示例#1
0
def test_expired_policy():
    resource_id = set_policy()

    body = {}
    body['request'] = [resource_id]
    r = consumer.get_token(body)
    assert r['success'] is True
    assert r['status_code'] == 200

    access_id = -1

    # find access ID and delete it
    r = provider.get_provider_access()
    assert r['success'] == True
    assert r['status_code'] == 200
    rules = r['response']
    for r in rules:
        if resource_id == r['item']['cat_id']:
            access_id = r['id']
            break

    assert access_id != -1
    assert expire_rule(access_id) is True

    body['request'] = [resource_id]
    r = consumer.get_token(body)
    assert r['success'] is False
    assert r['status_code'] == 403
def test_revoked_rule():
    resource_id = "rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/rs.iudx.io/" + rand_rsg(
    )
    access_req = {
        "user_email": email,
        "user_role": 'consumer',
        "item_id": resource_id,
        "item_type": "resourcegroup",
        "capabilities": ["complex", "subscription", "temporal"]
    }
    r = provider.provider_access([access_req])
    assert r['success'] == True
    assert r['status_code'] == 200

    body = {}
    body['request'] = [resource_id]
    r = consumer.get_token(body)
    assert r['success'] is True
    assert r['status_code'] == 200

    token = r['response']['token']
    r = resource_server.introspect_token(token)
    assert r['success'] is True
    assert r['status_code'] == 200

    # delete rule
    # find access ID and delete it
    r = provider.get_provider_access()
    assert r['success'] == True
    assert r['status_code'] == 200
    rules = r['response']
    for r in rules:
        if resource_id == r['item']['cat_id']:
            access_id = r['id']
            break

    assert access_id != -1
    r = provider.delete_rule([{'id': access_id}])
    assert r['success'] == True
    assert r['status_code'] == 200

    r = resource_server.introspect_token(token)
    assert r['success'] is False
    assert r['status_code'] == 403
示例#3
0
def test_update_token_revoked_resource():
    resource_id_1 = set_policy()

    body = {}
    body['request'] = [resource_id_1]
    r = consumer.get_token(body)
    assert r['success'] is True
    assert r['status_code'] == 200

    token = r['response']['token']
    s = token.split("/")
    uuid = s[3]

    access_id = -1
    # find access ID and delete it
    r = provider.get_provider_access()
    assert r['success'] == True
    assert r['status_code'] == 200
    rules = r['response']
    for r in rules:
        if resource_id_1 == r['item']['cat_id']:
            access_id = r['id']
            break

    assert access_id != -1
    r = provider.delete_rule([{'id': access_id}])
    assert r['success'] == True
    assert r['status_code'] == 200

    body['request'] = [{'token': uuid, 'resources': [resource_id_1]}]
    r = consumer.update_token(body)
    assert r['success'] is False
    assert r['status_code'] == 403

    # add another resource
    resource_id_2 = set_policy()

    body['request'] = [{'token': uuid, 'resources': [resource_id_2]}]
    r = consumer.update_token(body)
    assert r['success'] is True
    assert r['status_code'] == 200

    # resource_id is not deleted, since it was already revoked by provider
    assert len(r['response'][0]['deleted_resources']) == 0
示例#4
0
def test_get_tokens_revoked_resource():
    resource_id = set_policy()

    body = {}
    body['request'] = [resource_id]
    r = consumer.get_token(body)
    assert r['success'] is True
    assert r['status_code'] == 200

    token = r['response']['token']
    s = token.split("/")
    uuid = s[3]

    access_id = -1

    # find access ID and delete it
    r = provider.get_provider_access()
    assert r['success'] == True
    assert r['status_code'] == 200
    rules = r['response']
    for r in rules:
        if resource_id == r['item']['cat_id']:
            access_id = r['id']
            break

    assert access_id != -1
    r = provider.delete_rule([{'id': access_id}])
    assert r['success'] == True
    assert r['status_code'] == 200

    r = consumer.view_tokens()

    check = False
    for tokens in r['response']:
        if uuid == tokens['uuid']:
            assert tokens['request'][0]['status'] == 'revoked'
            check = True

    assert check is True
示例#5
0
def test_existing_token_deleted_resource():
    resource_id = set_policy()
    body = {}
    body['request'] = [resource_id]
    r = consumer.get_token(body)
    assert r['success'] is True
    assert r['status_code'] == 200

    token = r['response']['token']
    s = token.split("/")
    uuid = s[3]

    access_id = -1

    # find access ID and delete it
    r = provider.get_provider_access()
    assert r['success'] == True
    assert r['status_code'] == 200
    rules = r['response']
    for r in rules:
        if resource_id == r['item']['cat_id']:
            access_id = r['id']
            break

    # expire the token to allow existing_token flow
    assert expire_token(uuid) is True

    assert access_id != -1
    r = provider.delete_rule([{'id': access_id}])
    assert r['success'] == True
    assert r['status_code'] == 200

    body = {'existing_token': uuid}
    r = consumer.get_token(body)
    assert r['success'] is False
    assert r['status_code'] == 403
def test_deleted_cap():
    with open('../capabilities.json') as f:
        caps = json.load(f)
        all_caps = list(caps['rs.iudx.io']['consumer'].keys())
        all_apis = set()
        apis = list(caps['rs.iudx.io']['consumer'].values())

        for i in apis:
            all_apis.update(i)

        resource_id = "rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/rs.iudx.io/" + rand_rsg(
        )
        access_req = {
            "user_email": email,
            "user_role": 'consumer',
            "item_id": resource_id,
            "item_type": "resourcegroup",
            "capabilities": all_caps
        }
        r = provider.provider_access([access_req])
        assert r['success'] == True
        assert r['status_code'] == 200

        body = {}
        body['request'] = [resource_id]
        r = consumer.get_token(body)
        assert r['success'] is True
        assert r['status_code'] == 200

        token = r['response']['token']
        r = resource_server.introspect_token(token)
        assert r['success'] is True
        assert r['status_code'] == 200

        resp = r['response']

        all_apis = {
            str.replace('{{RESOURCE_GROUP_ID}}', resource_id)
            for str in all_apis
        }
        assert len(resp['request']) == 1
        assert resp['request'][0]['id'] == resource_id + '/*'
        assert set(resp['request'][0]['apis']) == all_apis

        # delete subscription capability and then introspect
        # find access ID and delete it
        access_id = -1
        r = provider.get_provider_access()
        assert r['success'] == True
        assert r['status_code'] == 200
        rules = r['response']
        for r in rules:
            if r['item'] and resource_id == r['item']['cat_id']:
                access_id = r['id']
                break

        assert access_id != -1
        r = provider.delete_rule([{
            'id': access_id,
            'capabilities': ['subscription']
        }])
        assert r['success'] == True
        assert r['status_code'] == 200

        subscription_api = caps['rs.iudx.io']['consumer']['subscription'][0]

        r = resource_server.introspect_token(token)
        assert r['success'] is True
        assert r['status_code'] == 200

        resp = r['response']

        assert len(resp['request']) == 1
        assert resp['request'][0]['id'] == resource_id + '/*'
        assert subscription_api not in set(resp['request'][0]['apis'])