def test_adfs_login(self, m):
m.post(
'http://example.com/auth',
text=util.get_fixture('adfs-successful-login.xml'),
)
assertion = util.get_fixture('adfs-assertion.txt', 'rb')
self.assertEqual(assertion, tokens.get_token('hest', 'fest'))
def test_searching_with_limit(self):
objid = self.load_fixture('/aktivitet/aktivitet',
'aktivitet_opret.json')
self.assertRequestResponse(
'/aktivitet/aktivitet/{}'.format(objid),
{
'uuid': objid,
},
json=util.get_fixture('aktivitet_opdater.json'),
method='PATCH',
)
self.assertRequestResponse(
'aktivitet/aktivitet?bvn=JOGGING&maximalantalresultater=2000',
{
"results": [
[
objid,
],
],
},
)
self.assertRequestResponse(
'aktivitet/aktivitet?bvn=JOGGING&status=Aktiv&foersteresultat=1',
{
"results": [
[],
],
},
)
def test_bad_import(self):
'''import a class into an organisation -- not expected to work'''
data = util.get_fixture('klasse_opret.json')
self.assertRequestFails(
'/klassifikation/klassifikation',
400,
method='POST',
json=data,
)
def check(expected, status_code):
token = util.get_fixture('adfs-assertion.txt').strip()
self.assertRequestResponse(
'/organisation/organisation?bvn=%',
expected,
headers={
'Authorization': token,
},
status_code=status_code,
)
def test_searching_with_limit_after_editing_bvn(self):
objid = self.load_fixture('/aktivitet/aktivitet',
'aktivitet_opret.json')
self.assertRequestResponse(
'/aktivitet/aktivitet/{}'.format(objid),
{
'uuid': objid,
},
json=util.get_fixture('aktivitet_opdater.json'),
method='PATCH',
)
self.assertRequestResponse(
'/aktivitet/aktivitet/{}'.format(objid),
{
'uuid': objid,
},
json={
"note": "Ret BVN",
"attributter": {
"aktivitetegenskaber": [
{
"brugervendtnoegle": "JOGGINGLØB",
"virkning": {
"from": "2017-01-01 00:00:00",
"to": "infinity",
}
},
],
},
},
method='PATCH',
)
self.assertRequestResponse(
'aktivitet/aktivitet?bvn=JOG%&maximalantalresultater=2000',
{
"results": [
[
objid,
],
],
},
)
self.assertRequestResponse(
'aktivitet/aktivitet?bvn=JOG%&status=Aktiv&foersteresultat=1',
{
"results": [
[],
],
},
)
def test_virkningstid(self):
uuid = "931ee7bf-10d6-4cc3-8938-83aa6389aaba"
self.load_fixture('/organisation/bruger', 'test_bruger.json', uuid)
expected = util.get_fixture('output/test_bruger_virkningstid.json')
self.assertQueryResponse('/organisation/bruger',
expected,
uuid=uuid,
virkningstid='2004-01-01')
def test_wso2_login_failure(self, m):
m.post(
'http://example.com/auth',
text=util.get_fixture('wso2-failed-login.xml'),
)
with self.assertRaises(Exception) as cm:
tokens.get_token('hest', 'fest')
self.assertEqual(
cm.exception.args,
('The security token could not be authenticated or authorized', ))
def test_edit(self):
objid = self.load_fixture('/klassifikation/klasse',
'klasse_opret.json')
self.assertRequestResponse(
'/klassifikation/klasse/{}'.format(objid), {
'uuid': objid,
},
json=util.get_fixture('klasse_opdater.json'),
method='PATCH')
expected = {
"relationer": {
"ansvarlig": [{
"uuid": "ddc99abd-c1b0-48c2-aef7-74fea841adae",
"objekttype": "Bruger",
"virkning": {
"aktoerref": "ddc99abd-c1b0-48c2-aef7-74fea841adae",
"to_included": False,
"aktoertypekode": "Bruger",
"to": "infinity",
"notetekst": "Nothing to see here!",
"from_included": True,
"from": "2014-05-19 12:02:32+02"
}
}],
"redaktoerer": [{
"uuid": "ddc99abd-c1b0-48c2-aef7-74fea841adae",
"objekttype": "Bruger",
"virkning": {
"aktoerref": "ddc99abd-c1b0-48c2-aef7-74fea841adae",
"to_included": False,
"aktoertypekode": "Bruger",
"to": "infinity",
"notetekst": "Nothing to see here!",
"from_included": True,
"from": "2015-05-19 12:02:32+02"
}
}, {
"uuid": "ef2713ee-1a38-4c23-8fcb-3c4331262194",
"objekttype": "Bruger",
"virkning": {
"aktoerref": "ddc99abd-c1b0-48c2-aef7-74fea841adae",
"to_included": False,
"aktoertypekode": "Bruger",
"to": "infinity",
"notetekst": "Nothing to see here!",
"from_included": True,
"from": "2014-05-19 12:02:32+02"
}
}]
},
"attributter": {
"klasseegenskaber": [{
"omfang":
"Magenta",
"beskrivelse":
"Organisatorisk funktion",
"retskilde":
"Ja",
"virkning": {
"aktoerref": "ddc99abd-c1b0-48c2-aef7-74fea841adae",
"to_included": False,
"aktoertypekode": "Bruger",
"to": "infinity",
"from_included": True,
"from": "2014-05-22 12:02:32+02"
},
"brugervendtnoegle":
"ORGFUNK",
"soegeord": [{
"beskrivelse": "med",
"soegeordidentifikator": "hej",
"soegeordskategori": "dig"
}],
"eksempel":
"Hierarkisk",
"titel":
"XYZ"
}]
},
"brugerref": "42c432e8-9c4a-11e6-9f62-873cf34a735f",
"tilstande": {
"klassepubliceret": [{
"publiceret": "Publiceret",
"virkning": {
"aktoerref": "ddc99abd-c1b0-48c2-aef7-74fea841adae",
"to_included": False,
"aktoertypekode": "Bruger",
"to": "infinity",
"notetekst": "Nothing to see here!",
"from_included": True,
"from": "2014-05-19 12:02:32+02"
}
}]
},
"livscykluskode": "Rettet",
"note": "Opdater klasse"
}
self.assertQueryResponse(
'/klassifikation/klasse',
expected,
uuid=objid,
)
def test_edit_put(self):
objid = self.load_fixture('/klassifikation/klasse',
'klasse_opret.json')
self.assertRequestResponse(
'/klassifikation/klasse/{}'.format(objid), {
'uuid': objid,
},
json=util.get_fixture('klasse_opdater_put.json'),
method='PUT')
expected = {
'note': 'Overskriv klasse med nye perioder mv',
'attributter': {
'klasseegenskaber': [{
'beskrivelse':
'Klasse',
'brugervendtnoegle':
'KLASSE',
'eksempel':
'Hierarkisk',
'omfang':
'Magenta',
'retskilde':
'Nej',
'soegeord': [{
'beskrivelse': 'Vores firma',
'soegeordidentifikator': 'Magenta',
'soegeordskategori': 'info'
}, {
'beskrivelse': 'Vores kunde',
'soegeordidentifikator': 'KL',
'soegeordskategori': 'info'
}],
'titel':
'XYZ',
'virkning': {
'aktoerref': 'ddc99abd-c1b0-48c2-aef7-74fea841adae',
'aktoertypekode': 'Bruger',
'from': '2016-05-19 12:02:32+02',
'from_included': True,
'to': 'infinity',
'to_included': False
}
}]
},
'livscykluskode': 'Rettet',
'note': 'Overskriv klasse med nye perioder mv',
'relationer': {
'ansvarlig': [{
'objekttype': 'Bruger',
'uuid': 'ddc99abd-c1b0-48c2-aef7-74fea841adae',
'virkning': {
'aktoerref': 'ddc99abd-c1b0-48c2-aef7-74fea841adae',
'aktoertypekode': 'Bruger',
'from': '2016-05-19 12:02:32+02',
'from_included': True,
'notetekst': 'Nothing to see here!',
'to': 'infinity',
'to_included': False
}
}],
'redaktoerer': [{
'objekttype': 'Bruger',
'uuid': 'ddc99abd-c1b0-48c2-aef7-74fea841adae',
'virkning': {
'aktoerref': 'ddc99abd-c1b0-48c2-aef7-74fea841adae',
'aktoertypekode': 'Bruger',
'from': '2016-05-19 12:02:32+02',
'from_included': True,
'notetekst': 'Nothing to see here!',
'to': 'infinity',
'to_included': False
}
}, {
'objekttype': 'Bruger',
'uuid': 'ef2713ee-1a38-4c23-8fcb-3c4331262194',
'virkning': {
'aktoerref': 'ddc99abd-c1b0-48c2-aef7-74fea841adae',
'aktoertypekode': 'Bruger',
'from': '2016-05-19 12:02:32+02',
'from_included': True,
'notetekst': 'Nothing to see here!',
'to': 'infinity',
'to_included': False
}
}]
},
'tilstande': {
'klassepubliceret': [{
'publiceret': 'Publiceret',
'virkning': {
'aktoerref': 'ddc99abd-c1b0-48c2-aef7-74fea841adae',
'aktoertypekode': 'Bruger',
'from': '2016-05-19 12:02:32+02',
'from_included': True,
'notetekst': 'Nothing to see here!',
'to': 'infinity',
'to_included': False
}
}]
}
}
self.assertQueryResponse(
'/klassifikation/klasse',
expected,
uuid=objid,
)
def test_adfs(self):
def check(expected, status_code):
token = util.get_fixture('adfs-assertion.txt').strip()
self.assertRequestResponse(
'/organisation/organisation?bvn=%',
expected,
headers={
'Authorization': token,
},
status_code=status_code,
)
with freezegun.freeze_time('2018-04-20 18:00:00'):
# this test verifies a properly authorised request
check(
{
'results': [[]],
},
200,
)
# now verify that we reject assertions not targeted to us
with patch('oio_rest.settings.SAML_MOX_ENTITY_ID',
'https://whatever'):
check(
{
'message':
'SAML token validation failed: '
'https://whatever is not a valid audience for this '
'Assertion, got https://moxdev.atlas.magenta.dk',
},
403,
)
# verify that we reject from the wrong issuing IdP
with patch('oio_rest.settings.SAML_IDP_ENTITY_ID',
'https://whatever'):
check(
{
'message':
"SAML token validation failed: "
"Invalid issuer "
"'http://adfs.magenta.dk/adfs/services/trust' "
"in the Assertion/Response, expected "
"'https://whatever'"
},
403,
)
# and we MUST verify the certificate!!!
with patch('oio_rest.authentication.__IDP_CERT',
util.get_fixture('idp-certificate.pem')):
check(
{
'message':
'SAML token validation failed: '
'Signature validation failed. SAML Response rejected. '
'Signature is invalid.',
},
403,
)
# finally, ensure that we reject expired requests
with freezegun.freeze_time('2018-04-20 19:00:00'):
check(
{
'message':
'SAML token validation failed: '
'Could not validate timestamp: expired. '
'Check system clock.'
},
403,
)
# ..and just-in-case, that we reject future requests as well
with freezegun.freeze_time('2018-04-20 17:00:00'):
check(
{
'message':
'SAML token validation failed: '
'Could not validate timestamp: not yet valid. '
'Check system clock.'
},
403,
)
class TestAssertionVerification(util.TestCase):
'''The intention of these tests are that they should perform an actual
validation. Unfortunately, I only had some old assertions
available which I couldn't get to validate properly, so instead it
merely tests those failures for now.
'''
@patch('oio_rest.settings.SAML_IDP_TYPE', 'adfs')
@patch('oio_rest.settings.SAML_MOX_ENTITY_ID',
'https://moxdev.atlas.magenta.dk')
@patch('oio_rest.settings.SAML_IDP_ENTITY_ID',
'http://adfs.magenta.dk/adfs/services/trust')
@patch('oio_rest.settings.SAML_IDP_URL',
"https://adfs.magenta.dk/adfs/services/trust/13/UsernameMixed")
@patch('oio_rest.settings.SAML_USER_ID_ATTIBUTE',
"http://schemas.xmlsoap.org/ws/2005/05/"
"identity/claims/privatepersonalidentifier")
@patch('oio_rest.authentication.__IDP_CERT',
util.get_fixture('adfs-cert.pem'))
def test_adfs(self):
def check(expected, status_code):
token = util.get_fixture('adfs-assertion.txt').strip()
self.assertRequestResponse(
'/organisation/organisation?bvn=%',
expected,
headers={
'Authorization': token,
},
status_code=status_code,
)
with freezegun.freeze_time('2018-04-20 18:00:00'):
# this test verifies a properly authorised request
check(
{
'results': [[]],
},
200,
)
# now verify that we reject assertions not targeted to us
with patch('oio_rest.settings.SAML_MOX_ENTITY_ID',
'https://whatever'):
check(
{
'message':
'SAML token validation failed: '
'https://whatever is not a valid audience for this '
'Assertion, got https://moxdev.atlas.magenta.dk',
},
403,
)
# verify that we reject from the wrong issuing IdP
with patch('oio_rest.settings.SAML_IDP_ENTITY_ID',
'https://whatever'):
check(
{
'message':
"SAML token validation failed: "
"Invalid issuer "
"'http://adfs.magenta.dk/adfs/services/trust' "
"in the Assertion/Response, expected "
"'https://whatever'"
},
403,
)
# and we MUST verify the certificate!!!
with patch('oio_rest.authentication.__IDP_CERT',
util.get_fixture('idp-certificate.pem')):
check(
{
'message':
'SAML token validation failed: '
'Signature validation failed. SAML Response rejected. '
'Signature is invalid.',
},
403,
)
# finally, ensure that we reject expired requests
with freezegun.freeze_time('2018-04-20 19:00:00'):
check(
{
'message':
'SAML token validation failed: '
'Could not validate timestamp: expired. '
'Check system clock.'
},
403,
)
# ..and just-in-case, that we reject future requests as well
with freezegun.freeze_time('2018-04-20 17:00:00'):
check(
{
'message':
'SAML token validation failed: '
'Could not validate timestamp: not yet valid. '
'Check system clock.'
},
403,
)
@patch('oio_rest.settings.SAML_IDP_TYPE', 'wso2')
def test_wso2(self):
raise unittest.SkipTest('TODO')
def test_restrictions(self):
raise unittest.SkipTest('TODO')
def test_searching(self):
objid = self.load_fixture('/aktivitet/aktivitet',
'aktivitet_opret.json')
self.assertRequestResponse(
'/aktivitet/aktivitet/{}'.format(objid),
{
'uuid': objid,
},
json=util.get_fixture('aktivitet_opdater.json'),
method='PATCH',
)
expected_found = {
"results": [
[
objid,
],
],
}
expected_nothing = {
"results": [
[],
],
}
self.assertRequestResponse(
'aktivitet/aktivitet?bvn=JOGGING',
expected_found,
)
self.assertRequestResponse(
'aktivitet/aktivitet?bvn=JOGGING&status=Aktiv',
expected_found,
)
self.assertRequestFails(
'aktivitet/aktivitet?bvn=JOGGING&gyldighed=Aktiv',
400,
)
self.assertRequestResponse(
'aktivitet/aktivitet?bvn=JOGGING&status=Aktiv&foersteresultat=0',
expected_found,
)
self.assertRequestResponse(
'aktivitet/aktivitet?bvn=JOGGING&status=Inaktiv',
expected_nothing,
)
self.assertRequestResponse(
'aktivitet/aktivitet?bvn=JOGGING&status=Inaktiv',
expected_nothing,
)
self.assertRequestResponse(
'aktivitet/aktivitet?bvn=JOGGING&maximalantalresultater=0',
expected_nothing,
)
def test_edit(self):
objid = self.load_fixture('/aktivitet/aktivitet',
'aktivitet_opret.json')
self.assertRequestResponse(
'/aktivitet/aktivitet/{}'.format(objid),
{
'uuid': objid,
},
json=util.get_fixture('aktivitet_opdater.json'),
method='PATCH',
)
expected = {
'attributter': {
'aktivitetegenskaber': [
{
'aktivitetnavn': 'XYZ',
'beskrivelse': 'Jogging',
'brugervendtnoegle': 'JOGGING',
'formaal': 'Ja',
'sluttidspunkt': '2016-05-19T16:02:32+02:00',
'starttidspunkt': '2014-05-19T14:02:32+02:00',
'tidsforbrug': '0',
'virkning': {
'aktoerref': 'ddc99abd-c1b0-48c2-aef7-'
'74fea841adae',
'aktoertypekode': 'Bruger',
'from': '2016-05-19 12:02:32+02',
'from_included': True,
'to': 'infinity',
'to_included': False,
},
},
],
},
'livscykluskode': 'Rettet',
'note': 'Opdatering',
'relationer': {
'ansvarlig': [
{
'objekttype': 'Bruger',
'uuid': 'abcdeabd-c1b0-48c2-aef7-74fea841adae',
'virkning': {
'aktoerref': 'ddc99abd-c1b0-48c2-aef7-'
'74fea841adae',
'aktoertypekode': 'Bruger',
'from': '2016-05-19 12:02:32+02',
'from_included': True,
'notetekst': 'Nothing to see here!',
'to': 'infinity',
'to_included': False,
},
},
],
'deltager': [
{
'aktoerattr': {
'accepteret': 'foreloebigt',
'obligatorisk': 'valgfri',
'repraesentation_uuid': '0e3ed41a-08f2-4967-8689-'
'dce625f93029',
},
'indeks': 1,
'objekttype': 'Bruger',
'uuid': '123deabd-c1b0-48c2-aef7-74fea841adae',
'virkning': {
'aktoerref': 'ddc99abd-c1b0-48c2-aef7-'
'74fea841adae',
'aktoertypekode': 'Bruger',
'from': '2014-05-19 12:02:32+02',
'from_included': True,
'notetekst': 'Nothing to see here!',
'to': 'infinity',
'to_included': False,
},
},
{
'aktoerattr': {
'accepteret': 'foreloebigt',
'obligatorisk': 'valgfri',
'repraesentation_uuid': '0123d41a-08f2-4967-8689-'
'dce625f93029',
},
'indeks': 2,
'objekttype': 'Bruger',
'uuid': '22345abd-c1b0-48c2-aef7-74fea841adae',
'virkning': {
'aktoerref': 'ddc99abd-c1b0-48c2-aef7-'
'74fea841adae',
'aktoertypekode': 'Bruger',
'from': '2014-05-19 12:02:32+02',
'from_included': True,
'notetekst': 'Nothing to see here!',
'to': 'infinity',
'to_included': False,
},
},
],
},
'tilstande': {
'aktivitetpubliceret': [
{
'publiceret': 'Publiceret',
'virkning': {
'aktoerref': 'ddc99abd-c1b0-48c2-aef7-'
'74fea841adae',
'aktoertypekode': 'Bruger',
'from': '2014-05-19 12:02:32+02',
'from_included': True,
'notetekst': 'Nothing to see here!',
'to': 'infinity',
'to_included': False,
},
},
],
'aktivitetstatus': [
{
'status': 'Aktiv',
'virkning': {
'aktoerref': 'ddc99abd-c1b0-48c2-aef7-'
'74fea841adae',
'aktoertypekode': 'Bruger',
'from': '2014-05-19 12:02:32+02',
'from_included': True,
'notetekst': 'Nothing to see here!',
'to': 'infinity',
'to_included': False,
},
},
],
},
}
self.assertQueryResponse(
'/aktivitet/aktivitet',
expected,
uuid=objid,
)
