def test_list_revoked_audit(self): revocation_backend = sql.Revoke() # Create a token with audit_id set, revoke it, check it is revoked, # check to make sure that list_events matches the token to the event we # just revoked. first_token = _sample_blank_token() first_token['audit_id'] = common.random_urlsafe_str() self.revoke_api.revoke_by_audit_id( audit_id=first_token['audit_id']) self._assertTokenRevoked(first_token) self.assertEqual( 1, len(revocation_backend.list_events(token=first_token))) # Create a second token, revoke it, check it is revoked, check to make # sure that list events only finds 1 match since there are 2 and they # dont both have different populated audit_id fields second_token = _sample_blank_token() second_token['audit_id'] = common.random_urlsafe_str() self.revoke_api.revoke_by_audit_id( audit_id=second_token['audit_id']) self._assertTokenRevoked(second_token) self.assertEqual( 1, len(revocation_backend.list_events(token=second_token))) # Create a third token with audit_id set to None to make sure that # since there are no events currently revoked with audit_id None this # finds no matches third_token = _sample_blank_token() third_token['audit_id'] = None self._assertTokenNotRevoked(third_token) self.assertEqual( 0, len(revocation_backend.list_events(token=third_token)))
def test_list_revoked_audit(self): revocation_backend = sql.Revoke() # Create a token with audit_id set, revoke it, check it is revoked, # check to make sure that list_events matches the token to the event we # just revoked. first_token = _sample_blank_token() first_token['audit_id'] = common.random_urlsafe_str() PROVIDERS.revoke_api.revoke_by_audit_id( audit_id=first_token['audit_id']) self._assertTokenRevoked(first_token) self.assertEqual( 1, len(revocation_backend.list_events(token=first_token))) # Create a second token, revoke it, check it is revoked, check to make # sure that list events only finds 1 match since there are 2 and they # dont both have different populated audit_id fields second_token = _sample_blank_token() second_token['audit_id'] = common.random_urlsafe_str() PROVIDERS.revoke_api.revoke_by_audit_id( audit_id=second_token['audit_id']) self._assertTokenRevoked(second_token) self.assertEqual( 1, len(revocation_backend.list_events(token=second_token))) # Create a third token with audit_id set to None to make sure that # since there are no events currently revoked with audit_id None this # finds no matches third_token = _sample_blank_token() third_token['audit_id'] = None self._assertTokenNotRevoked(third_token) self.assertEqual( 0, len(revocation_backend.list_events(token=third_token)))
def test_list_revoked_multiple_filters(self): revocation_backend = sql.Revoke() events = [] # create token that sets key/value filters in list_revoked first_token = _sample_blank_token() first_token['user_id'] = uuid.uuid4().hex first_token['project_id'] = uuid.uuid4().hex first_token['audit_id'] = common.random_urlsafe_str() # revoke event and then verify that there is only one revocation # and verify the only revoked event is the token add_event( events, revoke_model.RevokeEvent(user_id=first_token['user_id'], project_id=first_token['project_id'], audit_id=first_token['audit_id'])) self.revoke_api.revoke( revoke_model.RevokeEvent(user_id=first_token['user_id'], project_id=first_token['project_id'], audit_id=first_token['audit_id'])) self._assertTokenRevoked(events, first_token) self.assertEqual( 1, len(revocation_backend.list_events(token=first_token))) # If a token has None values which the event contains it shouldn't # match and not be revoked second_token = _sample_blank_token() self._assertTokenNotRevoked(events, second_token) self.assertEqual( 0, len(revocation_backend.list_events(token=second_token))) # If an event column and corresponding dict value don't match, Then # it should not add the event in the list. Demonstrate for project third_token = _sample_blank_token() third_token['project_id'] = uuid.uuid4().hex self._assertTokenNotRevoked(events, third_token) self.assertEqual( 0, len(revocation_backend.list_events(token=third_token))) # A revoked event with user_id as null and token user_id non null # should still be return an event and be revoked if other non null # event fields match non null token fields fourth_token = _sample_blank_token() fourth_token['user_id'] = uuid.uuid4().hex fourth_token['project_id'] = uuid.uuid4().hex fourth_token['audit_id'] = common.random_urlsafe_str() add_event( events, revoke_model.RevokeEvent(project_id=fourth_token['project_id'], audit_id=fourth_token['audit_id'])) self.revoke_api.revoke( revoke_model.RevokeEvent(project_id=fourth_token['project_id'], audit_id=fourth_token['audit_id'])) self._assertTokenRevoked(events, fourth_token) self.assertEqual( 1, len(revocation_backend.list_events(token=fourth_token)))
def test_list_revoked_multiple_filters(self): revocation_backend = sql.Revoke() events = [] # create token that sets key/value filters in list_revoked first_token = _sample_blank_token() first_token['user_id'] = uuid.uuid4().hex first_token['project_id'] = uuid.uuid4().hex first_token['audit_id'] = common.random_urlsafe_str() # revoke event and then verify that that there is only one revocation # and verify the only revoked event is the token add_event(events, revoke_model.RevokeEvent( user_id=first_token['user_id'], project_id=first_token['project_id'], audit_id=first_token['audit_id'])) self.revoke_api.revoke(revoke_model.RevokeEvent( user_id=first_token['user_id'], project_id=first_token['project_id'], audit_id=first_token['audit_id'])) self._assertTokenRevoked(events, first_token) self.assertEqual( 1, len(revocation_backend.list_events(token=first_token))) # If a token has None values which the event contains it shouldn't # match and not be revoked second_token = _sample_blank_token() self._assertTokenNotRevoked(events, second_token) self.assertEqual( 0, len(revocation_backend.list_events(token=second_token))) # If an event column and corresponding dict value don't match, Then # it should not add the event in the list. Demonstrate for project third_token = _sample_blank_token() third_token['project_id'] = uuid.uuid4().hex self._assertTokenNotRevoked(events, third_token) self.assertEqual( 0, len(revocation_backend.list_events(token=third_token))) # A revoked event with user_id as null and token user_id non null # should still be return an event and be revoked if other non null # event fields match non null token fields fourth_token = _sample_blank_token() fourth_token['user_id'] = uuid.uuid4().hex fourth_token['project_id'] = uuid.uuid4().hex fourth_token['audit_id'] = common.random_urlsafe_str() add_event(events, revoke_model.RevokeEvent( project_id=fourth_token['project_id'], audit_id=fourth_token['audit_id'])) self.revoke_api.revoke(revoke_model.RevokeEvent( project_id=fourth_token['project_id'], audit_id=fourth_token['audit_id'])) self._assertTokenRevoked(events, fourth_token) self.assertEqual( 1, len(revocation_backend.list_events(token=fourth_token)))
def _test_payload(self, payload_class, exp_user_id=None, exp_methods=None, exp_system=None, exp_project_id=None, exp_domain_id=None, exp_trust_id=None, exp_federated_info=None, exp_access_token_id=None): exp_user_id = exp_user_id or uuid.uuid4().hex exp_methods = exp_methods or ['password'] exp_expires_at = utils.isotime(timeutils.utcnow(), subsecond=True) exp_audit_ids = [common.random_urlsafe_str()] payload = payload_class.assemble( exp_user_id, exp_methods, exp_system, exp_project_id, exp_domain_id, exp_expires_at, exp_audit_ids, exp_trust_id, exp_federated_info, exp_access_token_id) (user_id, methods, system, project_id, domain_id, expires_at, audit_ids, trust_id, federated_info, access_token_id) = payload_class.disassemble(payload) self.assertEqual(exp_user_id, user_id) self.assertEqual(exp_methods, methods) self.assertTimestampsEqual(exp_expires_at, expires_at) self.assertEqual(exp_audit_ids, audit_ids) self.assertEqual(exp_system, system) self.assertEqual(exp_project_id, project_id) self.assertEqual(exp_domain_id, domain_id) self.assertEqual(exp_trust_id, trust_id) self.assertEqual(exp_access_token_id, access_token_id) if exp_federated_info: self.assertDictEqual(exp_federated_info, federated_info) else: self.assertIsNone(federated_info)
def _test_payload(self, payload_class, exp_user_id=None, exp_methods=None, exp_system=None, exp_project_id=None, exp_domain_id=None, exp_trust_id=None, exp_federated_info=None, exp_access_token_id=None, exp_app_cred_id=None): exp_user_id = exp_user_id or uuid.uuid4().hex exp_methods = exp_methods or ['password'] exp_expires_at = utils.isotime(timeutils.utcnow(), subsecond=True) exp_audit_ids = [common.random_urlsafe_str()] payload = payload_class.assemble( exp_user_id, exp_methods, exp_system, exp_project_id, exp_domain_id, exp_expires_at, exp_audit_ids, exp_trust_id, exp_federated_info, exp_access_token_id, exp_app_cred_id) (user_id, methods, system, project_id, domain_id, expires_at, audit_ids, trust_id, federated_info, access_token_id, app_cred_id) = payload_class.disassemble(payload) self.assertEqual(exp_user_id, user_id) self.assertEqual(exp_methods, methods) self.assertTimestampsEqual(exp_expires_at, expires_at) self.assertEqual(exp_audit_ids, audit_ids) self.assertEqual(exp_system, system) self.assertEqual(exp_project_id, project_id) self.assertEqual(exp_domain_id, domain_id) self.assertEqual(exp_trust_id, trust_id) self.assertEqual(exp_access_token_id, access_token_id) self.assertEqual(exp_app_cred_id, app_cred_id) if exp_federated_info: self.assertDictEqual(exp_federated_info, federated_info) else: self.assertIsNone(federated_info)
def test_strings_can_be_converted_to_bytes(self): s = common.random_urlsafe_str() self.assertIsInstance(s, six.text_type) b = token_formatters.BasePayload.random_urlsafe_str_to_bytes(s) self.assertIsInstance(b, six.binary_type)
def test_strings_are_url_safe(self): s = common.random_urlsafe_str() self.assertEqual(s, urllib.parse.quote_plus(s))