From 4f6e9eb87ff2f25285ac09407a43cf4bfd4dc7df Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Thu, 18 Jul 2019 17:21:26 +0100 Subject: [PATCH] Tests for delegation --- roles.py | 61 +++++++++++++++++++++++++++++-------------------- tests.py | 69 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 105 insertions(+), 25 deletions(-) diff --git a/roles.py b/roles.py index e5b43922..5eb794cd 100644 --- a/roles.py +++ b/roles.py @@ -61,49 +61,57 @@ def getRoles(baseDir: str,nickname: str,domain: str, \ return actorJson['roles'][project] return None -def outboxDelegate(baseDir: str,messageJson: {},debug: bool) -> None: +def outboxDelegate(baseDir: str,messageJson: {},debug: bool) -> bool: """Handles receiving a delegation request """ if not messageJson.get('type'): - return + return False if not messageJson['type']=='Delegate': - return + return False if not messageJson.get('object'): - return + return False if not isinstance(messageJson['object'], dict): - return + return False if not messageJson['object'].get('type'): - return + return False if not messageJson['object']['type']=='Role': - return + return False if not messageJson['object'].get('object'): - return + return False if not messageJson['object'].get('actor'): - return + return False if not isinstance(messageJson['object']['object'], str): - return + return False if ';' not in messageJson['object']['object']: print('WARN: No ; separator between project and role') - return - if debug: - print('DEBUG: delegate activity arrived in outbox') + return False delegatorNickname=getNicknameFromActor(messageJson['actor']) domain,port=getDomainFromActor(messageJson['actor']) project=messageJson['object']['object'].split(';')[0].strip() - # does the delegator have capability to delegate in this project? + # instance delegators can delagate to other projects + # than their own + canDelegate=False delegatorRoles=getRoles(baseDir,delegatorNickname, \ - domain,project) + domain,'instance') if delegatorRoles: - if 'delegator' not in delegatorRoles: - # instance delegators can delagate to other projects - # than their own - delegatorRoles=getRoles(baseDir,delegatorNickname, \ - domain,'instance') + if 'delegator' in delegatorRoles: + canDelegate=True + + if canDelegate==False: + canDelegate=True + # non-instance delegators can only delegate within their project + delegatorRoles=getRoles(baseDir,delegatorNickname, \ + domain,project) + if delegatorRoles: if 'delegator' not in delegatorRoles: - return - + return False + else: + return False + + if canDelegate==False: + return False nickname=getNicknameFromActor(messageJson['object']['actor']) domainFull=domain if port: @@ -115,10 +123,13 @@ def outboxDelegate(baseDir: str,messageJson: {},debug: bool) -> None: existingRoles=getRoles(baseDir,nickname,domain,project) if existingRoles: if role in existingRoles: - print(nickname+'@'+domain+' is already assigned to the role '+role+' within the project '+project) - return + if debug: + print(nickname+'@'+domain+' is already assigned to the role '+role+' within the project '+project) + return False setRole(baseDir,nickname,domain,project,role) - print(nickname+'@'+domain+' assigned to the role '+role+' within the project '+project) + if debug: + print(nickname+'@'+domain+' assigned to the role '+role+' within the project '+project) + return True def sendRoleViaServer(session,delegatorNickname: str,password: str, delegatorDomain: str,delegatorPort: int, \ diff --git a/tests.py b/tests.py index b893d3be..dcee62f9 100644 --- a/tests.py +++ b/tests.py @@ -45,6 +45,8 @@ from person import setPreferredNickname from person import setBio from person import setSkillLevel from roles import setRole +from roles import getRoles +from roles import outboxDelegate from auth import createBasicAuthHeader from auth import authorizeBasic from auth import storeBasicCredentials @@ -935,6 +937,72 @@ def testCreatePerson(): os.chdir(currDir) shutil.rmtree(baseDir) +def testDelegateRoles(): + print('testDelegateRoles') + currDir=os.getcwd() + nickname='test382' + nicknameDelegated='test383' + domain='badgerdomain.com' + password='mypass' + port=80 + httpPrefix='https' + clientToServer=False + useBlurhash=False + baseDir=currDir+'/.tests_delegaterole' + if os.path.isdir(baseDir): + shutil.rmtree(baseDir) + os.mkdir(baseDir) + os.chdir(baseDir) + + privateKeyPem,publicKeyPem,person,wfEndpoint=createPerson(baseDir,nickname,domain,port,httpPrefix,True,password) + privateKeyPem,publicKeyPem,person,wfEndpoint=createPerson(baseDir,nicknameDelegated,domain,port,httpPrefix,True,'insecure') + + httpPrefix='http' + project='artechoke' + role='delegator' + newRoleJson = { + 'type': 'Delegate', + 'actor': httpPrefix+'://'+domain+'/users/'+nickname, + 'object': { + 'type': 'Role', + 'actor': httpPrefix+'://'+domain+'/users/'+nicknameDelegated, + 'object': project+';'+role, + 'to': [], + 'cc': [] + }, + 'to': [], + 'cc': [] + } + + assert outboxDelegate(baseDir,newRoleJson,False) + # second time delegation has already happened so should return false + assert outboxDelegate(baseDir,newRoleJson,False)==False + + assert '"delegator"' in open(baseDir+'/accounts/'+nickname+'@'+domain+'.json').read() + assert '"delegator"' in open(baseDir+'/accounts/'+nicknameDelegated+'@'+domain+'.json').read() + + newRoleJson = { + 'type': 'Delegate', + 'actor': httpPrefix+'://'+domain+'/users/'+nicknameDelegated, + 'object': { + 'type': 'Role', + 'actor': httpPrefix+'://'+domain+'/users/'+nickname, + 'object': 'otherproject;otherrole', + 'to': [], + 'cc': [] + }, + 'to': [], + 'cc': [] + } + + # non-delegators cannot assign roles + assert outboxDelegate(baseDir,newRoleJson,False)==False + assert '"otherrole"' not in open(baseDir+'/accounts/'+nickname+'@'+domain+'.json').read() + + assert False + os.chdir(currDir) + shutil.rmtree(baseDir) + def testAuthentication(): print('testAuthentication') currDir=os.getcwd() @@ -1242,4 +1310,5 @@ def runAllTests(): testNoOfFollowersOnDomain() testFollows() testGroupFollowers() + testDelegateRoles() print('Tests succeeded\n')