def test_delete_tokens_by_non_existent_device_ok(self,
accepted_tenants_devices,
internal_api,
management_api,
device_api):
td = accepted_tenants_devices
tenant_foo_token = make_fake_tenant_token('foo')
da_foo = DevAuthorizer(tenant_token=tenant_foo_token)
d1_foo = td['foo'][0]
token1 = request_token(d1_foo, da_foo, device_api.auth_requests_url)
assert len(token1) > 0
d2_foo = td['foo'][1]
token2 = request_token(d2_foo, da_foo, device_api.auth_requests_url)
assert len(token2) > 0
tenant_bar_token = make_fake_tenant_token('bar')
da_bar = DevAuthorizer(tenant_token=tenant_bar_token)
d1_bar = td['bar'][0]
token3 = request_token(d1_bar, da_bar, device_api.auth_requests_url)
assert len(token2) > 0
verify_url = internal_api.make_api_url("/tokens/verify")
verify_token(token1, 200, verify_url)
verify_token(token2, 200, verify_url)
verify_token(token3, 200, verify_url)
payload = {'device_id': 'foo', 'tenant_id': 'foo'}
rsp = requests.delete(internal_api.make_api_url("/tokens"),
params=payload)
assert rsp.status_code == 204
verify_token(token1, 200, verify_url)
verify_token(token2, 200, verify_url)
verify_token(token3, 200, verify_url)
def test_token_addons(
self, test_case, clean_migrated_db, device_api, management_api, internal_api
):
tenant_token = make_fake_tenant_token(
"123456789012345678901234",
)
dev_auth = DevAuthorizer(tenant_token=tenant_token)
jwt = None
dev = accept_device(device_api, management_api, tenant_token)[1]
with orchestrator.run_fake_for_device_id(1) as server:
jwt = request_token(
dev, dev_auth, device_api.auth_requests_url, test_case["addons"]
)
assert len(jwt) > 0
rsp = requests.post(
internal_api.api_url + "tokens/verify",
data="",
headers={
"Authorization": "Bearer " + jwt,
"X-Forwarded-Uri": test_case.get("forwarded_uri"),
"X-Forwarded-Method": test_case.get("method"),
},
)
assert rsp.status_code == test_case.get("status_code", 200)
def test_delete_tokens_by_non_existent_tenant_ok(self,
accepted_tenants_devices,
internal_api,
management_api,
device_api):
try:
td = accepted_tenants_devices
tenant_foo_token = make_fake_tenant_token("foo")
da_foo = DevAuthorizer(tenant_token=tenant_foo_token)
d1_foo = td["foo"][0]
with orchestrator.run_fake_for_device_id(1) as server:
token1 = request_token(d1_foo, da_foo,
device_api.auth_requests_url)
assert len(token1) > 0
d2_foo = td["foo"][1]
with orchestrator.run_fake_for_device_id(2) as server:
token2 = request_token(d2_foo, da_foo,
device_api.auth_requests_url)
assert len(token2) > 0
tenant_bar_token = make_fake_tenant_token("bar")
da_bar = DevAuthorizer(tenant_token=tenant_bar_token)
d1_bar = td["bar"][0]
with orchestrator.run_fake_for_device_id(1) as server:
token3 = request_token(d1_bar, da_bar,
device_api.auth_requests_url)
assert len(token2) > 0
verify_url = internal_api.make_api_url("/tokens/verify")
verify_token(token1, 200, verify_url)
verify_token(token2, 200, verify_url)
verify_token(token3, 200, verify_url)
dev1 = management_api.find_device_by_identity(
d1_foo.identity, Authorization="Bearer " + tenant_foo_token)
payload = {"tenant_id": "baz"}
rsp = requests.delete(internal_api.make_api_url("/tokens"),
params=payload)
assert rsp.status_code == 204
verify_token(token1, 200, verify_url)
verify_token(token2, 200, verify_url)
verify_token(token3, 200, verify_url)
except bravado.exception.HTTPError as e:
assert e.response.status_code == 204
def test_delete_tokens_by_non_existent_device_ok(self,
accepted_tenants_devices,
internal_api,
management_api,
device_api):
try:
td = accepted_tenants_devices
tenant_foo_token = make_fake_tenant_token('foo')
da_foo = DevAuthorizer(tenant_token=tenant_foo_token)
d1_foo = td['foo'][0]
with orchestrator.run_fake_for_device_id(1) as server:
token1 = request_token(d1_foo, da_foo,
device_api.auth_requests_url)
assert len(token1) > 0
d2_foo = td['foo'][1]
with orchestrator.run_fake_for_device_id(2) as server:
token2 = request_token(d2_foo, da_foo,
device_api.auth_requests_url)
assert len(token2) > 0
tenant_bar_token = make_fake_tenant_token('bar')
da_bar = DevAuthorizer(tenant_token=tenant_bar_token)
d1_bar = td['bar'][0]
with orchestrator.run_fake_for_device_id(1) as server:
token3 = request_token(d1_bar, da_bar,
device_api.auth_requests_url)
assert len(token2) > 0
verify_url = internal_api.make_api_url("/tokens/verify")
verify_token(token1, 200, verify_url)
verify_token(token2, 200, verify_url)
verify_token(token3, 200, verify_url)
payload = {'device_id': 'foo', 'tenant_id': 'foo'}
rsp = requests.delete(internal_api.make_api_url("/tokens"),
params=payload)
assert rsp.status_code == 204
verify_token(token1, 200, verify_url)
verify_token(token2, 200, verify_url)
verify_token(token3, 200, verify_url)
except bravado.exception.HTTPError as e:
assert e.response.status_code == 204
def accepted_tenants_devices(device_api, management_api, clean_migrated_db,
cli, request):
"""Fixture that sets up an accepted devices for tenants. The fixture can
be parametrized with a tenants, number of devices and number of authentication sets.
Yields a dict:
[tenant ID: [device object, ...], ]"""
requested = request.param
tenants_devices = dict()
url = device_api.auth_requests_url
for (tenant, dev_count, auth_count) in requested:
tenant_devices = []
cli.migrate(tenant=tenant)
tenant_token = make_fake_tenant_token(tenant)
for _ in range(int(dev_count)):
d = Device()
for i in range(int(auth_count)):
d.rotate_key()
da = DevAuthorizer(tenant_token=tenant_token)
# poke devauth so that device appears
handlers = [
(
"POST",
"/api/internal/v1/tenantadm/tenants/verify",
lambda _: (
200,
{},
{
"id": "507f191e810c19729de860ea",
"name": "Acme",
},
),
),
]
try:
with orchestrator.run_fake_for_device_id(1) as server:
with mockserver.run_fake(get_fake_tenantadm_addr(),
handlers=handlers) as fake:
rsp = device_auth_req(url, da, d)
assert rsp.status_code == 401
except bravado.exception.HTTPError as e:
assert e.response.status_code == 204
# try to find our devices in all devices listing
dev = management_api.find_device_by_identity(
d.identity, Authorization="Bearer " + tenant_token)
devid = dev.id
for a in dev.auth_sets:
if compare_keys(a.pubkey, d.public_key):
aid = a.id
break
try:
with orchestrator.run_fake_for_device_id(devid) as server:
management_api.accept_device(devid,
aid,
Authorization="Bearer " +
tenant_token)
token = request_token(d, da,
device_api.auth_requests_url)
assert len(token) > 0
except bravado.exception.HTTPError as e:
assert e.response.status_code == 204
assert dev
tenant_devices.append(d)
tenants_devices[tenant] = tenant_devices
yield tenants_devices
def test_check_device_limits(
self, clean_db, cli, device_api, management_api, internal_api, test_case
):
rsp_q_tadm = asyncio.Queue(
maxsize=len(test_case["tenant"]["users"]) + test_case["device_count"]
)
rsp_q_wflows = asyncio.Queue(
maxsize=len(test_case["tenant"]["users"]) + test_case["device_count"]
)
with self.init_service_mocks(wflows_rsp_q=rsp_q_wflows, tadm_rsp_q=rsp_q_tadm):
tenant_token = make_fake_tenant_token(test_case["tenant"]["id"])
internal_api.put_max_devices_limit(
test_case["tenant"]["id"], test_case["tenant"]["device_limit"]
)
for _ in range(test_case["device_count"]):
# POST /api/internal/v1/tenantadm/verify
rsp_q_tadm.put_nowait(
(200, {}, '{"id": "%s", "sub": "user"}' % test_case["tenant"])
)
# POST /api/v1/workflows/update_device_inventory
rsp_q_wflows.put_nowait((201, {}, ""))
# POST /api/v1/workflows/provision_device
rsp_q_wflows.put_nowait((201, {}, ""))
dev = Device()
da = DevAuthorizer(tenant_token=tenant_token)
rsp = device_auth_req(device_api.auth_requests_url, da, dev)
assert rsp.status_code == 401
devs = management_api.list_devices(
status="pending", Authorization="Bearer " + tenant_token
)
for dev in devs:
# POST /api/v1/workflows/update_device_status
rsp_q_wflows.put_nowait((201, {}, ""))
# POST /api/v1/workflows/provision_device
rsp_q_wflows.put_nowait((201, {}, ""))
management_api.put_device_status(
dev["id"],
dev["auth_sets"][0]["id"],
"accepted",
Authorization="Bearer " + tenant_token,
)
if test_case["device_count"] >= (
(test_case["tenant"]["device_limit"] * test_case["threshold"] / 100.0)
):
# GET /api/management/v1/tenantadm/users
usersJSON = json.dumps(test_case["tenant"]["users"])
rsp_q_tadm.put_nowait((200, {}, usersJSON))
usernames = [user["name"] for user in test_case["tenant"]["users"]]
# Verify that workflow is started for each user
for i in range(len(test_case["tenant"]["users"])):
def verify_workflow(handler):
assert handler.request.path.endswith("device_limit_email")
body_json = json.loads(handler.request.body.decode("utf-8"))
assert body_json["to"] in usernames
usernames.remove(body_json["to"])
handler.set_status(201)
# POST /api/v1/workflows/device_limit_email
rsp_q_wflows.put_nowait(verify_workflow)
code, stdout, stderr = cli.check_device_limits()
assert code == 0
# All pushed mock responses should be consumed at this point.
assert (
rsp_q_tadm.empty()
), "TenantAdm mock responses not consumed as expected"
assert (
rsp_q_wflows.empty()
), "Workflows mock responses not consumed as expected"
def devices_mt(management_api, device_api, clean_migrated_db):
with tenantadm_fake_tenant_verify():
for t in TENANTS:
token = make_fake_tenant_token(t)
do_make_devices(management_api, device_api, token)
def test_error_preauth_limit(self, management_api, device_api, devices_mt,
tenant_id):
token = make_fake_tenant_token(tenant_id)
self._do_test_error_preauth_limit(management_api, device_api, token)
def test_ok_preauth(self, management_api, device_api, devices_mt,
tenant_id):
with tenantadm_fake_tenant_verify():
token = make_fake_tenant_token(tenant_id)
self._do_test_ok_preauth(management_api, device_api, token)
