+class TestAuthentication:
+ description = "Test Authentication"
+
+ @staticmethod
+ def run(engine, test_osm, manual_check, test_params=None):
+ engine.set_test_name("Authentication")
+ # backend = test_params.get("backend") if test_params else None # UNUSED
+
+ admin_project_id = test_project_id = None
+ project_admin_role_id = project_user_role_id = None
+ test_user_id = empty_user_id = None
+ default_role_id = empty_role_id = token_role_id = None
+
+ engine.get_autorization()
+
+ # GET
+ engine.test("Get tokens", "GET", "/admin/v1/tokens", headers_json, {},
+ (200), {"Content-Type": "application/json"}, "json")
+ engine.test("Get projects", "GET", "/admin/v1/projects", headers_json, {},
+ (200), {"Content-Type": "application/json"}, "json")
+ engine.test("Get users", "GET", "/admin/v1/users", headers_json, {},
+ (200), {"Content-Type": "application/json"}, "json")
+ engine.test("Get roles", "GET", "/admin/v1/roles", headers_json, {},
+ (200), {"Content-Type": "application/json"}, "json")
+ res = engine.test("Get admin project", "GET", "/admin/v1/projects?name=admin", headers_json, {},
+ (200), {"Content-Type": "application/json"}, "json")
+ admin_project_id = res.json()[0]["_id"] if res else None
+ res = engine.test("Get project admin role", "GET", "/admin/v1/roles?name=project_admin", headers_json, {},
+ (200), {"Content-Type": "application/json"}, "json")
+ project_admin_role_id = res.json()[0]["_id"] if res else None
+ res = engine.test("Get project user role", "GET", "/admin/v1/roles?name=project_user", headers_json, {},
+ (200), {"Content-Type": "application/json"}, "json")
+ project_user_role_id = res.json()[0]["_id"] if res else None
+
+ # POST
+ res = engine.test("Create test project", "POST", "/admin/v1/projects", headers_json, {"name": "test"},
+ (201), {"Location": "/admin/v1/projects/", "Content-Type": "application/json"}, "json")
+ test_project_id = engine.last_id if res else None
+ res = engine.test("Create role without permissions", "POST", "/admin/v1/roles", headers_json, {"name": "empty"},
+ (201), {"Content-Type": "application/json"}, "json")
+ empty_role_id = engine.last_id if res else None
+ res = engine.test("Create role with default permissions", "POST", "/admin/v1/roles", headers_json,
+ {"name": "default", "permissions": {"default": True}},
+ (201), {"Location": "/admin/v1/roles/", "Content-Type": "application/json"}, "json")
+ default_role_id = engine.last_id if res else None
+ res = engine.test("Create role with token permissions", "POST", "/admin/v1/roles", headers_json,
+ {"name": "tokens", "permissions": {"tokens": True}}, # is default required ?
+ (201), {"Location": "/admin/v1/roles/", "Content-Type": "application/json"}, "json")
+ token_role_id = engine.last_id if res else None
+ pr = "project-role mappings"
+ res = engine.test("Create user without "+pr, "POST", "/admin/v1/users", headers_json,
+ {"username": "empty", "password": "empty"},
+ 201, {"Content-Type": "application/json"}, "json")
+ empty_user_id = engine.last_id if res else None
+ if admin_project_id and test_project_id and project_admin_role_id and project_user_role_id:
+ data = {"username": "test", "password": "test"}
+ data["project_role_mappings"] = [
+ {"project": test_project_id, "role": project_admin_role_id},
+ {"project": admin_project_id, "role": project_user_role_id}
+ ]
+ res = engine.test("Create user with "+pr, "POST", "/admin/v1/users", headers_json, data,
+ (201), {"Content-Type": "application/json"}, "json")
+ test_user_id = engine.last_id if res else None
+
+ # PUT
+ if test_user_id:
+ engine.test("Modify test user's password", "PUT", "/admin/v1/users/"+test_user_id, headers_json,
+ {"password": "password"},
+ (204), {}, 0)
+ if empty_user_id and admin_project_id and test_project_id and project_admin_role_id and project_user_role_id:
+ data = {"project_role_mappings": [
+ {"project": test_project_id, "role": project_admin_role_id},
+ {"project": admin_project_id, "role": project_user_role_id}
+ ]}
+ engine.test("Modify empty user's "+pr, "PUT", "/admin/v1/users/"+empty_user_id,
+ headers_json,
+ data,
+ (204), {}, 0)
+
+ # DELETE
+ if empty_user_id:
+ engine.test("Delete empty user", "DELETE", "/admin/v1/users/"+empty_user_id, headers_json, {},
+ (204), {}, 0)
+ if test_user_id:
+ engine.test("Delete test user", "DELETE", "/admin/v1/users/"+test_user_id, headers_json, {},
+ (204), {}, 0)
+ if empty_role_id:
+ engine.test("Delete empty role", "DELETE", "/admin/v1/roles/"+empty_role_id, headers_json, {},
+ (204), {}, 0)
+ if default_role_id:
+ engine.test("Delete default role", "DELETE", "/admin/v1/roles/"+default_role_id, headers_json, {},
+ (204), {}, 0)
+ if token_role_id:
+ engine.test("Delete token role", "DELETE", "/admin/v1/roles/"+token_role_id, headers_json, {},
+ (204), {}, 0)
+ if test_project_id:
+ engine.test("Delete test project", "DELETE", "/admin/v1/projects/"+test_project_id, headers_json, {},
+ (204), {}, 0)
+
+ # END Tests
+
+ engine.remove_authorization() # To finish
+
+