You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

176 lines
6.0 KiB

  1. # -*- coding: utf-8 -*-
  2. #
  3. # Copyright (C) 2017 Marcos Pereira <marcospereira.mpj@gmail.com>
  4. #
  5. # This program is free software: you can redistribute it and/or modify
  6. # it under the terms of the GNU Lesser General Public License as published by
  7. # the Free Software Foundation, either version 3 of the License, or
  8. # (at your option) any later version.
  9. #
  10. # This program is distributed in the hope that it will be useful,
  11. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  12. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  13. # GNU Lesser General Public License for more details.
  14. #
  15. # You should have received a copy of the GNU Lesser General Public License
  16. # along with this program. If not, see <http://www.gnu.org/licenses/>.
  17. """Test uma permissions."""
  18. import re
  19. import pytest
  20. from keycloak.exceptions import KeycloakPermissionFormatError, PermissionDefinitionError
  21. from keycloak.uma_permissions import Resource, Scope, build_permission_param
  22. def test_resource_with_scope_obj():
  23. """Test resource with scope."""
  24. r = Resource("Resource1")
  25. s = Scope("Scope1")
  26. assert r(s) == "Resource1#Scope1"
  27. def test_scope_with_resource_obj():
  28. """Test scope with resource."""
  29. r = Resource("Resource1")
  30. s = Scope("Scope1")
  31. assert s(r) == "Resource1#Scope1"
  32. def test_resource_scope_str():
  33. """Test resource scope as string."""
  34. r = Resource("Resource1")
  35. s = "Scope1"
  36. assert r(scope=s) == "Resource1#Scope1"
  37. def test_scope_resource_str():
  38. """Test scope resource as string."""
  39. r = "Resource1"
  40. s = Scope("Scope1")
  41. assert s(resource=r) == "Resource1#Scope1"
  42. def test_resource_scope_list():
  43. """Test resource scope as list."""
  44. r = Resource("Resource1")
  45. s = ["Scope1"]
  46. with pytest.raises(PermissionDefinitionError) as err:
  47. r(s)
  48. assert err.match(re.escape("can't determine if '['Scope1']' is a resource or scope"))
  49. def test_build_permission_none():
  50. """Test build permission param with None."""
  51. assert build_permission_param(None) == set()
  52. def test_build_permission_empty_str():
  53. """Test build permission param with an empty string."""
  54. assert build_permission_param("") == set()
  55. def test_build_permission_empty_list():
  56. """Test build permission param with an empty list."""
  57. assert build_permission_param([]) == set()
  58. def test_build_permission_empty_tuple():
  59. """Test build permission param with an empty tuple."""
  60. assert build_permission_param(()) == set()
  61. def test_build_permission_empty_set():
  62. """Test build permission param with an empty set."""
  63. assert build_permission_param(set()) == set()
  64. def test_build_permission_empty_dict():
  65. """Test build permission param with an empty dict."""
  66. assert build_permission_param({}) == set()
  67. def test_build_permission_str():
  68. """Test build permission param as string."""
  69. assert build_permission_param("resource1") == {"resource1"}
  70. def test_build_permission_list_str():
  71. """Test build permission param with list of strings."""
  72. assert build_permission_param(["res1#scope1", "res1#scope2"]) == {"res1#scope1", "res1#scope2"}
  73. def test_build_permission_tuple_str():
  74. """Test build permission param with tuple of strings."""
  75. assert build_permission_param(("res1#scope1", "res1#scope2")) == {"res1#scope1", "res1#scope2"}
  76. def test_build_permission_set_str():
  77. """Test build permission param with set of strings."""
  78. assert build_permission_param({"res1#scope1", "res1#scope2"}) == {"res1#scope1", "res1#scope2"}
  79. def test_build_permission_tuple_dict_str_str():
  80. """Test build permission param with dictionary."""
  81. assert build_permission_param({"res1": "scope1"}) == {"res1#scope1"}
  82. def test_build_permission_tuple_dict_str_list_str():
  83. """Test build permission param with dictionary of list."""
  84. assert build_permission_param({"res1": ["scope1", "scope2"]}) == {"res1#scope1", "res1#scope2"}
  85. def test_build_permission_tuple_dict_str_list_str2():
  86. """Test build permission param with mutliple-keyed dictionary."""
  87. assert build_permission_param(
  88. {"res1": ["scope1", "scope2"], "res2": ["scope2", "scope3"]}
  89. ) == {"res1#scope1", "res1#scope2", "res2#scope2", "res2#scope3"}
  90. def test_build_permission_uma():
  91. """Test build permission param with UMA."""
  92. assert build_permission_param(Resource("res1")(Scope("scope1"))) == {"res1#scope1"}
  93. def test_build_permission_uma_list():
  94. """Test build permission param with list of UMAs."""
  95. assert build_permission_param(
  96. [Resource("res1")(Scope("scope1")), Resource("res1")(Scope("scope2"))]
  97. ) == {"res1#scope1", "res1#scope2"}
  98. def test_build_permission_misbuilt_dict_str_list_list_str():
  99. """Test bad build of permission param from dictionary."""
  100. with pytest.raises(KeycloakPermissionFormatError) as err:
  101. build_permission_param({"res1": [["scope1", "scope2"]]})
  102. assert err.match(re.escape("misbuilt permission {'res1': [['scope1', 'scope2']]}"))
  103. def test_build_permission_misbuilt_list_list_str():
  104. """Test bad build of permission param from list."""
  105. with pytest.raises(KeycloakPermissionFormatError) as err:
  106. print(build_permission_param([["scope1", "scope2"]]))
  107. assert err.match(re.escape("misbuilt permission [['scope1', 'scope2']]"))
  108. def test_build_permission_misbuilt_list_set_str():
  109. """Test bad build of permission param from set."""
  110. with pytest.raises(KeycloakPermissionFormatError) as err:
  111. build_permission_param([{"scope1", "scope2"}])
  112. assert err.match("misbuilt permission.*")
  113. def test_build_permission_misbuilt_set_set_str():
  114. """Test bad build of permission param from list of set."""
  115. with pytest.raises(KeycloakPermissionFormatError) as err:
  116. build_permission_param([{"scope1"}])
  117. assert err.match(re.escape("misbuilt permission [{'scope1'}]"))
  118. def test_build_permission_misbuilt_dict_non_iterable():
  119. """Test bad build of permission param from non-iterable."""
  120. with pytest.raises(KeycloakPermissionFormatError) as err:
  121. build_permission_param({"res1": 5})
  122. assert err.match(re.escape("misbuilt permission {'res1': 5}"))