def test_ssh_success(vo, rest_client):
"""AUTHENTICATION (REST): SSH RSA public key exchange (correct credentials)."""
root = InternalAccount('root', vo=vo)
try:
add_account_identity(PUBLIC_KEY,
IdentityType.SSH,
root,
email='*****@*****.**')
except Duplicate:
pass # might already exist, can skip
headers_dict = {'X-Rucio-Account': 'root'}
response = rest_client.get('/auth/ssh_challenge_token',
headers=headers(hdrdict(headers_dict),
vohdr(vo)))
assert response.status_code == 200
assert 'challenge-' in response.headers.get('X-Rucio-SSH-Challenge-Token')
signature = ssh_sign(PRIVATE_KEY,
response.headers.get('X-Rucio-SSH-Challenge-Token'))
headers_dict = {
'X-Rucio-Account': 'root',
'X-Rucio-SSH-Signature': signature
}
response = rest_client.get('/auth/ssh',
headers=headers(hdrdict(headers_dict),
vohdr(vo)))
assert response.status_code == 200
assert len(response.headers.get('X-Rucio-Auth-Token')) > 32
del_account_identity(PUBLIC_KEY, IdentityType.SSH, root)
def test_list_scope(rest_client, auth_token):
""" SCOPE (REST): send a GET list all scopes for one account """
tmp_val = account_name_generator()
headers_dict = {'Rucio-Type': 'user', 'X-Rucio-Account': 'root'}
data = {'type': 'USER', 'email': '*****@*****.**'}
response = rest_client.post('/accounts/%s' % tmp_val,
headers=headers(auth(auth_token),
hdrdict(headers_dict)),
json=data)
assert response.status_code == 201
scopes = [scope_name_generator() for _ in range(5)]
for scope in scopes:
response = rest_client.post('/accounts/%s/scopes/%s' %
(tmp_val, scope),
headers=headers(auth(auth_token)),
json={})
assert response.status_code == 201
response = rest_client.get('/accounts/%s/scopes/' % tmp_val,
headers=headers(auth(auth_token)))
assert response.status_code == 200
svr_list = loads(response.get_data(as_text=True))
for scope in scopes:
assert scope in svr_list
def test_saml_fail(vo, rest_client):
"""AUTHENTICATION (REST): SAML Username and password (wrong credentials)."""
headers_dict = {'X-Rucio-Account': 'root'}
userpass = {'username': '******', 'password': '******'}
response = rest_client.get('/auth/saml',
headers=headers(hdrdict(headers_dict),
vohdr(vo)))
if not response.headers.get('X-Rucio-Auth-Token'):
SAML_auth_url = response.headers.get('X-Rucio-SAML-Auth-URL')
response = session().post(SAML_auth_url,
data=userpass,
verify=False,
allow_redirects=True)
response = rest_client.get('/auth/saml',
headers=headers(hdrdict(headers_dict)))
assert response.status_code == 401
def check_error_api(params, exception_class, exception_message, code):
headers_dict = {'X-Rucio-Type': 'user', 'X-Rucio-Account': 'root'}
response = rest_client.get('/requests/list',
query_string=params,
headers=headers(auth(auth_token), vohdr(vo),
hdrdict(headers_dict)))
assert response.status_code == code
body = parse_response(response.get_data(as_text=True))
assert body['ExceptionClass'] == exception_class
assert body['ExceptionMessage'] == exception_message
def check_correct_api(params, expected_requests):
headers_dict = {'X-Rucio-Type': 'user', 'X-Rucio-Account': 'root'}
response = rest_client.get('/requests/list',
query_string=params,
headers=headers(auth(auth_token), vohdr(vo),
hdrdict(headers_dict)))
assert response.status_code == 200
requests = set()
for request in response.get_data(as_text=True).split('\n')[:-1]:
request = parse_response(request)
requests.add((request['state'], request['source_rse_id'],
request['dest_rse_id'], request['name']))
assert requests == expected_requests
def test_userpass(rest_client, auth_token):
""" ACCOUNT (REST): send a POST to add an identity to an account."""
username = uuid()
# normal addition
headers_dict = {
'X-Rucio-Username': username,
'X-Rucio-Password': '******',
'X-Rucio-Email': 'email'
}
response = rest_client.put('/identities/root/userpass',
headers=headers(auth(auth_token),
hdrdict(headers_dict)))
assert response.status_code == 201
def test_ssh_fail(vo, rest_client):
"""AUTHENTICATION (REST): SSH RSA public key exchange (wrong credentials)."""
root = InternalAccount('root', vo=vo)
try:
add_account_identity(PUBLIC_KEY,
IdentityType.SSH,
root,
email='*****@*****.**')
except Duplicate:
pass # might already exist, can skip
signature = ssh_sign(PRIVATE_KEY, 'sign_something_else')
headers_dict = {
'X-Rucio-Account': 'root',
'X-Rucio-SSH-Signature': signature
}
response = rest_client.get('/auth/ssh',
headers=headers(hdrdict(headers_dict),
vohdr(vo)))
assert response.status_code == 401
del_account_identity(PUBLIC_KEY, IdentityType.SSH, root)
