()
headers2 = {'X-Rucio-Auth-Token': str(token)}
data = dumps({'type': 'USER', 'email': '*****@*****.**'})
res2 = TestApp(account_app.wsgifunc(*mw)).post('/' + acntusr, headers=headers2, params=data, expect_errors=True)
assert_equal(res2.status, 201)
key = account_name_generator()
value = "true"
data = dumps({'key': key, 'value': value})
res3 = TestApp(account_app.wsgifunc(*mw)).post('/{0}/attr/{1}'.format(acntusr, key), headers=headers2, params=data, expect_errors=True)
assert_equal(res3.status, 201)
res4 = TestApp(account_app.wsgifunc(*mw)).get('/' + acntusr + '/attr/', headers=headers2, expect_errors=True)
assert_equal(res4.status, 200)
res5 = TestApp(account_app.wsgifunc(*mw)).delete('/{0}/attr/{1}'.format(acntusr, key), headers=headers2, params=data, expect_errors=True)
assert_equal(res5.status, 200)
def test_del_user_success(self):
""" ACCOUNT (REST): send a DELETE to disable the new user """
mw = []
headers1 = {'X-Rucio-Account': 'root', 'X-Rucio-Username': '******', 'X-Rucio-Password': '******'}
headers1.update(self.vo_header)
res1 = TestApp(auth_app.wsgifunc(*mw)).get('/userpass', headers=headers1, expect_errors=True)
assert_equal(res1.status, 200)
token = str(res1.header('X-Rucio-Auth-Token'))
acntusr = account_name_generator()
headers2 = {'X-Rucio-Auth-Token': str(token)}
data = dumps({'type': 'USER', 'email': '*****@*****.**'})
res2 = TestApp(account_app.wsgifunc(*mw)).post('/' + acntusr, headers=headers2, params=data, expect_errors=True)
assert_equal(res2.status, 201)
headers3 = {'X-Rucio-Auth-Token': str(token)}
res3 = TestApp(account_app.wsgifunc(*mw)).delete('/' + acntusr, headers=headers3, expect_errors=True)
assert_equal(res3.status, 200)
headers4 = {'X-Rucio-Auth-Token': str(token)}
res4 = TestApp(account_app.wsgifunc(*mw)).get('/' + acntusr, headers=headers4, expect_errors=True)
body = loads(res4.body.decode())
assert_true(body['status'] == AccountStatus.DELETED.description) # pylint: disable=no-member
assert_equal(res3.status, 200)
def test_list_scope_no_scopes(self):
""" SCOPE (REST): send a GET list all scopes for one account without scopes """
mw = []
headers1 = {
'X-Rucio-Account': 'root',
'X-Rucio-Username': '******',
'X-Rucio-Password': '******'
}
res1 = TestApp(auth_app.wsgifunc(*mw)).get('/userpass',
headers=headers1,
expect_errors=True)
assert_equal(res1.status, 200)
token = str(res1.header('X-Rucio-Auth-Token'))
headers2 = {'X-Rucio-Auth-Token': str(token)}
acntusr = account_name_generator()
data = dumps({'type': 'USER', 'email': '*****@*****.**'})
res2 = TestApp(account_app.wsgifunc(*mw)).post('/' + acntusr,
headers=headers2,
params=data,
expect_errors=True)
assert_equal(res2.status, 201)
headers3 = {'X-Rucio-Auth-Token': str(token)}
res4 = TestApp(account_app.wsgifunc(*mw)).get('/%s/scopes/' %
(acntusr),
headers=headers3,
params=data,
expect_errors=True)
assert_equal(res4.status, 404)
assert_equal(res4.header('ExceptionClass'), 'ScopeNotFound')
def test_scope_success(self):
""" SCOPE (REST): send a POST to create a new account and scope """
mw = []
headers1 = {
'X-Rucio-Account': 'root',
'X-Rucio-Username': '******',
'X-Rucio-Password': '******'
}
headers1.update(self.vo_header)
res1 = TestApp(auth_app.wsgifunc(*mw)).get('/userpass',
headers=headers1,
expect_errors=True)
assert res1.status == 200
token = str(res1.header('X-Rucio-Auth-Token'))
headers2 = {'X-Rucio-Auth-Token': str(token)}
acntusr = account_name_generator()
data = dumps({'type': 'USER', 'email': 'rucio.email.com'})
res2 = TestApp(account_app.wsgifunc(*mw)).post('/' + acntusr,
headers=headers2,
params=data,
expect_errors=True)
assert res2.status == 201
headers3 = {'X-Rucio-Auth-Token': str(token)}
scopeusr = scope_name_generator()
res3 = TestApp(account_app.wsgifunc(*mw)).post('/%s/scopes/%s' %
(acntusr, scopeusr),
headers=headers3,
expect_errors=True)
assert res3.status == 201
def test_auth_saml(self):
""" MULTI VO (REST): Test saml authentication to multiple VOs """
mw = []
try:
add_account_identity('ddmlab', 'SAML', 'root', '*****@*****.**', 'root', **self.vo)
add_account_identity('ddmlab', 'SAML', 'root', '*****@*****.**', 'root', **self.new_vo)
except Duplicate:
pass # Might already exist, can skip
# Can't rely on `onelogin` module being present, so get tokens from API instead
token_tst = get_auth_token_saml('root', 'ddmlab', 'unknown', None, **self.vo).token
token_new = get_auth_token_saml('root', 'ddmlab', 'unknown', None, **self.new_vo).token
headers_tst = {'X-Rucio-Auth-Token': str(token_tst)}
res_tst = TestApp(account_app.wsgifunc(*mw)).get('/', headers=headers_tst, expect_errors=True)
assert_equal(res_tst.status, 200)
accounts_tst = [parse_response(a)['account'] for a in res_tst.body.decode().split('\n')[:-1]]
assert_not_equal(len(accounts_tst), 0)
assert_in(self.account_tst, accounts_tst)
assert_not_in(self.account_new, accounts_tst)
headers_new = {'X-Rucio-Auth-Token': str(token_new)}
res_new = TestApp(account_app.wsgifunc(*mw)).get('/', headers=headers_new, expect_errors=True)
assert_equal(res_new.status, 200)
accounts_new = [parse_response(a)['account'] for a in res_new.body.decode().split('\n')[:-1]]
assert_not_equal(len(accounts_new), 0)
assert_in(self.account_new, accounts_new)
assert_not_in(self.account_tst, accounts_new)
def test_auth_userpass(self):
""" MULTI VO (REST): Test userpass authentication to multiple VOs """
mw = []
headers_tst = {'X-Rucio-Account': 'root', 'X-Rucio-Username': '******', 'X-Rucio-Password': '******'}
headers_tst.update(self.vo_header)
res_tst = TestApp(auth_app.wsgifunc(*mw)).get('/userpass', headers=headers_tst, expect_errors=True)
assert_equal(res_tst.status, 200)
token_tst = str(res_tst.header('X-Rucio-Auth-Token'))
headers_new = {'X-Rucio-Account': 'root', 'X-Rucio-Username': '******', 'X-Rucio-Password': '******'}
headers_new.update(self.new_header)
res_new = TestApp(auth_app.wsgifunc(*mw)).get('/userpass', headers=headers_new, expect_errors=True)
assert_equal(res_new.status, 200)
token_new = str(res_new.header('X-Rucio-Auth-Token'))
headers_tst = {'X-Rucio-Auth-Token': str(token_tst)}
res_tst = TestApp(account_app.wsgifunc(*mw)).get('/', headers=headers_tst, expect_errors=True)
assert_equal(res_tst.status, 200)
accounts_tst = [parse_response(a)['account'] for a in res_tst.body.decode().split('\n')[:-1]]
assert_not_equal(len(accounts_tst), 0)
assert_in(self.account_tst, accounts_tst)
assert_not_in(self.account_new, accounts_tst)
headers_new = {'X-Rucio-Auth-Token': str(token_new)}
res_new = TestApp(account_app.wsgifunc(*mw)).get('/', headers=headers_new, expect_errors=True)
assert_equal(res_new.status, 200)
accounts_new = [parse_response(a)['account'] for a in res_new.body.decode().split('\n')[:-1]]
assert_not_equal(len(accounts_new), 0)
assert_in(self.account_new, accounts_new)
assert_not_in(self.account_tst, accounts_new)
def test_create_user_failure(self):
""" ACCOUNT (REST): send a POST with an existing user to test the error case """
mw = []
headers1 = {
'X-Rucio-Account': 'root',
'X-Rucio-Username': '******',
'X-Rucio-Password': '******'
}
res1 = TestApp(auth_app.wsgifunc(*mw)).get('/userpass',
headers=headers1,
expect_errors=True)
assert_equal(res1.status, 200)
token = str(res1.header('X-Rucio-Auth-Token'))
headers = {'X-Rucio-Auth-Token': str(token)}
data = dumps({'type': 'USER', 'email': '*****@*****.**'})
res1 = TestApp(account_app.wsgifunc(*mw)).post('/jdoe',
headers=headers,
params=data,
expect_errors=True)
res1 = TestApp(account_app.wsgifunc(*mw)).post('/jdoe',
headers=headers,
params=data,
expect_errors=True)
assert_equal(res1.status, 409)
def test_list_scope(self):
""" SCOPE (REST): send a GET list all scopes for one account """
mw = []
headers1 = {'X-Rucio-Account': 'root', 'X-Rucio-Username': '******', 'X-Rucio-Password': '******'}
res1 = TestApp(auth_app.wsgifunc(*mw)).get('/userpass', headers=headers1, expect_errors=True)
assert_equal(res1.status, 200)
token = str(res1.header('X-Rucio-Auth-Token'))
tmp_val = account_name_generator()
headers2 = {'Rucio-Type': 'user', 'X-Rucio-Account': 'root', 'X-Rucio-Auth-Token': str(token)}
data = dumps({'type': 'USER', 'email': '*****@*****.**'})
res2 = TestApp(account_app.wsgifunc(*mw)).post('/%s' % tmp_val, headers=headers2, params=data, expect_errors=True)
assert_equal(res2.status, 201)
headers3 = {'X-Rucio-Auth-Token': str(token)}
for scope in self.scopes:
data = dumps({})
res3 = TestApp(account_app.wsgifunc(*mw)).post('/%s/scopes/%s' % (tmp_val, scope), headers=headers3, params=data, expect_errors=True)
assert_equal(res3.status, 201)
res4 = TestApp(account_app.wsgifunc(*mw)).get('/%s/scopes/' % tmp_val, headers=headers3, expect_errors=True)
assert_equal(res4.status, 200)
svr_list = loads(res4.body)
for scope in self.scopes:
assert_in(scope, svr_list)
def test_get_user_success(self):
""" ACCOUNT (REST): send a GET to retrieve the infos of the new user """
mw = []
headers1 = {
'X-Rucio-Account': 'root',
'X-Rucio-Username': '******',
'X-Rucio-Password': '******'
}
res1 = TestApp(auth_app.wsgifunc(*mw)).get('/userpass',
headers=headers1,
expect_errors=True)
assert_equal(res1.status, 200)
token = str(res1.header('X-Rucio-Auth-Token'))
acntusr = account_name_generator()
headers2 = {'X-Rucio-Auth-Token': str(token)}
data = dumps({'type': 'USER', 'email': '*****@*****.**'})
res2 = TestApp(account_app.wsgifunc(*mw)).post('/' + acntusr,
headers=headers2,
params=data,
expect_errors=True)
assert_equal(res2.status, 201)
headers3 = {'X-Rucio-Auth-Token': str(token)}
res3 = TestApp(account_app.wsgifunc(*mw)).get('/' + acntusr,
headers=headers3,
expect_errors=True)
body = loads(res3.body)
assert_equal(body['account'], acntusr)
assert_equal(res3.status, 200)
def test_create_user_non_json_body(self):
""" ACCOUNT (REST): send a POST with a non json body"""
mw = []
headers = {
'X-Rucio-Account': 'root',
'X-Rucio-Username': '******',
'X-Rucio-Password': '******'
}
res = TestApp(auth_app.wsgifunc(*mw)).get('/userpass',
headers=headers,
expect_errors=True)
assert_equal(res.status, 200)
token = str(res.header('X-Rucio-Auth-Token'))
headers = {'X-Rucio-Auth-Token': str(token)}
data = {'type': 'USER'}
ret = TestApp(account_app.wsgifunc(*mw)).post('/testuser',
headers=headers,
params=data,
expect_errors=True)
assert_equal(ret.header('ExceptionClass'), 'ValueError')
assert_equal(
ret.normal_body,
'{"ExceptionMessage": "cannot decode json parameter dictionary", "ExceptionClass": "ValueError"}'
)
assert_equal(ret.status, 400)
def test_create_user_missing_parameter(self):
""" ACCOUNT (REST): send a POST with a missing parameter"""
mw = []
headers = {
'X-Rucio-Account': 'root',
'X-Rucio-Username': '******',
'X-Rucio-Password': '******'
}
res = TestApp(auth_app.wsgifunc(*mw)).get('/userpass',
headers=headers,
expect_errors=True)
assert_equal(res.status, 200)
token = str(res.header('X-Rucio-Auth-Token'))
headers = {'X-Rucio-Auth-Token': str(token)}
data = dumps({})
ret = TestApp(account_app.wsgifunc(*mw)).post('/account',
headers=headers,
params=data,
expect_errors=True)
assert_equal(ret.header('ExceptionClass'), 'KeyError')
assert_equal(
ret.normal_body,
'{"ExceptionMessage": "\'type\' not defined", "ExceptionClass": "KeyError"}'
)
assert_equal(ret.status, 400)
def test_create_user_not_json_dict(self):
""" ACCOUNT (REST): send a POST with a non dictionary json body"""
mw = []
headers = {
'X-Rucio-Account': 'root',
'X-Rucio-Username': '******',
'X-Rucio-Password': '******'
}
res = TestApp(auth_app.wsgifunc(*mw)).get('/userpass',
headers=headers,
expect_errors=True)
assert_equal(res.status, 200)
token = str(res.header('X-Rucio-Auth-Token'))
headers = {'X-Rucio-Auth-Token': str(token)}
data = dumps(('account', 'account'))
res = TestApp(account_app.wsgifunc(*mw)).post('/testaccount',
headers=headers,
params=data,
expect_errors=True)
assert_equal(res.header('ExceptionClass'), 'TypeError')
assert_equal(
res.normal_body,
'{"ExceptionMessage": "body must be a json dictionary", "ExceptionClass": "TypeError"}'
)
assert_equal(res.status, 400)
def test_create_user_success(self):
""" ACCOUNT (REST): send a POST to create a new user """
mw = []
headers1 = {
'X-Rucio-Account': 'root',
'X-Rucio-Username': '******',
'X-Rucio-Password': '******'
}
headers1.update(self.vo_header)
res1 = TestApp(auth_app.wsgifunc(*mw)).get('/userpass',
headers=headers1,
expect_errors=True)
assert res1.status == 200
token = str(res1.header('X-Rucio-Auth-Token'))
acntusr = account_name_generator()
headers2 = {'X-Rucio-Auth-Token': str(token)}
data = dumps({'type': 'USER', 'email': '*****@*****.**'})
res2 = TestApp(account_app.wsgifunc(*mw)).post('/' + acntusr,
headers=headers2,
params=data,
expect_errors=True)
assert res2.status == 201
def test_auth_ssh(self):
""" MULTI VO (REST): Test ssh authentication to multiple VOs """
mw = []
try:
add_account_identity(PUBLIC_KEY, 'SSH', 'root', '*****@*****.**', 'root', **self.vo)
add_account_identity(PUBLIC_KEY, 'SSH', 'root', '*****@*****.**', 'root', **self.new_vo)
except Duplicate:
pass # Might already exist, can skip
headers_tst = {'X-Rucio-Account': 'root'}
headers_tst.update(self.vo_header)
res_tst = TestApp(auth_app.wsgifunc(*mw)).get('/ssh_challenge_token', headers=headers_tst, expect_errors=True)
assert_equal(res_tst.status, 200)
challenge_tst = str(res_tst.header('X-Rucio-SSH-Challenge-Token'))
headers_tst.update({'X-Rucio-SSH-Signature': ssh_sign(PRIVATE_KEY, challenge_tst)})
res_tst = TestApp(auth_app.wsgifunc(*mw)).get('/ssh', headers=headers_tst, expect_errors=True)
assert_equal(res_tst.status, 200)
token_tst = str(res_tst.header('X-Rucio-Auth-Token'))
headers_new = {'X-Rucio-Account': 'root'}
headers_new.update(self.new_header)
res_new = TestApp(auth_app.wsgifunc(*mw)).get('/ssh_challenge_token', headers=headers_new, expect_errors=True)
assert_equal(res_new.status, 200)
challenge_tst = str(res_new.header('X-Rucio-SSH-Challenge-Token'))
headers_new.update({'X-Rucio-SSH-Signature': ssh_sign(PRIVATE_KEY, challenge_tst)})
res_new = TestApp(auth_app.wsgifunc(*mw)).get('/ssh', headers=headers_new, expect_errors=True)
assert_equal(res_new.status, 200)
token_new = str(res_new.header('X-Rucio-Auth-Token'))
headers_tst = {'X-Rucio-Auth-Token': str(token_tst)}
res_tst = TestApp(account_app.wsgifunc(*mw)).get('/', headers=headers_tst, expect_errors=True)
assert_equal(res_tst.status, 200)
accounts_tst = [parse_response(a)['account'] for a in res_tst.body.decode().split('\n')[:-1]]
assert_not_equal(len(accounts_tst), 0)
assert_in(self.account_tst, accounts_tst)
assert_not_in(self.account_new, accounts_tst)
headers_new = {'X-Rucio-Auth-Token': str(token_new)}
res_new = TestApp(account_app.wsgifunc(*mw)).get('/', headers=headers_new, expect_errors=True)
assert_equal(res_new.status, 200)
accounts_new = [parse_response(a)['account'] for a in res_new.body.decode().split('\n')[:-1]]
assert_not_equal(len(accounts_new), 0)
assert_in(self.account_new, accounts_new)
assert_not_in(self.account_tst, accounts_new)
def test_del_user_failure(self):
""" ACCOUNT (REST): send a DELETE with a wrong user to test the error """
mw = []
headers1 = {'X-Rucio-Account': 'root', 'X-Rucio-Username': '******', 'X-Rucio-Password': '******'}
res1 = TestApp(auth_app.wsgifunc(*mw)).get('/userpass', headers=headers1, expect_errors=True)
assert_equal(res1.status, 200)
token = str(res1.header('X-Rucio-Auth-Token'))
headers2 = {'X-Rucio-Auth-Token': str(token)}
res2 = TestApp(account_app.wsgifunc(*mw)).delete('/wronguser', headers=headers2, expect_errors=True)
assert_equal(res2.status, 404)
def test_whoami_account(self):
""" ACCOUNT (REST): Test the whoami method."""
mw = []
headers1 = {'X-Rucio-Account': 'root', 'X-Rucio-Username': '******', 'X-Rucio-Password': '******'}
res1 = TestApp(auth_app.wsgifunc(*mw)).get('/userpass', headers=headers1, expect_errors=True)
assert_equal(res1.status, 200)
token = str(res1.header('X-Rucio-Auth-Token'))
headers2 = {'X-Rucio-Auth-Token': str(token)}
res2 = TestApp(account_app.wsgifunc(*mw)).get('/whoami', headers=headers2, expect_errors=True)
assert_equal(res2.status, 303)
def test_scope_duplicate(self):
""" SCOPE (REST): send a POST to create a already existing scope to test the error"""
mw = []
headers1 = {'X-Rucio-Account': 'root', 'X-Rucio-Username': '******', 'X-Rucio-Password': '******'}
res1 = TestApp(auth_app.wsgifunc(*mw)).get('/userpass', headers=headers1, expect_errors=True)
assert_equal(res1.status, 200)
token = str(res1.header('X-Rucio-Auth-Token'))
headers2 = {'X-Rucio-Auth-Token': str(token)}
acntusr = account_name_generator()
data = dumps({'type': 'USER', 'email': '*****@*****.**'})
res2 = TestApp(account_app.wsgifunc(*mw)).post('/' + acntusr, headers=headers2, params=data, expect_errors=True)
assert_equal(res2.status, 201)
headers3 = {'X-Rucio-Auth-Token': str(token)}
scopeusr = scope_name_generator()
res3 = TestApp(account_app.wsgifunc(*mw)).post('/%s/scopes/%s' % (acntusr, scopeusr), headers=headers3, expect_errors=True)
assert_equal(res3.status, 201)
res3 = TestApp(account_app.wsgifunc(*mw)).post('/%s/scopes/%s' % (acntusr, scopeusr), headers=headers3, expect_errors=True)
assert_equal(res3.status, 409)
def test_scope_failure(self):
""" SCOPE (REST): send a POST to create a new scope for a not existing account to test the error"""
mw = []
headers1 = {'X-Rucio-Account': 'root', 'X-Rucio-Username': '******', 'X-Rucio-Password': '******'}
res1 = TestApp(auth_app.wsgifunc(*mw)).get('/userpass', headers=headers1, expect_errors=True)
assert_equal(res1.status, 200)
token = str(res1.header('X-Rucio-Auth-Token'))
headers2 = {'X-Rucio-Auth-Token': str(token)}
scopeusr = scope_name_generator()
account_name_generator()
res2 = TestApp(account_app.wsgifunc(*mw)).post('/%s/scopes/%s' % (scopeusr, scopeusr), headers=headers2, expect_errors=True)
assert_equal(res2.status, 404)
def test_auth_x509(self):
""" MULTI VO (REST): Test X509 authentication to multiple VOs """
mw = []
# TestApp doesn't support `cert` argument, so get tokens from API instead
token_tst = get_auth_token_x509('root', '/CN=Rucio User', 'unknown', None, **self.vo).token
token_new = get_auth_token_x509('root', '/CN=Rucio User', 'unknown', None, **self.new_vo).token
headers_tst = {'X-Rucio-Auth-Token': str(token_tst)}
res_tst = TestApp(account_app.wsgifunc(*mw)).get('/', headers=headers_tst, expect_errors=True)
assert_equal(res_tst.status, 200)
accounts_tst = [parse_response(a)['account'] for a in res_tst.body.decode().split('\n')[:-1]]
assert_not_equal(len(accounts_tst), 0)
assert_in(self.account_tst, accounts_tst)
assert_not_in(self.account_new, accounts_tst)
headers_new = {'X-Rucio-Auth-Token': str(token_new)}
res_new = TestApp(account_app.wsgifunc(*mw)).get('/', headers=headers_new, expect_errors=True)
assert_equal(res_new.status, 200)
accounts_new = [parse_response(a)['account'] for a in res_new.body.decode().split('\n')[:-1]]
assert_not_equal(len(accounts_new), 0)
assert_in(self.account_new, accounts_new)
assert_not_in(self.account_tst, accounts_new)
def test_auth_gss(self):
""" MULTI VO (REST): Test gss authentication to multiple VOs """
mw = []
# Can't rely on `requests_kerberos` module being present, so get tokens from API instead
token_tst = get_auth_token_gss('root', '*****@*****.**', 'unknown', None, **self.vo).token
token_new = get_auth_token_gss('root', '*****@*****.**', 'unknown', None, **self.new_vo).token
headers_tst = {'X-Rucio-Auth-Token': str(token_tst)}
res_tst = TestApp(account_app.wsgifunc(*mw)).get('/', headers=headers_tst, expect_errors=True)
assert_equal(res_tst.status, 200)
accounts_tst = [parse_response(a)['account'] for a in res_tst.body.decode().split('\n')[:-1]]
assert_not_equal(len(accounts_tst), 0)
assert_in(self.account_tst, accounts_tst)
assert_not_in(self.account_new, accounts_tst)
headers_new = {'X-Rucio-Auth-Token': str(token_new)}
res_new = TestApp(account_app.wsgifunc(*mw)).get('/', headers=headers_new, expect_errors=True)
assert_equal(res_new.status, 200)
accounts_new = [parse_response(a)['account'] for a in res_new.body.decode().split('\n')[:-1]]
assert_not_equal(len(accounts_new), 0)
assert_in(self.account_new, accounts_new)
assert_not_in(self.account_tst, accounts_new)
def test_list_scope_account_not_found(self):
""" SCOPE (REST): send a GET list all scopes for a not existing account """
mw = []
headers1 = {'X-Rucio-Account': 'root', 'X-Rucio-Username': '******', 'X-Rucio-Password': '******'}
res1 = TestApp(auth_app.wsgifunc(*mw)).get('/userpass', headers=headers1, expect_errors=True)
assert_equal(res1.status, 200)
token = str(res1.header('X-Rucio-Auth-Token'))
headers3 = {'X-Rucio-Auth-Token': str(token)}
res3 = TestApp(account_app.wsgifunc(*mw)).get('/testaccount/scopes', headers=headers3, expect_errors=True)
assert_equal(res3.status, 404)
assert_equal(res3.header('ExceptionClass'), 'AccountNotFound')
def test_get_user_failure(self):
""" ACCOUNT (REST): send a GET with a wrong user test the error """
mw = []
headers1 = {
'X-Rucio-Account': 'root',
'X-Rucio-Username': '******',
'X-Rucio-Password': '******'
}
headers1.update(self.vo_header)
res1 = TestApp(auth_app.wsgifunc(*mw)).get('/userpass',
headers=headers1,
expect_errors=True)
assert res1.status == 200
token = str(res1.header('X-Rucio-Auth-Token'))
headers2 = {'X-Rucio-Auth-Token': token}
res2 = TestApp(account_app.wsgifunc(*mw)).get('/wronguser',
headers=headers2,
expect_errors=True)
assert res2.status == 404