def setUpClass(cls):
super().setUpClass()
tenants = {
'items': [
{
'uuid': MAIN_TENANT,
'name': 'first'
},
{
'uuid': TENANT_UUID_2,
'name': 'second'
},
]
}
mock_auth_client = MockAuthClient('127.0.0.1',
cls.service_port(9497, 'auth'))
user_token_1 = MockUserToken.some_token(
metadata={'tenant_uuid': tenants['items'][0]['uuid']})
user_token_2 = MockUserToken.some_token(
metadata={'tenant_uuid': tenants['items'][1]['uuid']})
user_token_3 = MockUserToken.some_token(
metadata={'tenant_uuid': tenants['items'][0]['uuid']})
mock_auth_client.set_token(user_token_1)
mock_auth_client.set_token(user_token_2)
mock_auth_client.set_token(user_token_3)
mock_auth_client.set_tenants(tenants)
cls.token_1 = user_token_1.token_id
cls.token_2 = user_token_2.token_id
cls.token_3 = user_token_3.token_id
def setUpClass(cls):
super().setUpClass()
mock_auth_client = MockAuthClient('127.0.0.1', cls.service_port(9497, 'auth'))
tenant_uuid = MAIN_TENANT
valid_token_1 = MockUserToken.some_token(
token=VALID_TOKEN_1, metadata={'tenant_uuid': tenant_uuid}
)
valid_token_2 = MockUserToken.some_token(
token=VALID_TOKEN_2, metadata={'tenant_uuid': tenant_uuid}
)
mock_auth_client.set_token(valid_token_1)
mock_auth_client.set_token(valid_token_2)
mock_auth_client.set_tenants({'items': [{'uuid': tenant_uuid}]})
def create_token(cls):
if isinstance(cls.auth, WrongClient):
return
token = MockUserToken(
str(TOKEN_UUID),
str(TOKEN_USER_UUID),
metadata={
'uuid': str(TOKEN_USER_UUID),
'tenant_uuid': str(TOKEN_TENANT_UUID),
},
)
cls.auth.set_token(token)
credential = MockCredentials('chatd-service', 'chatd-password')
cls.auth.set_valid_credentials(credential, str(TOKEN_UUID))
cls.auth.set_tenants(
{
'uuid': str(TOKEN_TENANT_UUID),
'name': 'name1',
'parent_uuid': str(TOKEN_TENANT_UUID),
},
{
'uuid': str(TOKEN_SUBTENANT_UUID),
'name': 'name2',
'parent_uuid': str(TOKEN_TENANT_UUID),
},
)
def configure_wazo_auth(cls):
cls.mock_auth_client = cls.make_mock_auth()
credentials = MockCredentials('dird-service', 'dird-password')
cls.mock_auth_client.set_valid_credentials(credentials,
VALID_TOKEN_MAIN_TENANT)
cls.mock_auth_client.set_token(
MockUserToken(
VALID_TOKEN_MAIN_TENANT,
MAIN_USER_UUID,
WAZO_UUID,
{
'tenant_uuid': MAIN_TENANT,
'uuid': MAIN_USER_UUID
},
))
cls.mock_auth_client.set_token(
MockUserToken(
VALID_TOKEN_SUB_TENANT,
USER_1_UUID,
WAZO_UUID,
{
'tenant_uuid': SUB_TENANT,
'uuid': USER_1_UUID
},
))
cls.mock_auth_client.set_token(
MockUserToken(
USER_2_TOKEN,
USER_2_UUID,
WAZO_UUID,
{
"tenant_uuid": SUB_TENANT,
"uuid": USER_2_UUID
},
))
cls.mock_auth_client.set_tenants(
{
'uuid': MAIN_TENANT,
'name': 'dird-tests-master',
'parent_uuid': MAIN_TENANT,
},
{
'uuid': SUB_TENANT,
'name': 'dird-tests-users',
'parent_uuid': MAIN_TENANT,
},
)
def configure_wazo_auth(cls):
key_file = parse_config_file(
os.path.join(cls.assets_root, 'auth_keys', 'wazo-phoned-key.yml'))
mock_auth = cls.make_mock_auth()
mock_auth.set_valid_credentials(
MockCredentials(key_file['service_id'], key_file['service_key']),
MASTER_TOKEN,
)
mock_auth.set_token(
MockUserToken(
MASTER_TOKEN,
MASTER_USER_UUID,
WAZO_UUID,
{
'tenant_uuid': MASTER_TENANT,
'uuid': MASTER_USER_UUID
},
))
mock_auth.set_token(
MockUserToken(
USER_1_TOKEN,
USER_1_UUID,
WAZO_UUID,
{
'tenant_uuid': USERS_TENANT,
'uuid': USER_1_UUID
},
))
mock_auth.set_tenants(
{
'uuid': MASTER_TENANT,
'name': 'phoned-tests-master',
'parent_uuid': MASTER_TENANT,
},
{
'uuid': USERS_TENANT,
'name': 'phoned-tests-users',
'parent_uuid': MASTER_TENANT,
},
)
auth = cls.make_auth()
auth.users.new(
uuid=USER_1_UUID,
tenant_uuid=USERS_TENANT,
)
def create_user_token(cls, user_uuid):
token_uuid = str(uuid.uuid4())
token = MockUserToken(
token_uuid,
user_uuid,
metadata={'uuid': user_uuid, 'tenant_uuid': TOKEN_TENANT_UUID},
)
cls.auth.set_token(token)
cls.agentd.set_token(token_uuid)
return token_uuid
def _create_user(self):
self.mock_auth_client.set_tenants(
{
'total': 1,
'filtered': 1,
'items': [{'uuid': self.tenant_uuid, 'name': self.tenant_name}],
}
)
token = MockUserToken.some_token(metadata={'tenant_uuid': self.tenant_uuid})
self.mock_auth_client.set_token(token)
return token.token_id
def test_that_a_token_with_no_user_uuid_returns_401(self):
mock_auth_client = MockAuthClient('127.0.0.1', self.service_port(9497, 'auth'))
tenant_uuid = MAIN_TENANT
invalid_token_uuid = str(uuid.uuid4())
invalid_token = MockUserToken.some_token(
token=invalid_token_uuid,
metadata={'uuid': None, 'tenant_uuid': tenant_uuid},
)
mock_auth_client.set_token(invalid_token)
result = self.get_personal_result('unknown-id', token=invalid_token_uuid)
assert_that(result, has_properties(status_code=401))
def _configure_auth(cls):
cls.auth = MockAuthClient('127.0.0.1', cls.service_port(9497, 'auth'))
main_tenant_token = MockUserToken.some_token(metadata={
'uuid': 'my-user-uuid',
'tenant_uuid': MAIN_TENANT
})
cls.auth.set_token(main_tenant_token)
cls.main_tenant_token = main_tenant_token.token_id
cls.dird = DirdClient('127.0.0.1',
cls.service_port(9489, 'dird'),
prefix=None,
https=False)
cls.dird.set_token(cls.main_tenant_token)
def make_token(self,
*,
token_uuid=None,
user_uuid=None,
tenant_uuid=TENANT1_UUID,
session_uuid='my-session-uuid',
acl=['websocketd']):
metadata = {'tenant_uuid': str(tenant_uuid)}
if token_uuid is None:
token = MockUserToken.some_token(session_uuid=str(session_uuid),
acl=acl,
metadata=metadata)
else:
token = MockUserToken(
str(token_uuid),
str(user_uuid),
session_uuid=str(session_uuid),
metadata=metadata,
acl=acl,
)
self._client.set_token(token)
return token.token_id
def setup_token(cls):
cls.mock_auth = MockAuthClient('127.0.0.1',
cls.service_port(9497, 'auth'))
token = MockUserToken(
TOKEN,
'user_uuid',
metadata={
'uuid': USER_UUID,
'tenant_uuid': MAIN_TENANT
},
)
cls.mock_auth.set_token(token)
token = MockUserToken(
TOKEN_SUB_TENANT,
'user_uuid',
metadata={
'uuid': 'user_uuid',
'tenant_uuid': SUB_TENANT
},
)
cls.mock_auth.set_token(token)
cls._reset_auth_tenants()
def create_confd(cls, headers=None, encoder=None, user_uuid=None):
token_id = None
if user_uuid:
token = MockUserToken.some_token(
user_uuid=user_uuid,
metadata={
'uuid': user_uuid,
'tenant_uuid': MAIN_TENANT
},
)
cls.mock_auth.set_token(token)
token_id = token.token_id
client = cls.new_client(headers, encoder, token=token_id)
return client.url
def create_token(cls):
cls.auth = cls.make_auth()
if not cls.auth:
return
token = MockUserToken(
TOKEN_UUID,
TOKEN_USER_UUID,
metadata={'uuid': TOKEN_USER_UUID, 'tenant_uuid': TOKEN_TENANT_UUID},
)
cls.auth.set_token(token)
cls.auth.set_tenants(
{
'uuid': TOKEN_TENANT_UUID,
'name': 'name1',
'parent_uuid': TOKEN_TENANT_UUID,
}
)
def setUpClass(cls):
super().setUpClass()
mock_auth_client = MockAuthClient('127.0.0.1', cls.service_port(9497, 'auth'))
tenant_uuid = MAIN_TENANT
try:
auth_port = cls.service_port(9497, 'auth')
auth_client = AuthClient('127.0.0.1', auth_port, prefix=None, https=False)
auth_client.users.new(
uuid=VALID_UUID_1, tenant_uuid=MAIN_TENANT, username='******'
)
except Exception:
pass
valid_token_1 = MockUserToken(
token=VALID_TOKEN_1,
user_uuid=VALID_UUID_1,
metadata={'uuid': VALID_UUID_1, 'tenant_uuid': tenant_uuid},
)
mock_auth_client.set_token(valid_token_1)
def test_authentication(self):
# Wrong token
self.dird.set_token(None)
query = {'query': '{ hello }'}
response = self.dird.graphql.query(query)
assert_that(
response['errors'],
contains(
has_entries({
'path': ['hello'],
'message':
'Unauthorized',
'extensions':
has_entry('error_id', 'unauthorized'),
})),
)
# Token without ACL
self.dird.set_token(VALID_TOKEN_NO_ACL)
query = {'query': '{ hello }'}
response = self.dird.graphql.query(query)
assert_that(
response['errors'],
contains(
has_entries({
'path': ['hello'],
'message':
'Unauthorized',
'extensions':
has_entry('error_id', 'unauthorized'),
})),
)
# Valid token get subfield
token = MockUserToken.some_token(
user_uuid='my-user-uuid',
metadata={'tenant_uuid': MAIN_TENANT},
acl=['dird.graphql.me'],
)
self.auth.set_token(token)
query = {'query': '{ me { userUuid } }'}
self.dird.set_token(token.token_id)
response = self.dird.graphql.query(query)
assert response == {'data': {'me': {'userUuid': 'my-user-uuid'}}}
# Valid token
self.dird.set_token(VALID_TOKEN)
query = {'query': '{ hello }'}
response = self.dird.graphql.query(query)
assert response == {'data': {'hello': 'world'}}
# No token needed for __schema
self.dird.set_token(None)
query = {'query': '{ __schema { queryType { name }}}'}
response = self.dird.graphql.query(query)
assert response == {
'data': {
'__schema': {
'queryType': {
'name': 'Query'
}
}
}
}
def configure_wazo_auth_for_multitenants(cls):
# NOTE(sileht): This creates a tenant tree and associated users
cls.auth.set_token(
MockUserToken(
MASTER_TOKEN,
MASTER_USER_UUID,
WAZO_UUID,
{
"tenant_uuid": MASTER_TENANT,
"uuid": MASTER_USER_UUID
},
))
cls.auth.set_token(
MockUserToken(
USER_1_TOKEN,
USER_1_UUID,
WAZO_UUID,
{
"tenant_uuid": USERS_TENANT,
"uuid": USER_1_UUID
},
))
cls.auth.set_token(
MockUserToken(
USER_2_TOKEN,
USER_2_UUID,
WAZO_UUID,
{
"tenant_uuid": USERS_TENANT,
"uuid": USER_2_UUID
},
))
cls.auth.set_token(
MockUserToken(
OTHER_USER_TOKEN,
OTHER_USER_UUID,
WAZO_UUID,
{
"tenant_uuid": OTHER_TENANT,
"uuid": OTHER_USER_UUID
},
))
cls.auth.set_valid_credentials(
MockCredentials(EXPORT_SERVICE_ID, EXPORT_SERVICE_KEY),
MASTER_TOKEN,
)
cls.auth.set_tenants(
{
'uuid': MASTER_TENANT,
'name': 'call-logd-tests-master',
'parent_uuid': MASTER_TENANT,
},
{
'uuid': USERS_TENANT,
'name': 'call-logd-tests-users',
'parent_uuid': MASTER_TENANT,
},
{
'uuid': OTHER_TENANT,
'name': 'call-logd-tests-other',
'parent_uuid': MASTER_TENANT,
},
)