def test_adfs_login(self, m): m.post( 'http://example.com/auth', text=util.get_fixture('adfs-successful-login.xml'), ) assertion = util.get_fixture('adfs-assertion.txt', 'rb') self.assertEqual(assertion, tokens.get_token('hest', 'fest'))
def test_searching_with_limit(self): objid = self.load_fixture('/aktivitet/aktivitet', 'aktivitet_opret.json') self.assertRequestResponse( '/aktivitet/aktivitet/{}'.format(objid), { 'uuid': objid, }, json=util.get_fixture('aktivitet_opdater.json'), method='PATCH', ) self.assertRequestResponse( 'aktivitet/aktivitet?bvn=JOGGING&maximalantalresultater=2000', { "results": [ [ objid, ], ], }, ) self.assertRequestResponse( 'aktivitet/aktivitet?bvn=JOGGING&status=Aktiv&foersteresultat=1', { "results": [ [], ], }, )
def test_bad_import(self): '''import a class into an organisation -- not expected to work''' data = util.get_fixture('klasse_opret.json') self.assertRequestFails( '/klassifikation/klassifikation', 400, method='POST', json=data, )
def check(expected, status_code): token = util.get_fixture('adfs-assertion.txt').strip() self.assertRequestResponse( '/organisation/organisation?bvn=%', expected, headers={ 'Authorization': token, }, status_code=status_code, )
def test_searching_with_limit_after_editing_bvn(self): objid = self.load_fixture('/aktivitet/aktivitet', 'aktivitet_opret.json') self.assertRequestResponse( '/aktivitet/aktivitet/{}'.format(objid), { 'uuid': objid, }, json=util.get_fixture('aktivitet_opdater.json'), method='PATCH', ) self.assertRequestResponse( '/aktivitet/aktivitet/{}'.format(objid), { 'uuid': objid, }, json={ "note": "Ret BVN", "attributter": { "aktivitetegenskaber": [ { "brugervendtnoegle": "JOGGINGLØB", "virkning": { "from": "2017-01-01 00:00:00", "to": "infinity", } }, ], }, }, method='PATCH', ) self.assertRequestResponse( 'aktivitet/aktivitet?bvn=JOG%&maximalantalresultater=2000', { "results": [ [ objid, ], ], }, ) self.assertRequestResponse( 'aktivitet/aktivitet?bvn=JOG%&status=Aktiv&foersteresultat=1', { "results": [ [], ], }, )
def test_virkningstid(self): uuid = "931ee7bf-10d6-4cc3-8938-83aa6389aaba" self.load_fixture('/organisation/bruger', 'test_bruger.json', uuid) expected = util.get_fixture('output/test_bruger_virkningstid.json') self.assertQueryResponse('/organisation/bruger', expected, uuid=uuid, virkningstid='2004-01-01')
def test_wso2_login_failure(self, m): m.post( 'http://example.com/auth', text=util.get_fixture('wso2-failed-login.xml'), ) with self.assertRaises(Exception) as cm: tokens.get_token('hest', 'fest') self.assertEqual( cm.exception.args, ('The security token could not be authenticated or authorized', ))
def test_edit(self): objid = self.load_fixture('/klassifikation/klasse', 'klasse_opret.json') self.assertRequestResponse( '/klassifikation/klasse/{}'.format(objid), { 'uuid': objid, }, json=util.get_fixture('klasse_opdater.json'), method='PATCH') expected = { "relationer": { "ansvarlig": [{ "uuid": "ddc99abd-c1b0-48c2-aef7-74fea841adae", "objekttype": "Bruger", "virkning": { "aktoerref": "ddc99abd-c1b0-48c2-aef7-74fea841adae", "to_included": False, "aktoertypekode": "Bruger", "to": "infinity", "notetekst": "Nothing to see here!", "from_included": True, "from": "2014-05-19 12:02:32+02" } }], "redaktoerer": [{ "uuid": "ddc99abd-c1b0-48c2-aef7-74fea841adae", "objekttype": "Bruger", "virkning": { "aktoerref": "ddc99abd-c1b0-48c2-aef7-74fea841adae", "to_included": False, "aktoertypekode": "Bruger", "to": "infinity", "notetekst": "Nothing to see here!", "from_included": True, "from": "2015-05-19 12:02:32+02" } }, { "uuid": "ef2713ee-1a38-4c23-8fcb-3c4331262194", "objekttype": "Bruger", "virkning": { "aktoerref": "ddc99abd-c1b0-48c2-aef7-74fea841adae", "to_included": False, "aktoertypekode": "Bruger", "to": "infinity", "notetekst": "Nothing to see here!", "from_included": True, "from": "2014-05-19 12:02:32+02" } }] }, "attributter": { "klasseegenskaber": [{ "omfang": "Magenta", "beskrivelse": "Organisatorisk funktion", "retskilde": "Ja", "virkning": { "aktoerref": "ddc99abd-c1b0-48c2-aef7-74fea841adae", "to_included": False, "aktoertypekode": "Bruger", "to": "infinity", "from_included": True, "from": "2014-05-22 12:02:32+02" }, "brugervendtnoegle": "ORGFUNK", "soegeord": [{ "beskrivelse": "med", "soegeordidentifikator": "hej", "soegeordskategori": "dig" }], "eksempel": "Hierarkisk", "titel": "XYZ" }] }, "brugerref": "42c432e8-9c4a-11e6-9f62-873cf34a735f", "tilstande": { "klassepubliceret": [{ "publiceret": "Publiceret", "virkning": { "aktoerref": "ddc99abd-c1b0-48c2-aef7-74fea841adae", "to_included": False, "aktoertypekode": "Bruger", "to": "infinity", "notetekst": "Nothing to see here!", "from_included": True, "from": "2014-05-19 12:02:32+02" } }] }, "livscykluskode": "Rettet", "note": "Opdater klasse" } self.assertQueryResponse( '/klassifikation/klasse', expected, uuid=objid, )
def test_edit_put(self): objid = self.load_fixture('/klassifikation/klasse', 'klasse_opret.json') self.assertRequestResponse( '/klassifikation/klasse/{}'.format(objid), { 'uuid': objid, }, json=util.get_fixture('klasse_opdater_put.json'), method='PUT') expected = { 'note': 'Overskriv klasse med nye perioder mv', 'attributter': { 'klasseegenskaber': [{ 'beskrivelse': 'Klasse', 'brugervendtnoegle': 'KLASSE', 'eksempel': 'Hierarkisk', 'omfang': 'Magenta', 'retskilde': 'Nej', 'soegeord': [{ 'beskrivelse': 'Vores firma', 'soegeordidentifikator': 'Magenta', 'soegeordskategori': 'info' }, { 'beskrivelse': 'Vores kunde', 'soegeordidentifikator': 'KL', 'soegeordskategori': 'info' }], 'titel': 'XYZ', 'virkning': { 'aktoerref': 'ddc99abd-c1b0-48c2-aef7-74fea841adae', 'aktoertypekode': 'Bruger', 'from': '2016-05-19 12:02:32+02', 'from_included': True, 'to': 'infinity', 'to_included': False } }] }, 'livscykluskode': 'Rettet', 'note': 'Overskriv klasse med nye perioder mv', 'relationer': { 'ansvarlig': [{ 'objekttype': 'Bruger', 'uuid': 'ddc99abd-c1b0-48c2-aef7-74fea841adae', 'virkning': { 'aktoerref': 'ddc99abd-c1b0-48c2-aef7-74fea841adae', 'aktoertypekode': 'Bruger', 'from': '2016-05-19 12:02:32+02', 'from_included': True, 'notetekst': 'Nothing to see here!', 'to': 'infinity', 'to_included': False } }], 'redaktoerer': [{ 'objekttype': 'Bruger', 'uuid': 'ddc99abd-c1b0-48c2-aef7-74fea841adae', 'virkning': { 'aktoerref': 'ddc99abd-c1b0-48c2-aef7-74fea841adae', 'aktoertypekode': 'Bruger', 'from': '2016-05-19 12:02:32+02', 'from_included': True, 'notetekst': 'Nothing to see here!', 'to': 'infinity', 'to_included': False } }, { 'objekttype': 'Bruger', 'uuid': 'ef2713ee-1a38-4c23-8fcb-3c4331262194', 'virkning': { 'aktoerref': 'ddc99abd-c1b0-48c2-aef7-74fea841adae', 'aktoertypekode': 'Bruger', 'from': '2016-05-19 12:02:32+02', 'from_included': True, 'notetekst': 'Nothing to see here!', 'to': 'infinity', 'to_included': False } }] }, 'tilstande': { 'klassepubliceret': [{ 'publiceret': 'Publiceret', 'virkning': { 'aktoerref': 'ddc99abd-c1b0-48c2-aef7-74fea841adae', 'aktoertypekode': 'Bruger', 'from': '2016-05-19 12:02:32+02', 'from_included': True, 'notetekst': 'Nothing to see here!', 'to': 'infinity', 'to_included': False } }] } } self.assertQueryResponse( '/klassifikation/klasse', expected, uuid=objid, )
def test_adfs(self): def check(expected, status_code): token = util.get_fixture('adfs-assertion.txt').strip() self.assertRequestResponse( '/organisation/organisation?bvn=%', expected, headers={ 'Authorization': token, }, status_code=status_code, ) with freezegun.freeze_time('2018-04-20 18:00:00'): # this test verifies a properly authorised request check( { 'results': [[]], }, 200, ) # now verify that we reject assertions not targeted to us with patch('oio_rest.settings.SAML_MOX_ENTITY_ID', 'https://whatever'): check( { 'message': 'SAML token validation failed: ' 'https://whatever is not a valid audience for this ' 'Assertion, got https://moxdev.atlas.magenta.dk', }, 403, ) # verify that we reject from the wrong issuing IdP with patch('oio_rest.settings.SAML_IDP_ENTITY_ID', 'https://whatever'): check( { 'message': "SAML token validation failed: " "Invalid issuer " "'http://adfs.magenta.dk/adfs/services/trust' " "in the Assertion/Response, expected " "'https://whatever'" }, 403, ) # and we MUST verify the certificate!!! with patch('oio_rest.authentication.__IDP_CERT', util.get_fixture('idp-certificate.pem')): check( { 'message': 'SAML token validation failed: ' 'Signature validation failed. SAML Response rejected. ' 'Signature is invalid.', }, 403, ) # finally, ensure that we reject expired requests with freezegun.freeze_time('2018-04-20 19:00:00'): check( { 'message': 'SAML token validation failed: ' 'Could not validate timestamp: expired. ' 'Check system clock.' }, 403, ) # ..and just-in-case, that we reject future requests as well with freezegun.freeze_time('2018-04-20 17:00:00'): check( { 'message': 'SAML token validation failed: ' 'Could not validate timestamp: not yet valid. ' 'Check system clock.' }, 403, )
class TestAssertionVerification(util.TestCase): '''The intention of these tests are that they should perform an actual validation. Unfortunately, I only had some old assertions available which I couldn't get to validate properly, so instead it merely tests those failures for now. ''' @patch('oio_rest.settings.SAML_IDP_TYPE', 'adfs') @patch('oio_rest.settings.SAML_MOX_ENTITY_ID', 'https://moxdev.atlas.magenta.dk') @patch('oio_rest.settings.SAML_IDP_ENTITY_ID', 'http://adfs.magenta.dk/adfs/services/trust') @patch('oio_rest.settings.SAML_IDP_URL', "https://adfs.magenta.dk/adfs/services/trust/13/UsernameMixed") @patch('oio_rest.settings.SAML_USER_ID_ATTIBUTE', "http://schemas.xmlsoap.org/ws/2005/05/" "identity/claims/privatepersonalidentifier") @patch('oio_rest.authentication.__IDP_CERT', util.get_fixture('adfs-cert.pem')) def test_adfs(self): def check(expected, status_code): token = util.get_fixture('adfs-assertion.txt').strip() self.assertRequestResponse( '/organisation/organisation?bvn=%', expected, headers={ 'Authorization': token, }, status_code=status_code, ) with freezegun.freeze_time('2018-04-20 18:00:00'): # this test verifies a properly authorised request check( { 'results': [[]], }, 200, ) # now verify that we reject assertions not targeted to us with patch('oio_rest.settings.SAML_MOX_ENTITY_ID', 'https://whatever'): check( { 'message': 'SAML token validation failed: ' 'https://whatever is not a valid audience for this ' 'Assertion, got https://moxdev.atlas.magenta.dk', }, 403, ) # verify that we reject from the wrong issuing IdP with patch('oio_rest.settings.SAML_IDP_ENTITY_ID', 'https://whatever'): check( { 'message': "SAML token validation failed: " "Invalid issuer " "'http://adfs.magenta.dk/adfs/services/trust' " "in the Assertion/Response, expected " "'https://whatever'" }, 403, ) # and we MUST verify the certificate!!! with patch('oio_rest.authentication.__IDP_CERT', util.get_fixture('idp-certificate.pem')): check( { 'message': 'SAML token validation failed: ' 'Signature validation failed. SAML Response rejected. ' 'Signature is invalid.', }, 403, ) # finally, ensure that we reject expired requests with freezegun.freeze_time('2018-04-20 19:00:00'): check( { 'message': 'SAML token validation failed: ' 'Could not validate timestamp: expired. ' 'Check system clock.' }, 403, ) # ..and just-in-case, that we reject future requests as well with freezegun.freeze_time('2018-04-20 17:00:00'): check( { 'message': 'SAML token validation failed: ' 'Could not validate timestamp: not yet valid. ' 'Check system clock.' }, 403, ) @patch('oio_rest.settings.SAML_IDP_TYPE', 'wso2') def test_wso2(self): raise unittest.SkipTest('TODO') def test_restrictions(self): raise unittest.SkipTest('TODO')
def test_searching(self): objid = self.load_fixture('/aktivitet/aktivitet', 'aktivitet_opret.json') self.assertRequestResponse( '/aktivitet/aktivitet/{}'.format(objid), { 'uuid': objid, }, json=util.get_fixture('aktivitet_opdater.json'), method='PATCH', ) expected_found = { "results": [ [ objid, ], ], } expected_nothing = { "results": [ [], ], } self.assertRequestResponse( 'aktivitet/aktivitet?bvn=JOGGING', expected_found, ) self.assertRequestResponse( 'aktivitet/aktivitet?bvn=JOGGING&status=Aktiv', expected_found, ) self.assertRequestFails( 'aktivitet/aktivitet?bvn=JOGGING&gyldighed=Aktiv', 400, ) self.assertRequestResponse( 'aktivitet/aktivitet?bvn=JOGGING&status=Aktiv&foersteresultat=0', expected_found, ) self.assertRequestResponse( 'aktivitet/aktivitet?bvn=JOGGING&status=Inaktiv', expected_nothing, ) self.assertRequestResponse( 'aktivitet/aktivitet?bvn=JOGGING&status=Inaktiv', expected_nothing, ) self.assertRequestResponse( 'aktivitet/aktivitet?bvn=JOGGING&maximalantalresultater=0', expected_nothing, )
def test_edit(self): objid = self.load_fixture('/aktivitet/aktivitet', 'aktivitet_opret.json') self.assertRequestResponse( '/aktivitet/aktivitet/{}'.format(objid), { 'uuid': objid, }, json=util.get_fixture('aktivitet_opdater.json'), method='PATCH', ) expected = { 'attributter': { 'aktivitetegenskaber': [ { 'aktivitetnavn': 'XYZ', 'beskrivelse': 'Jogging', 'brugervendtnoegle': 'JOGGING', 'formaal': 'Ja', 'sluttidspunkt': '2016-05-19T16:02:32+02:00', 'starttidspunkt': '2014-05-19T14:02:32+02:00', 'tidsforbrug': '0', 'virkning': { 'aktoerref': 'ddc99abd-c1b0-48c2-aef7-' '74fea841adae', 'aktoertypekode': 'Bruger', 'from': '2016-05-19 12:02:32+02', 'from_included': True, 'to': 'infinity', 'to_included': False, }, }, ], }, 'livscykluskode': 'Rettet', 'note': 'Opdatering', 'relationer': { 'ansvarlig': [ { 'objekttype': 'Bruger', 'uuid': 'abcdeabd-c1b0-48c2-aef7-74fea841adae', 'virkning': { 'aktoerref': 'ddc99abd-c1b0-48c2-aef7-' '74fea841adae', 'aktoertypekode': 'Bruger', 'from': '2016-05-19 12:02:32+02', 'from_included': True, 'notetekst': 'Nothing to see here!', 'to': 'infinity', 'to_included': False, }, }, ], 'deltager': [ { 'aktoerattr': { 'accepteret': 'foreloebigt', 'obligatorisk': 'valgfri', 'repraesentation_uuid': '0e3ed41a-08f2-4967-8689-' 'dce625f93029', }, 'indeks': 1, 'objekttype': 'Bruger', 'uuid': '123deabd-c1b0-48c2-aef7-74fea841adae', 'virkning': { 'aktoerref': 'ddc99abd-c1b0-48c2-aef7-' '74fea841adae', 'aktoertypekode': 'Bruger', 'from': '2014-05-19 12:02:32+02', 'from_included': True, 'notetekst': 'Nothing to see here!', 'to': 'infinity', 'to_included': False, }, }, { 'aktoerattr': { 'accepteret': 'foreloebigt', 'obligatorisk': 'valgfri', 'repraesentation_uuid': '0123d41a-08f2-4967-8689-' 'dce625f93029', }, 'indeks': 2, 'objekttype': 'Bruger', 'uuid': '22345abd-c1b0-48c2-aef7-74fea841adae', 'virkning': { 'aktoerref': 'ddc99abd-c1b0-48c2-aef7-' '74fea841adae', 'aktoertypekode': 'Bruger', 'from': '2014-05-19 12:02:32+02', 'from_included': True, 'notetekst': 'Nothing to see here!', 'to': 'infinity', 'to_included': False, }, }, ], }, 'tilstande': { 'aktivitetpubliceret': [ { 'publiceret': 'Publiceret', 'virkning': { 'aktoerref': 'ddc99abd-c1b0-48c2-aef7-' '74fea841adae', 'aktoertypekode': 'Bruger', 'from': '2014-05-19 12:02:32+02', 'from_included': True, 'notetekst': 'Nothing to see here!', 'to': 'infinity', 'to_included': False, }, }, ], 'aktivitetstatus': [ { 'status': 'Aktiv', 'virkning': { 'aktoerref': 'ddc99abd-c1b0-48c2-aef7-' '74fea841adae', 'aktoertypekode': 'Bruger', 'from': '2014-05-19 12:02:32+02', 'from_included': True, 'notetekst': 'Nothing to see here!', 'to': 'infinity', 'to_included': False, }, }, ], }, } self.assertQueryResponse( '/aktivitet/aktivitet', expected, uuid=objid, )