def test_verify_action_with_correct_dbnames(self): """ Test encrypting and decrypting documents. The following table lists the authorized actions among all possible u1db remote actions: URL path | Authorized actions -------------------------------------------------- / | GET /shared-db | GET /shared-db/docs | - /shared-db/doc/{id} | GET, PUT, DELETE /shared-db/sync-from/{source} | - /user-db | GET, PUT, DELETE /user-db/docs | - /user-db/doc/{id} | - /user-db/sync-from/{source} | GET, PUT, POST """ uuid = 'myuuid' authmap = URLToAuthorization(uuid, ) dbname = authmap._user_db_name # test global auth self.assertTrue(authmap.is_authorized(self._make_environ('/', 'GET'))) # test shared-db database resource auth self.assertTrue( authmap.is_authorized(self._make_environ('/shared', 'GET'))) self.assertFalse( authmap.is_authorized(self._make_environ('/shared', 'PUT'))) self.assertFalse( authmap.is_authorized(self._make_environ('/shared', 'DELETE'))) self.assertFalse( authmap.is_authorized(self._make_environ('/shared', 'POST'))) # test shared-db docs resource auth self.assertFalse( authmap.is_authorized(self._make_environ('/shared/docs', 'GET'))) self.assertFalse( authmap.is_authorized(self._make_environ('/shared/docs', 'PUT'))) self.assertFalse( authmap.is_authorized(self._make_environ('/shared/docs', 'DELETE'))) self.assertFalse( authmap.is_authorized(self._make_environ('/shared/docs', 'POST'))) # test shared-db doc resource auth self.assertTrue( authmap.is_authorized(self._make_environ('/shared/doc/x', 'GET'))) self.assertTrue( authmap.is_authorized(self._make_environ('/shared/doc/x', 'PUT'))) self.assertTrue( authmap.is_authorized(self._make_environ('/shared/doc/x', 'DELETE'))) self.assertFalse( authmap.is_authorized(self._make_environ('/shared/doc/x', 'POST'))) # test shared-db sync resource auth self.assertFalse( authmap.is_authorized( self._make_environ('/shared/sync-from/x', 'GET'))) self.assertFalse( authmap.is_authorized( self._make_environ('/shared/sync-from/x', 'PUT'))) self.assertFalse( authmap.is_authorized( self._make_environ('/shared/sync-from/x', 'DELETE'))) self.assertFalse( authmap.is_authorized( self._make_environ('/shared/sync-from/x', 'POST'))) # test user-db database resource auth self.assertTrue( authmap.is_authorized(self._make_environ('/%s' % dbname, 'GET'))) self.assertTrue( authmap.is_authorized(self._make_environ('/%s' % dbname, 'PUT'))) self.assertTrue( authmap.is_authorized(self._make_environ('/%s' % dbname, 'DELETE'))) self.assertFalse( authmap.is_authorized(self._make_environ('/%s' % dbname, 'POST'))) # test user-db docs resource auth self.assertFalse( authmap.is_authorized( self._make_environ('/%s/docs' % dbname, 'GET'))) self.assertFalse( authmap.is_authorized( self._make_environ('/%s/docs' % dbname, 'PUT'))) self.assertFalse( authmap.is_authorized( self._make_environ('/%s/docs' % dbname, 'DELETE'))) self.assertFalse( authmap.is_authorized( self._make_environ('/%s/docs' % dbname, 'POST'))) # test user-db doc resource auth self.assertFalse( authmap.is_authorized( self._make_environ('/%s/doc/x' % dbname, 'GET'))) self.assertFalse( authmap.is_authorized( self._make_environ('/%s/doc/x' % dbname, 'PUT'))) self.assertFalse( authmap.is_authorized( self._make_environ('/%s/doc/x' % dbname, 'DELETE'))) self.assertFalse( authmap.is_authorized( self._make_environ('/%s/doc/x' % dbname, 'POST'))) # test user-db sync resource auth self.assertTrue( authmap.is_authorized( self._make_environ('/%s/sync-from/x' % dbname, 'GET'))) self.assertTrue( authmap.is_authorized( self._make_environ('/%s/sync-from/x' % dbname, 'PUT'))) self.assertFalse( authmap.is_authorized( self._make_environ('/%s/sync-from/x' % dbname, 'DELETE'))) self.assertTrue( authmap.is_authorized( self._make_environ('/%s/sync-from/x' % dbname, 'POST')))
def test_verify_action_with_wrong_dbnames(self): """ Test if authorization fails for a wrong dbname. """ uuid = 'myuuid' authmap = URLToAuthorization(uuid) dbname = 'somedb' # test wrong-db database resource auth self.assertFalse( authmap.is_authorized(self._make_environ('/%s' % dbname, 'GET'))) self.assertFalse( authmap.is_authorized(self._make_environ('/%s' % dbname, 'PUT'))) self.assertFalse( authmap.is_authorized(self._make_environ('/%s' % dbname, 'DELETE'))) self.assertFalse( authmap.is_authorized(self._make_environ('/%s' % dbname, 'POST'))) # test wrong-db docs resource auth self.assertFalse( authmap.is_authorized( self._make_environ('/%s/docs' % dbname, 'GET'))) self.assertFalse( authmap.is_authorized( self._make_environ('/%s/docs' % dbname, 'PUT'))) self.assertFalse( authmap.is_authorized( self._make_environ('/%s/docs' % dbname, 'DELETE'))) self.assertFalse( authmap.is_authorized( self._make_environ('/%s/docs' % dbname, 'POST'))) # test wrong-db doc resource auth self.assertFalse( authmap.is_authorized( self._make_environ('/%s/doc/x' % dbname, 'GET'))) self.assertFalse( authmap.is_authorized( self._make_environ('/%s/doc/x' % dbname, 'PUT'))) self.assertFalse( authmap.is_authorized( self._make_environ('/%s/doc/x' % dbname, 'DELETE'))) self.assertFalse( authmap.is_authorized( self._make_environ('/%s/doc/x' % dbname, 'POST'))) # test wrong-db sync resource auth self.assertFalse( authmap.is_authorized( self._make_environ('/%s/sync-from/x' % dbname, 'GET'))) self.assertFalse( authmap.is_authorized( self._make_environ('/%s/sync-from/x' % dbname, 'PUT'))) self.assertFalse( authmap.is_authorized( self._make_environ('/%s/sync-from/x' % dbname, 'DELETE'))) self.assertFalse( authmap.is_authorized( self._make_environ('/%s/sync-from/x' % dbname, 'POST')))
def test_verify_action_with_wrong_dbnames(self): """ Test if authorization fails for a wrong dbname. """ uuid = 'myuuid' authmap = URLToAuthorization(uuid) dbname = 'somedb' # test wrong-db database resource auth self.assertFalse( authmap.is_authorized( self._make_environ('/%s' % dbname, 'GET'))) self.assertFalse( authmap.is_authorized( self._make_environ('/%s' % dbname, 'PUT'))) self.assertFalse( authmap.is_authorized( self._make_environ('/%s' % dbname, 'DELETE'))) self.assertFalse( authmap.is_authorized( self._make_environ('/%s' % dbname, 'POST'))) # test wrong-db docs resource auth self.assertFalse( authmap.is_authorized( self._make_environ('/%s/docs' % dbname, 'GET'))) self.assertFalse( authmap.is_authorized( self._make_environ('/%s/docs' % dbname, 'PUT'))) self.assertFalse( authmap.is_authorized( self._make_environ('/%s/docs' % dbname, 'DELETE'))) self.assertFalse( authmap.is_authorized( self._make_environ('/%s/docs' % dbname, 'POST'))) # test wrong-db doc resource auth self.assertFalse( authmap.is_authorized( self._make_environ('/%s/doc/x' % dbname, 'GET'))) self.assertFalse( authmap.is_authorized( self._make_environ('/%s/doc/x' % dbname, 'PUT'))) self.assertFalse( authmap.is_authorized( self._make_environ('/%s/doc/x' % dbname, 'DELETE'))) self.assertFalse( authmap.is_authorized( self._make_environ('/%s/doc/x' % dbname, 'POST'))) # test wrong-db sync resource auth self.assertFalse( authmap.is_authorized( self._make_environ('/%s/sync-from/x' % dbname, 'GET'))) self.assertFalse( authmap.is_authorized( self._make_environ('/%s/sync-from/x' % dbname, 'PUT'))) self.assertFalse( authmap.is_authorized( self._make_environ('/%s/sync-from/x' % dbname, 'DELETE'))) self.assertFalse( authmap.is_authorized( self._make_environ('/%s/sync-from/x' % dbname, 'POST')))
def test_verify_action_with_correct_dbnames(self): """ Test encrypting and decrypting documents. The following table lists the authorized actions among all possible u1db remote actions: URL path | Authorized actions -------------------------------------------------- / | GET /shared-db | GET /shared-db/docs | - /shared-db/doc/{id} | GET, PUT, DELETE /shared-db/sync-from/{source} | - /user-db | GET, PUT, DELETE /user-db/docs | - /user-db/doc/{id} | - /user-db/sync-from/{source} | GET, PUT, POST """ uuid = 'myuuid' authmap = URLToAuthorization(uuid,) dbname = authmap._user_db_name # test global auth self.assertTrue( authmap.is_authorized(self._make_environ('/', 'GET'))) # test shared-db database resource auth self.assertTrue( authmap.is_authorized( self._make_environ('/shared', 'GET'))) self.assertFalse( authmap.is_authorized( self._make_environ('/shared', 'PUT'))) self.assertFalse( authmap.is_authorized( self._make_environ('/shared', 'DELETE'))) self.assertFalse( authmap.is_authorized( self._make_environ('/shared', 'POST'))) # test shared-db docs resource auth self.assertFalse( authmap.is_authorized( self._make_environ('/shared/docs', 'GET'))) self.assertFalse( authmap.is_authorized( self._make_environ('/shared/docs', 'PUT'))) self.assertFalse( authmap.is_authorized( self._make_environ('/shared/docs', 'DELETE'))) self.assertFalse( authmap.is_authorized( self._make_environ('/shared/docs', 'POST'))) # test shared-db doc resource auth self.assertTrue( authmap.is_authorized( self._make_environ('/shared/doc/x', 'GET'))) self.assertTrue( authmap.is_authorized( self._make_environ('/shared/doc/x', 'PUT'))) self.assertTrue( authmap.is_authorized( self._make_environ('/shared/doc/x', 'DELETE'))) self.assertFalse( authmap.is_authorized( self._make_environ('/shared/doc/x', 'POST'))) # test shared-db sync resource auth self.assertFalse( authmap.is_authorized( self._make_environ('/shared/sync-from/x', 'GET'))) self.assertFalse( authmap.is_authorized( self._make_environ('/shared/sync-from/x', 'PUT'))) self.assertFalse( authmap.is_authorized( self._make_environ('/shared/sync-from/x', 'DELETE'))) self.assertFalse( authmap.is_authorized( self._make_environ('/shared/sync-from/x', 'POST'))) # test user-db database resource auth self.assertTrue( authmap.is_authorized( self._make_environ('/%s' % dbname, 'GET'))) self.assertTrue( authmap.is_authorized( self._make_environ('/%s' % dbname, 'PUT'))) self.assertTrue( authmap.is_authorized( self._make_environ('/%s' % dbname, 'DELETE'))) self.assertFalse( authmap.is_authorized( self._make_environ('/%s' % dbname, 'POST'))) # test user-db docs resource auth self.assertFalse( authmap.is_authorized( self._make_environ('/%s/docs' % dbname, 'GET'))) self.assertFalse( authmap.is_authorized( self._make_environ('/%s/docs' % dbname, 'PUT'))) self.assertFalse( authmap.is_authorized( self._make_environ('/%s/docs' % dbname, 'DELETE'))) self.assertFalse( authmap.is_authorized( self._make_environ('/%s/docs' % dbname, 'POST'))) # test user-db doc resource auth self.assertFalse( authmap.is_authorized( self._make_environ('/%s/doc/x' % dbname, 'GET'))) self.assertFalse( authmap.is_authorized( self._make_environ('/%s/doc/x' % dbname, 'PUT'))) self.assertFalse( authmap.is_authorized( self._make_environ('/%s/doc/x' % dbname, 'DELETE'))) self.assertFalse( authmap.is_authorized( self._make_environ('/%s/doc/x' % dbname, 'POST'))) # test user-db sync resource auth self.assertTrue( authmap.is_authorized( self._make_environ('/%s/sync-from/x' % dbname, 'GET'))) self.assertTrue( authmap.is_authorized( self._make_environ('/%s/sync-from/x' % dbname, 'PUT'))) self.assertFalse( authmap.is_authorized( self._make_environ('/%s/sync-from/x' % dbname, 'DELETE'))) self.assertTrue( authmap.is_authorized( self._make_environ('/%s/sync-from/x' % dbname, 'POST')))
def test_verify_action_with_wrong_dbnames(self): """ Test if authorization fails for a wrong dbname. """ uuid = uuid4().hex authmap = URLToAuthorization(uuid) dbname = "somedb" # test wrong-db database resource auth self.assertFalse(authmap.is_authorized(self._make_environ("/%s" % dbname, "GET"))) self.assertFalse(authmap.is_authorized(self._make_environ("/%s" % dbname, "PUT"))) self.assertFalse(authmap.is_authorized(self._make_environ("/%s" % dbname, "DELETE"))) self.assertFalse(authmap.is_authorized(self._make_environ("/%s" % dbname, "POST"))) # test wrong-db docs resource auth self.assertFalse(authmap.is_authorized(self._make_environ("/%s/docs" % dbname, "GET"))) self.assertFalse(authmap.is_authorized(self._make_environ("/%s/docs" % dbname, "PUT"))) self.assertFalse(authmap.is_authorized(self._make_environ("/%s/docs" % dbname, "DELETE"))) self.assertFalse(authmap.is_authorized(self._make_environ("/%s/docs" % dbname, "POST"))) # test wrong-db doc resource auth self.assertFalse(authmap.is_authorized(self._make_environ("/%s/doc/x" % dbname, "GET"))) self.assertFalse(authmap.is_authorized(self._make_environ("/%s/doc/x" % dbname, "PUT"))) self.assertFalse(authmap.is_authorized(self._make_environ("/%s/doc/x" % dbname, "DELETE"))) self.assertFalse(authmap.is_authorized(self._make_environ("/%s/doc/x" % dbname, "POST"))) # test wrong-db sync resource auth self.assertFalse(authmap.is_authorized(self._make_environ("/%s/sync-from/x" % dbname, "GET"))) self.assertFalse(authmap.is_authorized(self._make_environ("/%s/sync-from/x" % dbname, "PUT"))) self.assertFalse(authmap.is_authorized(self._make_environ("/%s/sync-from/x" % dbname, "DELETE"))) self.assertFalse(authmap.is_authorized(self._make_environ("/%s/sync-from/x" % dbname, "POST")))