Tests for delegation

master
Bob Mottram 2019-07-18 17:21:26 +01:00
parent 958e76ea89
commit 4f6e9eb87f
2 changed files with 105 additions and 25 deletions

View File

@ -61,49 +61,57 @@ def getRoles(baseDir: str,nickname: str,domain: str, \
return actorJson['roles'][project] return actorJson['roles'][project]
return None return None
def outboxDelegate(baseDir: str,messageJson: {},debug: bool) -> None: def outboxDelegate(baseDir: str,messageJson: {},debug: bool) -> bool:
"""Handles receiving a delegation request """Handles receiving a delegation request
""" """
if not messageJson.get('type'): if not messageJson.get('type'):
return return False
if not messageJson['type']=='Delegate': if not messageJson['type']=='Delegate':
return return False
if not messageJson.get('object'): if not messageJson.get('object'):
return return False
if not isinstance(messageJson['object'], dict): if not isinstance(messageJson['object'], dict):
return return False
if not messageJson['object'].get('type'): if not messageJson['object'].get('type'):
return return False
if not messageJson['object']['type']=='Role': if not messageJson['object']['type']=='Role':
return return False
if not messageJson['object'].get('object'): if not messageJson['object'].get('object'):
return return False
if not messageJson['object'].get('actor'): if not messageJson['object'].get('actor'):
return return False
if not isinstance(messageJson['object']['object'], str): if not isinstance(messageJson['object']['object'], str):
return return False
if ';' not in messageJson['object']['object']: if ';' not in messageJson['object']['object']:
print('WARN: No ; separator between project and role') print('WARN: No ; separator between project and role')
return return False
if debug:
print('DEBUG: delegate activity arrived in outbox')
delegatorNickname=getNicknameFromActor(messageJson['actor']) delegatorNickname=getNicknameFromActor(messageJson['actor'])
domain,port=getDomainFromActor(messageJson['actor']) domain,port=getDomainFromActor(messageJson['actor'])
project=messageJson['object']['object'].split(';')[0].strip() project=messageJson['object']['object'].split(';')[0].strip()
# does the delegator have capability to delegate in this project? # instance delegators can delagate to other projects
# than their own
canDelegate=False
delegatorRoles=getRoles(baseDir,delegatorNickname, \ delegatorRoles=getRoles(baseDir,delegatorNickname, \
domain,project) domain,'instance')
if delegatorRoles: if delegatorRoles:
if 'delegator' not in delegatorRoles: if 'delegator' in delegatorRoles:
# instance delegators can delagate to other projects canDelegate=True
# than their own
delegatorRoles=getRoles(baseDir,delegatorNickname, \
domain,'instance')
if 'delegator' not in delegatorRoles:
return
if canDelegate==False:
canDelegate=True
# non-instance delegators can only delegate within their project
delegatorRoles=getRoles(baseDir,delegatorNickname, \
domain,project)
if delegatorRoles:
if 'delegator' not in delegatorRoles:
return False
else:
return False
if canDelegate==False:
return False
nickname=getNicknameFromActor(messageJson['object']['actor']) nickname=getNicknameFromActor(messageJson['object']['actor'])
domainFull=domain domainFull=domain
if port: if port:
@ -115,10 +123,13 @@ def outboxDelegate(baseDir: str,messageJson: {},debug: bool) -> None:
existingRoles=getRoles(baseDir,nickname,domain,project) existingRoles=getRoles(baseDir,nickname,domain,project)
if existingRoles: if existingRoles:
if role in existingRoles: if role in existingRoles:
print(nickname+'@'+domain+' is already assigned to the role '+role+' within the project '+project) if debug:
return print(nickname+'@'+domain+' is already assigned to the role '+role+' within the project '+project)
return False
setRole(baseDir,nickname,domain,project,role) setRole(baseDir,nickname,domain,project,role)
print(nickname+'@'+domain+' assigned to the role '+role+' within the project '+project) if debug:
print(nickname+'@'+domain+' assigned to the role '+role+' within the project '+project)
return True
def sendRoleViaServer(session,delegatorNickname: str,password: str, def sendRoleViaServer(session,delegatorNickname: str,password: str,
delegatorDomain: str,delegatorPort: int, \ delegatorDomain: str,delegatorPort: int, \

View File

@ -45,6 +45,8 @@ from person import setPreferredNickname
from person import setBio from person import setBio
from person import setSkillLevel from person import setSkillLevel
from roles import setRole from roles import setRole
from roles import getRoles
from roles import outboxDelegate
from auth import createBasicAuthHeader from auth import createBasicAuthHeader
from auth import authorizeBasic from auth import authorizeBasic
from auth import storeBasicCredentials from auth import storeBasicCredentials
@ -935,6 +937,72 @@ def testCreatePerson():
os.chdir(currDir) os.chdir(currDir)
shutil.rmtree(baseDir) shutil.rmtree(baseDir)
def testDelegateRoles():
print('testDelegateRoles')
currDir=os.getcwd()
nickname='test382'
nicknameDelegated='test383'
domain='badgerdomain.com'
password='mypass'
port=80
httpPrefix='https'
clientToServer=False
useBlurhash=False
baseDir=currDir+'/.tests_delegaterole'
if os.path.isdir(baseDir):
shutil.rmtree(baseDir)
os.mkdir(baseDir)
os.chdir(baseDir)
privateKeyPem,publicKeyPem,person,wfEndpoint=createPerson(baseDir,nickname,domain,port,httpPrefix,True,password)
privateKeyPem,publicKeyPem,person,wfEndpoint=createPerson(baseDir,nicknameDelegated,domain,port,httpPrefix,True,'insecure')
httpPrefix='http'
project='artechoke'
role='delegator'
newRoleJson = {
'type': 'Delegate',
'actor': httpPrefix+'://'+domain+'/users/'+nickname,
'object': {
'type': 'Role',
'actor': httpPrefix+'://'+domain+'/users/'+nicknameDelegated,
'object': project+';'+role,
'to': [],
'cc': []
},
'to': [],
'cc': []
}
assert outboxDelegate(baseDir,newRoleJson,False)
# second time delegation has already happened so should return false
assert outboxDelegate(baseDir,newRoleJson,False)==False
assert '"delegator"' in open(baseDir+'/accounts/'+nickname+'@'+domain+'.json').read()
assert '"delegator"' in open(baseDir+'/accounts/'+nicknameDelegated+'@'+domain+'.json').read()
newRoleJson = {
'type': 'Delegate',
'actor': httpPrefix+'://'+domain+'/users/'+nicknameDelegated,
'object': {
'type': 'Role',
'actor': httpPrefix+'://'+domain+'/users/'+nickname,
'object': 'otherproject;otherrole',
'to': [],
'cc': []
},
'to': [],
'cc': []
}
# non-delegators cannot assign roles
assert outboxDelegate(baseDir,newRoleJson,False)==False
assert '"otherrole"' not in open(baseDir+'/accounts/'+nickname+'@'+domain+'.json').read()
assert False
os.chdir(currDir)
shutil.rmtree(baseDir)
def testAuthentication(): def testAuthentication():
print('testAuthentication') print('testAuthentication')
currDir=os.getcwd() currDir=os.getcwd()
@ -1242,4 +1310,5 @@ def runAllTests():
testNoOfFollowersOnDomain() testNoOfFollowersOnDomain()
testFollows() testFollows()
testGroupFollowers() testGroupFollowers()
testDelegateRoles()
print('Tests succeeded\n') print('Tests succeeded\n')