def test_valid_token(): resource_id = "rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/rs.iudx.io/" + rand_rsg( ) access_req = { "user_email": email, "user_role": 'consumer', "item_id": resource_id, "item_type": "resourcegroup", "capabilities": ["complex", "subscription", "temporal"] } r = provider.provider_access([access_req]) assert r['success'] == True assert r['status_code'] == 200 body = {} body['request'] = [resource_id] r = consumer.get_token(body) assert r['success'] is True assert r['status_code'] == 200 token = r['response']['token'] r = resource_server.introspect_token(token) assert r['success'] is True assert r['status_code'] == 200 response = r['response'] assert response['consumer'] == token.split('/')[1] assert response['request'][0][ 'id'] == resource_id + '/*' # since its res group assert len(response['request'][0]['apis']) > 1
def test_token_belonging_diff_server(): resource_id = "rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/file.iudx.io/" + rand_rsg( ) access_req = { "user_email": email, "user_role": 'consumer', "item_id": resource_id, "item_type": "resourcegroup", "capabilities": ["download"] } r = provider.provider_access([access_req]) assert r['success'] == True assert r['status_code'] == 200 body = {} body['request'] = [resource_id] r = consumer.get_token(body) assert r['success'] is True assert r['status_code'] == 200 token = r['response']['token'] r = resource_server.introspect_token(token) assert r['success'] is False assert r['status_code'] == 403 r = file_server.introspect_token(token) assert r['success'] is True assert r['status_code'] == 200 assert len(r['response']['request']) == 1
def test_different_items(): resource_id = "rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/rs.iudx.io/" + rand_rsg( ) access_req = { "user_email": email, "user_role": 'consumer', "item_id": resource_id, "item_type": "resourcegroup", "capabilities": ["complex", "subscription", "temporal"] } r = provider.provider_access([access_req]) body = {} body['request'] = [ resource_id, resource_id + "/item-1", resource_id + "/item-2/item-3" ] r = consumer.get_token(body) assert r['success'] is True assert r['status_code'] == 200 token = r['response']['token'] r = resource_server.introspect_token(token) assert r['success'] is True assert r['status_code'] == 200 assert len(r['response']['request']) == 3 for i in r['response']['request']: assert i['id'] in [ resource_id + '/*', resource_id + "/item-1", resource_id + "/item-2/item-3" ]
def test_ingester_file(): with open('../capabilities.json') as f: caps = json.load(f) for cap, apis in caps['file.iudx.io']['data ingester'].items(): resource_id = "rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/file.iudx.io/" + rand_rsg( ) access_req = { "user_email": email, "user_role": 'data ingester', "item_id": resource_id, "item_type": "resourcegroup" } r = provider.provider_access([access_req]) assert r['success'] == True assert r['status_code'] == 200 body = {} body['request'] = [resource_id] r = consumer.get_token(body) assert r['success'] is True assert r['status_code'] == 200 token = r['response']['token'] r = file_server.introspect_token(token) assert r['success'] is True assert r['status_code'] == 200 resp = r['response'] assert len(resp['request']) == 1 assert resp['request'][0]['id'] == resource_id + '/*' assert set(resp['request'][0]['apis']) == set(apis)
def test_expired_token(): resource_id = "rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/rs.iudx.io/" + rand_rsg( ) access_req = { "user_email": email, "user_role": 'consumer', "item_id": resource_id, "item_type": "resourcegroup", "capabilities": ["complex", "subscription", "temporal"] } r = provider.provider_access([access_req]) assert r['success'] == True assert r['status_code'] == 200 body = {} body['request'] = [resource_id] r = consumer.get_token(body) assert r['success'] is True assert r['status_code'] == 200 token = r['response']['token'] r = resource_server.introspect_token(token) assert r['success'] is True assert r['status_code'] == 200 assert len(r['response']['request']) == 1 s = token.split("/") uuid = s[3] assert expire_token(uuid) is True r = resource_server.introspect_token(token) assert r['success'] is False assert r['status_code'] == 403
def test_consumer_ingester_same_resource(): with open('../capabilities.json') as f: caps = json.load(f) all_caps = list(caps['rs.iudx.io']['consumer'].keys()) all_apis = set() consumer_apis = list(caps['rs.iudx.io']['consumer'].values()) ingester_apis = list(caps['rs.iudx.io']['data ingester']['default']) for i in consumer_apis: all_apis.update(i) all_apis.update(ingester_apis) resource_id = "rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/rs.iudx.io/" + rand_rsg( ) access_req_c = { "user_email": email, "user_role": 'consumer', "item_id": resource_id, "item_type": "resourcegroup", "capabilities": all_caps } access_req_di = { "user_email": email, "user_role": 'data ingester', "item_id": resource_id, "item_type": "resourcegroup" } r = provider.provider_access([access_req_c, access_req_di]) assert r['success'] == True assert r['status_code'] == 200 body = {} body['request'] = [resource_id] r = consumer.get_token(body) assert r['success'] is True assert r['status_code'] == 200 token = r['response']['token'] r = resource_server.introspect_token(token) assert r['success'] is True assert r['status_code'] == 200 check = False all_apis = { str.replace('{{RESOURCE_GROUP_ID}}', resource_id) for str in all_apis } assert len(r['response']['request']) == 1 for i in r['response']['request']: assert i['id'] == resource_id + '/*' if all_apis == set(i['apis']): check = True assert check is True
def set_policy(): resource_id = "rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/rs.iudx.io/" + rand_rsg( ) access_req = { "user_email": email, "user_role": 'consumer', "item_id": resource_id, "item_type": "resourcegroup", "capabilities": ["complex", "subscription", "temporal"] } r = provider.provider_access([access_req]) assert r['success'] == True assert r['status_code'] == 200 return resource_id
def test_rs_all_caps(): with open('../capabilities.json') as f: caps = json.load(f) all_caps = list(caps['rs.iudx.io']['consumer'].keys()) all_apis = set() apis = list(caps['rs.iudx.io']['consumer'].values()) for i in apis: all_apis.update(i) resource_id = "rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/rs.iudx.io/" + rand_rsg( ) access_req = { "user_email": email, "user_role": 'consumer', "item_id": resource_id, "item_type": "resourcegroup", "capabilities": all_caps } r = provider.provider_access([access_req]) assert r['success'] == True assert r['status_code'] == 200 all_apis = { str.replace('{{RESOURCE_GROUP_ID}}', resource_id) for str in all_apis } body = {} body['request'] = [resource_id] r = consumer.get_token(body) assert r['success'] is True assert r['status_code'] == 200 token = r['response']['token'] r = resource_server.introspect_token(token) assert r['success'] is True assert r['status_code'] == 200 resp = r['response'] assert len(resp['request']) == 1 assert resp['request'][0]['id'] == resource_id + '/*' assert set(resp['request'][0]['apis']) == all_apis
def test_revoked_rule(): resource_id = "rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/rs.iudx.io/" + rand_rsg( ) access_req = { "user_email": email, "user_role": 'consumer', "item_id": resource_id, "item_type": "resourcegroup", "capabilities": ["complex", "subscription", "temporal"] } r = provider.provider_access([access_req]) assert r['success'] == True assert r['status_code'] == 200 body = {} body['request'] = [resource_id] r = consumer.get_token(body) assert r['success'] is True assert r['status_code'] == 200 token = r['response']['token'] r = resource_server.introspect_token(token) assert r['success'] is True assert r['status_code'] == 200 # delete rule # find access ID and delete it r = provider.get_provider_access() assert r['success'] == True assert r['status_code'] == 200 rules = r['response'] for r in rules: if resource_id == r['item']['cat_id']: access_id = r['id'] break assert access_id != -1 r = provider.delete_rule([{'id': access_id}]) assert r['success'] == True assert r['status_code'] == 200 r = resource_server.introspect_token(token) assert r['success'] is False assert r['status_code'] == 403
def test_onboarder_token(): access_req = {"user_email": email, "user_role": 'onboarder'} r = provider.provider_access([access_req]) assert r['success'] == True assert r['status_code'] == 200 body = {} resource_id = "rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/catalogue.iudx.io/catalogue/crud" body['request'] = [resource_id] r = consumer.get_token(body) assert r['success'] is True assert r['status_code'] == 200 token = r['response']['token'] r = catalogue_server.introspect_token(token) assert r['success'] is True assert r['status_code'] == 200 resp = r['response'] assert len(resp['request']) == 1 assert resp['request'][0]['id'] == resource_id assert len(resp['request'][0]['apis']) == 0
def test_same_resource_same_user_diff_role(): # policy set for same resource for a user registered as consumer # and data ingester. Getting a token for the resource will result # in a token with '2' resources, one reflecting the consumer # policy, the other for the ingester policy resource_id = set_policy() access_req = { "user_email": email, "user_role": 'data ingester', "item_id": resource_id, "item_type": "resourcegroup" } r = provider.provider_access([access_req]) assert r['success'] == True assert r['status_code'] == 200 body = {} body['request'] = [resource_id] r = consumer.get_token(body) assert r['success'] is True assert r['status_code'] == 200 token = r['response']['token'] s = token.split("/") uuid = s[3] r = consumer.view_tokens() check = False for tokens in r['response']: if uuid == tokens['uuid']: assert len(tokens['request']) == 2 check = True assert check is True
def test_deleted_cap(): with open('../capabilities.json') as f: caps = json.load(f) all_caps = list(caps['rs.iudx.io']['consumer'].keys()) all_apis = set() apis = list(caps['rs.iudx.io']['consumer'].values()) for i in apis: all_apis.update(i) resource_id = "rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/rs.iudx.io/" + rand_rsg( ) access_req = { "user_email": email, "user_role": 'consumer', "item_id": resource_id, "item_type": "resourcegroup", "capabilities": all_caps } r = provider.provider_access([access_req]) assert r['success'] == True assert r['status_code'] == 200 body = {} body['request'] = [resource_id] r = consumer.get_token(body) assert r['success'] is True assert r['status_code'] == 200 token = r['response']['token'] r = resource_server.introspect_token(token) assert r['success'] is True assert r['status_code'] == 200 resp = r['response'] all_apis = { str.replace('{{RESOURCE_GROUP_ID}}', resource_id) for str in all_apis } assert len(resp['request']) == 1 assert resp['request'][0]['id'] == resource_id + '/*' assert set(resp['request'][0]['apis']) == all_apis # delete subscription capability and then introspect # find access ID and delete it access_id = -1 r = provider.get_provider_access() assert r['success'] == True assert r['status_code'] == 200 rules = r['response'] for r in rules: if r['item'] and resource_id == r['item']['cat_id']: access_id = r['id'] break assert access_id != -1 r = provider.delete_rule([{ 'id': access_id, 'capabilities': ['subscription'] }]) assert r['success'] == True assert r['status_code'] == 200 subscription_api = caps['rs.iudx.io']['consumer']['subscription'][0] r = resource_server.introspect_token(token) assert r['success'] is True assert r['status_code'] == 200 resp = r['response'] assert len(resp['request']) == 1 assert resp['request'][0]['id'] == resource_id + '/*' assert subscription_api not in set(resp['request'][0]['apis'])