def bob_setup(bob_account_id, record_id, carenet_id, allowed_docs, disallowed_docs):
        bob_chrome_client = IndivoClient("chrome", "chrome")
        bob_chrome_client.create_session(data.account02)

        # SZ: Bob should NOT be able to read the docs directly in the record
        for doc_id in allowed_docs + disallowed_docs:
            assert_403(bob_chrome_client.read_document(record_id=record_id, document_id=doc_id))

        assert_403(bob_chrome_client.get_record_carenets(record_id=record_id))

        # Bob should be able to read the allowed docs
        for doc_id in allowed_docs:
            assert_200(bob_chrome_client.get_carenet_document(carenet_id=carenet_id, document_id=doc_id))

        # Bob should not be able to read the disallowed docs
        for doc_id in disallowed_docs:
            assert_404(bob_chrome_client.get_carenet_document(carenet_id=carenet_id, document_id=doc_id))

        # Bob should be able to list docs in the carenet
        carenet_documents_list = bob_chrome_client.get_carenet_documents(carenet_id=carenet_id).response[PRD][
            "Document"
        ]

        # with a parameter
        carenet_documents_list = bob_chrome_client.get_carenet_documents(
            carenet_id=carenet_id, parameters={"type": "http://indivo.org/vocab/xml/documents#Allergy"}
        ).response[PRD]["Document"]

        # Read carenet allergies
        assert_200(bob_chrome_client.read_carenet_allergies(carenet_id=carenet_id))
        assert_200(bob_chrome_client.read_carenet_problems(carenet_id=carenet_id))

        # Read the contact document, this should work
        contact_doc = parse_xml(
            bob_chrome_client.read_carenet_special_document(carenet_id=carenet_id, special_document="contact")
        )
        contact_name = xpath(
            contact_doc,
            "/ns:Contact/ns:name/ns:fullName/text()",
            namespaces={"ns": "http://indivo.org/vocab/xml/documents#"},
        )
        assert contact_name

        bob_chrome_client.get_account_permissions(account_id=bob_account_id)
        bob_chrome_client.get_carenet_account_permissions(
            carenet_id=carenet_id, record_id=record_id, account_id=bob_account_id
        )

        # Not yet implemented
        # bob_chrome_client.get_carenet_app_permissions(account_id=bob_account_id)

        return True
示例#2
0
  def bob_setup(bob_account_id, record_id, carenet_id, allowed_docs, disallowed_docs):
    bob_chrome_client = IndivoClient('chrome', 'chrome')
    bob_chrome_client.create_session(data.account02)

    # SZ: Bob should NOT be able to read the docs directly in the record
    for doc_id in allowed_docs+disallowed_docs:
      assert_403(bob_chrome_client.read_document(record_id=record_id, document_id=doc_id))

    assert_403(bob_chrome_client.get_record_carenets(record_id=record_id))

    # Bob should be able to read the allowed docs

    for doc_id in allowed_docs:
      assert_200(bob_chrome_client.get_carenet_document(carenet_id = carenet_id, document_id = doc_id))

    # Bob should not be able to read the disallowed docs
    for doc_id in disallowed_docs:
      assert_404(bob_chrome_client.get_carenet_document(carenet_id = carenet_id, document_id = doc_id))
    
    # Bob should be able to list docs in the carenet
    carenet_documents_list = bob_chrome_client.get_carenet_documents(carenet_id = carenet_id).response[PRD]['Document']

    # with a parameter
    carenet_documents_list = bob_chrome_client.get_carenet_documents(carenet_id = carenet_id, parameters={'type': 'http://indivo.org/vocab/xml/documents#Allergy'}).response[PRD]['Document']

    # Read carenet allergies
    # TODO: replace with generic call
    # assert_200(bob_chrome_client.read_carenet_allergies(carenet_id = carenet_id))

    # Read the demographics document, this should work
    resp = bob_chrome_client.call('GET', '/carenets/%s/demographics'%carenet_id, options={'parameters':{'response_format':'application/xml'}} )
    demographics_doc = parse_xml(resp)
    family_name = xpath(demographics_doc, '/Models/Model/Field[@name="name_family"]/text()')
    assert(family_name)

    bob_chrome_client.get_account_permissions(account_id=bob_account_id)
    bob_chrome_client.get_carenet_account_permissions(carenet_id= carenet_id,
                                                      record_id=record_id, 
                                                      account_id=bob_account_id)

    # Not yet implemented
    #bob_chrome_client.get_carenet_app_permissions(account_id=bob_account_id)

    return True
def test_userapp_document_handling(IndivoClient):
    PRD = 'prd'

    try:
        admin_client = IndivoClient(data.machine_app_email,
                                    data.machine_app_secret)
        record_id = admin_client.create_record(
            data=data.contact).response[PRD]['Record'][0]
        admin_client.set_app_id(data.app_email)
        admin_client.get_version()

        token = admin_client.setup_app(record_id=record_id,
                                       app_id=data.app_email).response[PRD]
        user_client = IndivoClient(data.app_email, 'norepinephrine')

        # Should return a 403
        assert_403(user_client.read_record(record_id=record_id))

        # set up the credentials and now this should work
        user_client.set_app_id(data.app_email)
        user_client.update_token(token)

        user_client.post_app_document(data=data.access_key)
        doc_id = user_client.post_app_document(
            data=data.patient_access_key).response[PRD]['Document'][0]

        user_client.read_app_document(document_id=doc_id)
        user_client.read_app_documents(parameters={'type': 'PatientAccessKey'})
        user_client.read_app_documents(parameters={'type': 'AccessKey'})
        user_client.read_app_document_meta(document_id=doc_id)
        user_client.read_app_document()
        user_client.post_app_document_ext(external_id='extid', data=data.doc01)

        user_client.read_app_document_ext_meta(external_id='extid')
        user_client.read_app_documents()

        #user_client.create_or_replace_app_document, document_id=doc_id, data=data.doc02)
        #user_client.post_app_document_label(data.app_email, doc_id, label)
        #user_client.remove_app_document(data.app_email, doc_id)
    except Exception, e:
        return False, e
def test_userapp_document_handling(IndivoClient):
  PRD = 'prd'

  try:
    admin_client = IndivoClient(data.machine_app_email, data.machine_app_secret)
    record_id = admin_client.create_record(data=data.contact).response[PRD]['Record'][0]
    admin_client.set_app_id(data.app_email)
    admin_client.get_version()

    token = admin_client.setup_app(record_id=record_id, app_id=data.app_email).response[PRD]
    user_client = IndivoClient(data.app_email, 'norepinephrine')

    # Should return a 403
    assert_403(user_client.read_record(record_id=record_id))

    # set up the credentials and now this should work
    user_client.set_app_id(data.app_email)
    user_client.update_token(token)

    user_client.post_app_document(data=data.access_key)
    doc_id = user_client.post_app_document(data=data.patient_access_key).response[PRD]['Document'][0]

    user_client.read_app_document(document_id=doc_id)
    user_client.read_app_documents(parameters={'type':'PatientAccessKey'})
    user_client.read_app_documents(parameters={'type':'AccessKey'})
    user_client.read_app_document_meta(document_id=doc_id)
    user_client.read_app_document()
    user_client.post_app_document_ext(external_id='extid', data=data.doc01)

    user_client.read_app_document_ext_meta(external_id='extid')
    user_client.read_app_documents()

    #user_client.create_or_replace_app_document, document_id=doc_id, data=data.doc02)
    #user_client.post_app_document_label(data.app_email, doc_id, label)
    #user_client.remove_app_document(data.app_email, doc_id)
  except Exception, e:
    return False, e
示例#5
0
    def bob_setup(bob_account_id, record_id, carenet_id, allowed_docs,
                  disallowed_docs):
        bob_chrome_client = IndivoClient('chrome', 'chrome')
        bob_chrome_client.create_session(data.account02)

        # SZ: Bob should NOT be able to read the docs directly in the record
        for doc_id in allowed_docs + disallowed_docs:
            assert_403(
                bob_chrome_client.read_document(record_id=record_id,
                                                document_id=doc_id))

        assert_403(bob_chrome_client.get_record_carenets(record_id=record_id))

        # Bob should be able to read the allowed docs

        for doc_id in allowed_docs:
            assert_200(
                bob_chrome_client.get_carenet_document(carenet_id=carenet_id,
                                                       document_id=doc_id))

        # Bob should not be able to read the disallowed docs
        for doc_id in disallowed_docs:
            assert_404(
                bob_chrome_client.get_carenet_document(carenet_id=carenet_id,
                                                       document_id=doc_id))

        # Bob should be able to list docs in the carenet
        carenet_documents_list = bob_chrome_client.get_carenet_documents(
            carenet_id=carenet_id).response[PRD]['Document']

        # with a parameter
        carenet_documents_list = bob_chrome_client.get_carenet_documents(
            carenet_id=carenet_id,
            parameters={
                'type': 'http://indivo.org/vocab/xml/documents#Allergy'
            }).response[PRD]['Document']

        # Read carenet allergies
        # TODO: replace with generic call
        # assert_200(bob_chrome_client.read_carenet_allergies(carenet_id = carenet_id))

        # Read the demographics document, this should work
        resp = bob_chrome_client.call(
            'GET',
            '/carenets/%s/demographics' % carenet_id,
            options={'parameters': {
                'response_format': 'application/xml'
            }})
        demographics_doc = parse_xml(resp)
        family_name = xpath(demographics_doc,
                            '/Models/Model/Field[@name="name_family"]/text()')
        assert (family_name)

        bob_chrome_client.get_account_permissions(account_id=bob_account_id)
        bob_chrome_client.get_carenet_account_permissions(
            carenet_id=carenet_id,
            record_id=record_id,
            account_id=bob_account_id)

        # Not yet implemented
        #bob_chrome_client.get_carenet_app_permissions(account_id=bob_account_id)

        return True
示例#6
0
    def bob_setup(bob_account_id, record_id, carenet_id, allowed_docs,
                  disallowed_docs):
        bob_chrome_client = IndivoClient('chrome', 'chrome')
        bob_chrome_client.create_session(data.account02)

        # SZ: Bob should NOT be able to read the docs directly in the record
        for doc_id in allowed_docs + disallowed_docs:
            assert_403(
                bob_chrome_client.read_document(record_id=record_id,
                                                document_id=doc_id))

        assert_403(bob_chrome_client.get_record_carenets(record_id=record_id))

        # Bob should be able to read the allowed docs
        for doc_id in allowed_docs:
            assert_200(
                bob_chrome_client.get_carenet_document(carenet_id=carenet_id,
                                                       document_id=doc_id))

        # Bob should not be able to read the disallowed docs
        for doc_id in disallowed_docs:
            assert_404(
                bob_chrome_client.get_carenet_document(carenet_id=carenet_id,
                                                       document_id=doc_id))

        # Bob should be able to list docs in the carenet
        carenet_documents_list = bob_chrome_client.get_carenet_documents(
            carenet_id=carenet_id).response[PRD]['Document']

        # with a parameter
        carenet_documents_list = bob_chrome_client.get_carenet_documents(
            carenet_id=carenet_id,
            parameters={
                'type': 'http://indivo.org/vocab/xml/documents#Allergy'
            }).response[PRD]['Document']

        # Read carenet allergies
        assert_200(
            bob_chrome_client.read_carenet_allergies(carenet_id=carenet_id))
        assert_200(
            bob_chrome_client.read_carenet_problems(carenet_id=carenet_id))

        # Read the contact document, this should work
        contact_doc = parse_xml(
            bob_chrome_client.read_carenet_special_document(
                carenet_id=carenet_id, special_document='contact'))
        contact_name = xpath(
            contact_doc,
            '/ns:Contact/ns:name/ns:fullName/text()',
            namespaces={'ns': 'http://indivo.org/vocab/xml/documents#'})
        assert (contact_name)

        bob_chrome_client.get_account_permissions(account_id=bob_account_id)
        bob_chrome_client.get_carenet_account_permissions(
            carenet_id=carenet_id,
            record_id=record_id,
            account_id=bob_account_id)

        # Not yet implemented
        #bob_chrome_client.get_carenet_app_permissions(account_id=bob_account_id)

        return True
def test_account(IndivoClient):
  try:

    chrome_client = IndivoClient('chrome', 'chrome')

    # simplest test case
    chrome_client.create_account({'user_email' : '*****@*****.**', 'contact_email':'*****@*****.**', 'user_pass': '******'})
    chrome_client.add_auth_system(account_id='*****@*****.**', data={'system':'password', 'username':'******', 'password': '******'})
      
    # create an account
    chrome_client.create_account({'user_email' : '*****@*****.**', 'primary_secret_p' : '1', 'secondary_secret_p' : '1', 'contact_email':'*****@*****.**'})

    # reset it
    chrome_client.account_reset(account_id='*****@*****.**')

    # get the account info 
    account_resp = chrome_client.account_info(account_id = '*****@*****.**')
    parsed_resp = ElementTree.fromstring(account_resp.response['response_data'])
    secondary_secret = parsed_resp.findtext('secret')

    # get the primary secret
    primary_secret_resp = chrome_client.account_primary_secret(account_id = '*****@*****.**')
    parsed_resp = ElementTree.fromstring(primary_secret_resp.response['response_data'])
    primary_secret = parsed_resp.text

    # initialize it
    chrome_client.account_initialize(account_id='*****@*****.**', primary_secret=primary_secret, data={'secondary_secret':secondary_secret})

    # set username and password
    chrome_client.add_auth_system(account_id='*****@*****.**', data={'system':'password', 'username':'******', 'password': '******'})

    # set the password to something else
    chrome_client.account_set_password(account_id='*****@*****.**', data={'password':'******'})      
      
    # change the state back and forth
    chrome_client.account_set_state(account_id='*****@*****.**', data={'state': 'disabled'})
    chrome_client.account_set_state(account_id='*****@*****.**', data={'state': 'active'})
    chrome_client.account_set_state(account_id='*****@*****.**', data={'state': 'retired'})
    assert_403(chrome_client.account_set_state(account_id='*****@*****.**', data={'state': 'active'}))

    # see if we can create a session for it
    chrome_client.create_session({'username':'******','user_pass':'******'})

    # now the token is in the client, we can change the password
    chrome_client.account_change_password(account_id = '*****@*****.**', data={'old':'test2','new':'test3'})

    # change the info
    assert_200(chrome_client.account_info_set(account_id= '*****@*****.**', data={'contact_email':'*****@*****.**','full_name':'Ben2 Adida'}))

    # change the username
    assert_200(chrome_client.account_username_set(account_id='*****@*****.**', data={'username':'******'}))

    chrome_client = IndivoClient('chrome', 'chrome')
    chrome_client.create_session({'username':'******','user_pass':'******'})
    
    # do account search
    chrome_client = IndivoClient('chrome', 'chrome')
    accounts = parse_xml(chrome_client.account_search(parameters={'contact_email': '*****@*****.**'}))
    accounts2 = parse_xml(chrome_client.account_search(parameters={'fullname': 'Steve Zabak'}))

    # create an account with a mychildrens auth system
    chrome_client.create_account({'user_email' : '*****@*****.**', 'primary_secret_p' : '0', 'secondary_secret_p' : '0', 'contact_email':'*****@*****.**'})
    chrome_client.add_auth_system(account_id='*****@*****.**', data={'system':'mychildrens', 'username':'******'})
    
    # FIXME: this call doesn't do anything, probably because of some internal magic that fails if there is no password field
    chrome_client.create_session({'username':'******','system':'mychildrens'})
  except Exception, e:
    return False, e
示例#8
0
def test_account(IndivoClient):
    try:

        chrome_client = IndivoClient('chrome', 'chrome')

        # simplest test case
        chrome_client.create_account({
            'user_email': '*****@*****.**',
            'contact_email': '*****@*****.**',
            'user_pass': '******'
        })
        chrome_client.add_auth_system(account_id='*****@*****.**',
                                      data={
                                          'system': 'password',
                                          'username': '******',
                                          'password': '******'
                                      })

        # create an account
        chrome_client.create_account({
            'user_email': '*****@*****.**',
            'primary_secret_p': '1',
            'secondary_secret_p': '1',
            'contact_email': '*****@*****.**'
        })

        # reset it
        chrome_client.account_reset(account_id='*****@*****.**')

        # get the account info
        account_resp = chrome_client.account_info(account_id='*****@*****.**')
        parsed_resp = ElementTree.fromstring(
            account_resp.response['response_data'])
        secondary_secret = parsed_resp.findtext('secret')

        # get the primary secret
        primary_secret_resp = chrome_client.account_primary_secret(
            account_id='*****@*****.**')
        parsed_resp = ElementTree.fromstring(
            primary_secret_resp.response['response_data'])
        primary_secret = parsed_resp.text

        # initialize it
        chrome_client.account_initialize(
            account_id='*****@*****.**',
            primary_secret=primary_secret,
            data={'secondary_secret': secondary_secret})

        # set username and password
        chrome_client.add_auth_system(account_id='*****@*****.**',
                                      data={
                                          'system': 'password',
                                          'username': '******',
                                          'password': '******'
                                      })

        # set the password to something else
        chrome_client.account_set_password(account_id='*****@*****.**',
                                           data={'password': '******'})

        # change the state back and forth
        chrome_client.account_set_state(account_id='*****@*****.**',
                                        data={'state': 'disabled'})
        chrome_client.account_set_state(account_id='*****@*****.**',
                                        data={'state': 'active'})
        chrome_client.account_set_state(account_id='*****@*****.**',
                                        data={'state': 'retired'})
        assert_403(
            chrome_client.account_set_state(account_id='*****@*****.**',
                                            data={'state': 'active'}))

        # see if we can create a session for it
        chrome_client.create_session({'username': '******', 'user_pass': '******'})

        # now the token is in the client, we can change the password
        chrome_client.account_change_password(account_id='*****@*****.**',
                                              data={
                                                  'old': 'test2',
                                                  'new': 'test3'
                                              })

        # change the info
        assert_200(
            chrome_client.account_info_set(account_id='*****@*****.**',
                                           data={
                                               'contact_email':
                                               '*****@*****.**',
                                               'full_name': 'Ben2 Adida'
                                           }))

        # change the username
        assert_200(
            chrome_client.account_username_set(account_id='*****@*****.**',
                                               data={'username': '******'}))

        chrome_client = IndivoClient('chrome', 'chrome')
        chrome_client.create_session({'username': '******', 'user_pass': '******'})

        # do account search
        chrome_client = IndivoClient('chrome', 'chrome')
        accounts = parse_xml(
            chrome_client.account_search(
                parameters={'contact_email': '*****@*****.**'}))
        accounts2 = parse_xml(
            chrome_client.account_search(
                parameters={'fullname': 'Steve Zabak'}))

        # create an account with a mychildrens auth system
        chrome_client.create_account({
            'user_email': '*****@*****.**',
            'primary_secret_p': '0',
            'secondary_secret_p': '0',
            'contact_email': '*****@*****.**'
        })
        chrome_client.add_auth_system(account_id='*****@*****.**',
                                      data={
                                          'system': 'mychildrens',
                                          'username': '******'
                                      })

        # FIXME: this call doesn't do anything, probably because of some internal magic that fails if there is no password field
        chrome_client.create_session({
            'username': '******',
            'system': 'mychildrens'
        })
    except Exception, e:
        return False, e