def test_introspect_audit():
global body
global TUPLE
global num_tokens_before
global token_hash
r = consumer.get_token(body)
access_token = r['response']
assert r['success'] is True
assert None != access_token
assert 60 * 60 * 2 == access_token['expires-in']
token = access_token['token'],
if type(token) == TUPLE:
token = token[0]
s = token.split("/")
assert len(s) == 3
assert s[0] == 'auth.iudx.org.in'
server_token = access_token['server-token'][RS]
if type(server_token) == TUPLE:
server_token = server_token[0]
assert resource_server.introspect_token(token,
server_token)['success'] is True
# introspect once more
assert resource_server.introspect_token(token,
server_token)['success'] is True
# introspect with request
request = [{
"id":
"rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/" + RS +
"/resource-xyz-yzz",
"apis": ["/latest"],
"methods": ["GET"],
"body": {
"key": "some-key"
}
}]
bad_request = [{
"id":
"rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/" + RS +
"/resource-xyz-yzz",
"apis": ["/latest-now"],
"methods": ["POST"],
"body": {
"key": "some-key"
}
}]
assert resource_server.introspect_token(token, server_token,
request)['success'] is True
expect_failure(True)
assert resource_server.introspect_token(token, server_token,
bad_request)['success'] is False
assert resource_server.introspect_token(
token, 'invalid-token-012345678901234567')['success'] is False
assert resource_server.introspect_token(token)['success'] is False
expect_failure(False)
r = provider.audit_tokens(5)
assert r["success"] is True
audit_report = r['response']
as_provider = audit_report["as-provider"]
num_tokens_after = len(as_provider)
# number of tokens before and after request by consumer
assert num_tokens_after > num_tokens_before
token_hash = hashlib.sha256(token.encode('utf-8')).hexdigest()
import os from init import provider from init import resource_server from init import expect_failure RS = "iisc.iudx.org.in" policy = "x can access *" # dummy policy provider.set_policy(policy) invalid_policy = "invalid policy *" expect_failure(True) assert provider.set_policy(invalid_policy)['success'] is False expect_failure(False) r = provider.get_policy()['response']['policy'] assert policy in r assert invalid_policy not in r invalid_policy = "invalid policy *" expect_failure(True) assert provider.append_policy(invalid_policy)['success'] is False expect_failure(False) r = provider.get_policy()['response']['policy'] assert policy in r
def test_revoke_with_token():
global body
global TUPLE
# test revoke API
r = provider.get_token(body)
access_token = r['response']
assert r['success'] is True
assert None != access_token
assert 60 * 60 * 2 == access_token['expires-in']
token = access_token['token']
if type(token) == TUPLE:
token = token[0]
s = token.split("/")
assert len(s) == 3
assert s[0] == 'auth.iudx.org.in'
r = provider.audit_tokens(5)
assert r["success"] is True
audit_report = r['response']
as_consumer = audit_report["as-consumer"]
num_revoked_before = 0
for a in as_consumer:
if a['revoked'] is True:
num_revoked_before = num_revoked_before + 1
r = provider.revoke_tokens(token)
assert r["success"] is True
assert r["response"]["num-tokens-revoked"] >= 1
r = provider.audit_tokens(5)
assert r["success"] is True
audit_report = r['response']
as_consumer = audit_report["as-consumer"]
num_revoked_after = 0
for a in as_consumer:
if a['revoked'] is True:
num_revoked_after = num_revoked_after + 1
assert num_revoked_before < num_revoked_after
new_policy = "*@iisc.ac.in can access * for 1 month"
assert provider.set_policy(new_policy)['success'] is True
body = [{
"id": "rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/rs1/r1",
}, {
"id": "rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/rs1/r2"
}]
r = restricted_consumer.get_token(body)
access_token = r['response']
assert r['success'] is True
assert None != access_token
assert r['response']['expires-in'] == 60 * 60 * 24 * 30 * 1
body = [{
"id": "rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/rs1/r1",
}, {
"id": "rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/rs2/r2"
}]
expect_failure(True)
r = restricted_consumer.get_token(body)
expect_failure(False)
assert r['success'] is False
assert r['status_code'] == 403
# new api tests
new_policy = "*@iisc.ac.in can access * for 5 months"
assert provider.set_policy(new_policy)['success'] is True
body = [
"rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/rs1/r1",
"rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/rs2/r2"
]
r = consumer.get_token(body)
assert r['success'] is True
assert r['response']['expires-in'] == 60 * 60 * 24 * 30 * 5
body = "rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/rs1/r1"
r = consumer.get_token(body)
assert r['success'] is True
assert r['response']['expires-in'] == 60 * 60 * 24 * 30 * 5
body = {
"id": "rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/rs1/r1"
}
r = consumer.get_token(body)
assert r['success'] is True
assert r['response']['expires-in'] == 60 * 60 * 24 * 30 * 5
