def test_expired_policy():
resource_id = set_policy()
body = {}
body['request'] = [resource_id]
r = consumer.get_token(body)
assert r['success'] is True
assert r['status_code'] == 200
access_id = -1
# find access ID and delete it
r = provider.get_provider_access()
assert r['success'] == True
assert r['status_code'] == 200
rules = r['response']
for r in rules:
if resource_id == r['item']['cat_id']:
access_id = r['id']
break
assert access_id != -1
assert expire_rule(access_id) is True
body['request'] = [resource_id]
r = consumer.get_token(body)
assert r['success'] is False
assert r['status_code'] == 403
def test_revoked_rule():
resource_id = "rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/rs.iudx.io/" + rand_rsg(
)
access_req = {
"user_email": email,
"user_role": 'consumer',
"item_id": resource_id,
"item_type": "resourcegroup",
"capabilities": ["complex", "subscription", "temporal"]
}
r = provider.provider_access([access_req])
assert r['success'] == True
assert r['status_code'] == 200
body = {}
body['request'] = [resource_id]
r = consumer.get_token(body)
assert r['success'] is True
assert r['status_code'] == 200
token = r['response']['token']
r = resource_server.introspect_token(token)
assert r['success'] is True
assert r['status_code'] == 200
# delete rule
# find access ID and delete it
r = provider.get_provider_access()
assert r['success'] == True
assert r['status_code'] == 200
rules = r['response']
for r in rules:
if resource_id == r['item']['cat_id']:
access_id = r['id']
break
assert access_id != -1
r = provider.delete_rule([{'id': access_id}])
assert r['success'] == True
assert r['status_code'] == 200
r = resource_server.introspect_token(token)
assert r['success'] is False
assert r['status_code'] == 403
def test_update_token_revoked_resource():
resource_id_1 = set_policy()
body = {}
body['request'] = [resource_id_1]
r = consumer.get_token(body)
assert r['success'] is True
assert r['status_code'] == 200
token = r['response']['token']
s = token.split("/")
uuid = s[3]
access_id = -1
# find access ID and delete it
r = provider.get_provider_access()
assert r['success'] == True
assert r['status_code'] == 200
rules = r['response']
for r in rules:
if resource_id_1 == r['item']['cat_id']:
access_id = r['id']
break
assert access_id != -1
r = provider.delete_rule([{'id': access_id}])
assert r['success'] == True
assert r['status_code'] == 200
body['request'] = [{'token': uuid, 'resources': [resource_id_1]}]
r = consumer.update_token(body)
assert r['success'] is False
assert r['status_code'] == 403
# add another resource
resource_id_2 = set_policy()
body['request'] = [{'token': uuid, 'resources': [resource_id_2]}]
r = consumer.update_token(body)
assert r['success'] is True
assert r['status_code'] == 200
# resource_id is not deleted, since it was already revoked by provider
assert len(r['response'][0]['deleted_resources']) == 0
def test_get_tokens_revoked_resource():
resource_id = set_policy()
body = {}
body['request'] = [resource_id]
r = consumer.get_token(body)
assert r['success'] is True
assert r['status_code'] == 200
token = r['response']['token']
s = token.split("/")
uuid = s[3]
access_id = -1
# find access ID and delete it
r = provider.get_provider_access()
assert r['success'] == True
assert r['status_code'] == 200
rules = r['response']
for r in rules:
if resource_id == r['item']['cat_id']:
access_id = r['id']
break
assert access_id != -1
r = provider.delete_rule([{'id': access_id}])
assert r['success'] == True
assert r['status_code'] == 200
r = consumer.view_tokens()
check = False
for tokens in r['response']:
if uuid == tokens['uuid']:
assert tokens['request'][0]['status'] == 'revoked'
check = True
assert check is True
def test_existing_token_deleted_resource():
resource_id = set_policy()
body = {}
body['request'] = [resource_id]
r = consumer.get_token(body)
assert r['success'] is True
assert r['status_code'] == 200
token = r['response']['token']
s = token.split("/")
uuid = s[3]
access_id = -1
# find access ID and delete it
r = provider.get_provider_access()
assert r['success'] == True
assert r['status_code'] == 200
rules = r['response']
for r in rules:
if resource_id == r['item']['cat_id']:
access_id = r['id']
break
# expire the token to allow existing_token flow
assert expire_token(uuid) is True
assert access_id != -1
r = provider.delete_rule([{'id': access_id}])
assert r['success'] == True
assert r['status_code'] == 200
body = {'existing_token': uuid}
r = consumer.get_token(body)
assert r['success'] is False
assert r['status_code'] == 403
def test_deleted_cap():
with open('../capabilities.json') as f:
caps = json.load(f)
all_caps = list(caps['rs.iudx.io']['consumer'].keys())
all_apis = set()
apis = list(caps['rs.iudx.io']['consumer'].values())
for i in apis:
all_apis.update(i)
resource_id = "rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/rs.iudx.io/" + rand_rsg(
)
access_req = {
"user_email": email,
"user_role": 'consumer',
"item_id": resource_id,
"item_type": "resourcegroup",
"capabilities": all_caps
}
r = provider.provider_access([access_req])
assert r['success'] == True
assert r['status_code'] == 200
body = {}
body['request'] = [resource_id]
r = consumer.get_token(body)
assert r['success'] is True
assert r['status_code'] == 200
token = r['response']['token']
r = resource_server.introspect_token(token)
assert r['success'] is True
assert r['status_code'] == 200
resp = r['response']
all_apis = {
str.replace('{{RESOURCE_GROUP_ID}}', resource_id)
for str in all_apis
}
assert len(resp['request']) == 1
assert resp['request'][0]['id'] == resource_id + '/*'
assert set(resp['request'][0]['apis']) == all_apis
# delete subscription capability and then introspect
# find access ID and delete it
access_id = -1
r = provider.get_provider_access()
assert r['success'] == True
assert r['status_code'] == 200
rules = r['response']
for r in rules:
if r['item'] and resource_id == r['item']['cat_id']:
access_id = r['id']
break
assert access_id != -1
r = provider.delete_rule([{
'id': access_id,
'capabilities': ['subscription']
}])
assert r['success'] == True
assert r['status_code'] == 200
subscription_api = caps['rs.iudx.io']['consumer']['subscription'][0]
r = resource_server.introspect_token(token)
assert r['success'] is True
assert r['status_code'] == 200
resp = r['response']
assert len(resp['request']) == 1
assert resp['request'][0]['id'] == resource_id + '/*'
assert subscription_api not in set(resp['request'][0]['apis'])