mirror of https://gitlab.com/bashrc2/epicyon
Tests for delegation
parent
958e76ea89
commit
4f6e9eb87f
61
roles.py
61
roles.py
|
@ -61,49 +61,57 @@ def getRoles(baseDir: str,nickname: str,domain: str, \
|
||||||
return actorJson['roles'][project]
|
return actorJson['roles'][project]
|
||||||
return None
|
return None
|
||||||
|
|
||||||
def outboxDelegate(baseDir: str,messageJson: {},debug: bool) -> None:
|
def outboxDelegate(baseDir: str,messageJson: {},debug: bool) -> bool:
|
||||||
"""Handles receiving a delegation request
|
"""Handles receiving a delegation request
|
||||||
"""
|
"""
|
||||||
if not messageJson.get('type'):
|
if not messageJson.get('type'):
|
||||||
return
|
return False
|
||||||
if not messageJson['type']=='Delegate':
|
if not messageJson['type']=='Delegate':
|
||||||
return
|
return False
|
||||||
if not messageJson.get('object'):
|
if not messageJson.get('object'):
|
||||||
return
|
return False
|
||||||
if not isinstance(messageJson['object'], dict):
|
if not isinstance(messageJson['object'], dict):
|
||||||
return
|
return False
|
||||||
if not messageJson['object'].get('type'):
|
if not messageJson['object'].get('type'):
|
||||||
return
|
return False
|
||||||
if not messageJson['object']['type']=='Role':
|
if not messageJson['object']['type']=='Role':
|
||||||
return
|
return False
|
||||||
if not messageJson['object'].get('object'):
|
if not messageJson['object'].get('object'):
|
||||||
return
|
return False
|
||||||
if not messageJson['object'].get('actor'):
|
if not messageJson['object'].get('actor'):
|
||||||
return
|
return False
|
||||||
if not isinstance(messageJson['object']['object'], str):
|
if not isinstance(messageJson['object']['object'], str):
|
||||||
return
|
return False
|
||||||
if ';' not in messageJson['object']['object']:
|
if ';' not in messageJson['object']['object']:
|
||||||
print('WARN: No ; separator between project and role')
|
print('WARN: No ; separator between project and role')
|
||||||
return
|
return False
|
||||||
if debug:
|
|
||||||
print('DEBUG: delegate activity arrived in outbox')
|
|
||||||
|
|
||||||
delegatorNickname=getNicknameFromActor(messageJson['actor'])
|
delegatorNickname=getNicknameFromActor(messageJson['actor'])
|
||||||
domain,port=getDomainFromActor(messageJson['actor'])
|
domain,port=getDomainFromActor(messageJson['actor'])
|
||||||
project=messageJson['object']['object'].split(';')[0].strip()
|
project=messageJson['object']['object'].split(';')[0].strip()
|
||||||
|
|
||||||
# does the delegator have capability to delegate in this project?
|
# instance delegators can delagate to other projects
|
||||||
|
# than their own
|
||||||
|
canDelegate=False
|
||||||
delegatorRoles=getRoles(baseDir,delegatorNickname, \
|
delegatorRoles=getRoles(baseDir,delegatorNickname, \
|
||||||
domain,project)
|
domain,'instance')
|
||||||
if delegatorRoles:
|
if delegatorRoles:
|
||||||
if 'delegator' not in delegatorRoles:
|
if 'delegator' in delegatorRoles:
|
||||||
# instance delegators can delagate to other projects
|
canDelegate=True
|
||||||
# than their own
|
|
||||||
delegatorRoles=getRoles(baseDir,delegatorNickname, \
|
|
||||||
domain,'instance')
|
|
||||||
if 'delegator' not in delegatorRoles:
|
|
||||||
return
|
|
||||||
|
|
||||||
|
if canDelegate==False:
|
||||||
|
canDelegate=True
|
||||||
|
# non-instance delegators can only delegate within their project
|
||||||
|
delegatorRoles=getRoles(baseDir,delegatorNickname, \
|
||||||
|
domain,project)
|
||||||
|
if delegatorRoles:
|
||||||
|
if 'delegator' not in delegatorRoles:
|
||||||
|
return False
|
||||||
|
else:
|
||||||
|
return False
|
||||||
|
|
||||||
|
if canDelegate==False:
|
||||||
|
return False
|
||||||
nickname=getNicknameFromActor(messageJson['object']['actor'])
|
nickname=getNicknameFromActor(messageJson['object']['actor'])
|
||||||
domainFull=domain
|
domainFull=domain
|
||||||
if port:
|
if port:
|
||||||
|
@ -115,10 +123,13 @@ def outboxDelegate(baseDir: str,messageJson: {},debug: bool) -> None:
|
||||||
existingRoles=getRoles(baseDir,nickname,domain,project)
|
existingRoles=getRoles(baseDir,nickname,domain,project)
|
||||||
if existingRoles:
|
if existingRoles:
|
||||||
if role in existingRoles:
|
if role in existingRoles:
|
||||||
print(nickname+'@'+domain+' is already assigned to the role '+role+' within the project '+project)
|
if debug:
|
||||||
return
|
print(nickname+'@'+domain+' is already assigned to the role '+role+' within the project '+project)
|
||||||
|
return False
|
||||||
setRole(baseDir,nickname,domain,project,role)
|
setRole(baseDir,nickname,domain,project,role)
|
||||||
print(nickname+'@'+domain+' assigned to the role '+role+' within the project '+project)
|
if debug:
|
||||||
|
print(nickname+'@'+domain+' assigned to the role '+role+' within the project '+project)
|
||||||
|
return True
|
||||||
|
|
||||||
def sendRoleViaServer(session,delegatorNickname: str,password: str,
|
def sendRoleViaServer(session,delegatorNickname: str,password: str,
|
||||||
delegatorDomain: str,delegatorPort: int, \
|
delegatorDomain: str,delegatorPort: int, \
|
||||||
|
|
69
tests.py
69
tests.py
|
@ -45,6 +45,8 @@ from person import setPreferredNickname
|
||||||
from person import setBio
|
from person import setBio
|
||||||
from person import setSkillLevel
|
from person import setSkillLevel
|
||||||
from roles import setRole
|
from roles import setRole
|
||||||
|
from roles import getRoles
|
||||||
|
from roles import outboxDelegate
|
||||||
from auth import createBasicAuthHeader
|
from auth import createBasicAuthHeader
|
||||||
from auth import authorizeBasic
|
from auth import authorizeBasic
|
||||||
from auth import storeBasicCredentials
|
from auth import storeBasicCredentials
|
||||||
|
@ -935,6 +937,72 @@ def testCreatePerson():
|
||||||
os.chdir(currDir)
|
os.chdir(currDir)
|
||||||
shutil.rmtree(baseDir)
|
shutil.rmtree(baseDir)
|
||||||
|
|
||||||
|
def testDelegateRoles():
|
||||||
|
print('testDelegateRoles')
|
||||||
|
currDir=os.getcwd()
|
||||||
|
nickname='test382'
|
||||||
|
nicknameDelegated='test383'
|
||||||
|
domain='badgerdomain.com'
|
||||||
|
password='mypass'
|
||||||
|
port=80
|
||||||
|
httpPrefix='https'
|
||||||
|
clientToServer=False
|
||||||
|
useBlurhash=False
|
||||||
|
baseDir=currDir+'/.tests_delegaterole'
|
||||||
|
if os.path.isdir(baseDir):
|
||||||
|
shutil.rmtree(baseDir)
|
||||||
|
os.mkdir(baseDir)
|
||||||
|
os.chdir(baseDir)
|
||||||
|
|
||||||
|
privateKeyPem,publicKeyPem,person,wfEndpoint=createPerson(baseDir,nickname,domain,port,httpPrefix,True,password)
|
||||||
|
privateKeyPem,publicKeyPem,person,wfEndpoint=createPerson(baseDir,nicknameDelegated,domain,port,httpPrefix,True,'insecure')
|
||||||
|
|
||||||
|
httpPrefix='http'
|
||||||
|
project='artechoke'
|
||||||
|
role='delegator'
|
||||||
|
newRoleJson = {
|
||||||
|
'type': 'Delegate',
|
||||||
|
'actor': httpPrefix+'://'+domain+'/users/'+nickname,
|
||||||
|
'object': {
|
||||||
|
'type': 'Role',
|
||||||
|
'actor': httpPrefix+'://'+domain+'/users/'+nicknameDelegated,
|
||||||
|
'object': project+';'+role,
|
||||||
|
'to': [],
|
||||||
|
'cc': []
|
||||||
|
},
|
||||||
|
'to': [],
|
||||||
|
'cc': []
|
||||||
|
}
|
||||||
|
|
||||||
|
assert outboxDelegate(baseDir,newRoleJson,False)
|
||||||
|
# second time delegation has already happened so should return false
|
||||||
|
assert outboxDelegate(baseDir,newRoleJson,False)==False
|
||||||
|
|
||||||
|
assert '"delegator"' in open(baseDir+'/accounts/'+nickname+'@'+domain+'.json').read()
|
||||||
|
assert '"delegator"' in open(baseDir+'/accounts/'+nicknameDelegated+'@'+domain+'.json').read()
|
||||||
|
|
||||||
|
newRoleJson = {
|
||||||
|
'type': 'Delegate',
|
||||||
|
'actor': httpPrefix+'://'+domain+'/users/'+nicknameDelegated,
|
||||||
|
'object': {
|
||||||
|
'type': 'Role',
|
||||||
|
'actor': httpPrefix+'://'+domain+'/users/'+nickname,
|
||||||
|
'object': 'otherproject;otherrole',
|
||||||
|
'to': [],
|
||||||
|
'cc': []
|
||||||
|
},
|
||||||
|
'to': [],
|
||||||
|
'cc': []
|
||||||
|
}
|
||||||
|
|
||||||
|
# non-delegators cannot assign roles
|
||||||
|
assert outboxDelegate(baseDir,newRoleJson,False)==False
|
||||||
|
assert '"otherrole"' not in open(baseDir+'/accounts/'+nickname+'@'+domain+'.json').read()
|
||||||
|
|
||||||
|
assert False
|
||||||
|
os.chdir(currDir)
|
||||||
|
shutil.rmtree(baseDir)
|
||||||
|
|
||||||
def testAuthentication():
|
def testAuthentication():
|
||||||
print('testAuthentication')
|
print('testAuthentication')
|
||||||
currDir=os.getcwd()
|
currDir=os.getcwd()
|
||||||
|
@ -1242,4 +1310,5 @@ def runAllTests():
|
||||||
testNoOfFollowersOnDomain()
|
testNoOfFollowersOnDomain()
|
||||||
testFollows()
|
testFollows()
|
||||||
testGroupFollowers()
|
testGroupFollowers()
|
||||||
|
testDelegateRoles()
|
||||||
print('Tests succeeded\n')
|
print('Tests succeeded\n')
|
||||||
|
|
Loading…
Reference in New Issue