def test_role_authorizer_off_ledger_signature_pass(idr_cache, req_auth):
authorizer = RolesAuthorizer(cache=idr_cache)
req_auth._identifier = 'id_off_ledger'
authorized, reason = authorizer.authorize(
req_auth,
AuthConstraint(role='*', sig_count=1, off_ledger_signature=True))
assert authorized
def test_role_authorizer_off_ledger_signature_not_pass(idr_cache, req_auth):
authorizer = RolesAuthorizer(cache=idr_cache)
req_auth._identifier = 'id_off_ledger'
authorized, reason = authorizer.authorize(
req_auth,
AuthConstraint(role='*', sig_count=1, off_ledger_signature=False))
assert not authorized
assert "DID id_off_ledger is not found in the Ledger" in reason
def test_signed_by_author_if_more_than_1_sig(idr_cache,
req_multi_signed_by_non_author):
authorizer = RolesAuthorizer(cache=idr_cache)
authorized, reason = authorizer.authorize(
req_multi_signed_by_non_author,
AuthConstraint(role=STEWARD, sig_count=1))
assert not authorized
assert "Author must sign the transaction" in reason
def test_role_authorizer_authorize_with_owner(idr_cache, req_auth, is_owner):
req = Request(identifier=req_auth.identifier,
operation={TARGET_NYM: req_auth.identifier,
TXN_TYPE: NYM},
signature='signature')
authorizer = RolesAuthorizer(cache=idr_cache)
authorized, reason = authorizer.authorize(req,
AuthConstraint(role=STEWARD, sig_count=1, need_to_be_owner=True),
AuthActionAdd(txn_type=NYM, field='some_field', value='some_value', is_owner=is_owner))
assert authorized == is_owner
def test_role_authorizer_off_ledger_signature_count_2_different_pass(
idr_cache, req_auth):
authorizer = RolesAuthorizer(cache=idr_cache)
req_auth.signature = None
req_auth.signatures = {
req_auth.identifier: 'signature',
'another_id_off_ledger': 'another_signature'
}
authorized, reason = authorizer.authorize(
req_auth,
AuthConstraint(role='*', sig_count=2, off_ledger_signature=True))
assert authorized
def test_role_authorizer_not_authorize_unknown_nym(idr_cache):
authorizer = RolesAuthorizer(cache=idr_cache)
unknown_req_auth = Request(identifier="some_unknown_identifier",
reqId=2,
operation=randomOperation(),
signature="signature",
protocolVersion=CURRENT_PROTOCOL_VERSION)
authorized, reason = authorizer.authorize(unknown_req_auth,
AuthConstraint(role=TRUSTEE, sig_count=1))
assert not authorized
assert reason == "sender's DID {} is not found in the Ledger".format(unknown_req_auth.identifier)
def test_role_authorizer_authorize_with_role(idr_cache, req_auth):
authorizer = RolesAuthorizer(cache=idr_cache)
authorized, reason = authorizer.authorize(
req_auth, AuthConstraint(role="SomeRole", sig_count=1))
assert authorized
def test_role_authorizer_not_authorize_role(idr_cache, req_auth):
authorizer = RolesAuthorizer(cache=idr_cache)
authorized, reason = authorizer.authorize(
req_auth, AuthConstraint(role="SomeOtherRole", sig_count=1))
assert not authorized
assert reason == "Unknown role can not do this action"
def test_role_authorizer_not_authorize_role(idr_cache, req_auth):
authorizer = RolesAuthorizer(cache=idr_cache)
authorized, reason = authorizer.authorize(
req_auth, AuthConstraint(role=TRUSTEE, sig_count=1))
assert not authorized
assert reason == "Not enough TRUSTEE signatures"
def test_role_authorizer_not_authorize_role(idr_cache, req_auth):
authorizer = RolesAuthorizer(cache=idr_cache)
authorized, reason = authorizer.authorize(
req_auth, AuthConstraint(role=TRUSTEE, sig_count=1))
assert not authorized
assert reason == "STEWARD can not do this action"
def test_role_authorizer_not_authorize_role(idr_cache, req_auth):
authorizer = RolesAuthorizer(cache=idr_cache)
authorized, reason = authorizer.authorize(
req_auth, AuthConstraint(role="SomeOtherRole", sig_count=1))
assert not authorized
assert reason == "role is not accepted"
def test_no_sign_by_author_if_0_sig(idr_cache, req_multi_signed_by_non_author):
authorizer = RolesAuthorizer(cache=idr_cache)
authorized, reason = authorizer.authorize(
req_multi_signed_by_non_author,
AuthConstraint(role=STEWARD, sig_count=0))
assert authorized
