diff --git a/app/main.py b/app/main.py index aff11847..a94787fa 100644 --- a/app/main.py +++ b/app/main.py @@ -17,7 +17,6 @@ import db_models from database import engine from dependencies import get_db, log -from routers import auth_api from auth.authentication import create_super_user # pylint: enable=E0401 @@ -36,7 +35,8 @@ description=f"The server application that provides APIs to interact \ with the underlying Databases and modules in Vachan-Engine. \ \n • For Vachan-CMS docs: {root_url}/v2/cms/rest/docs,\ -\n • For Vachan-TBT docs: {root_url}/v2/text/translate/token-based/docs") +\n • For Vachan-TBT docs: {root_url}/v2/text/translate/token-based/docs,\ +\n • For Vachan-Auth Access docs: {root_url}/v2/auth-access/docs") template = Jinja2Templates(directory="templates") app.mount("/static", StaticFiles(directory="static"), name="static") @@ -228,7 +228,7 @@ def test(request: Request,db_: Session = Depends(get_db)): } ) -app.include_router(auth_api.router) +# app.include_router(auth_api.router) # app.include_router(content_apis.router) # app.include_router(media_api.router) # app.include_router(filehandling_apis.router) @@ -253,6 +253,7 @@ def custom_openapi(): underlying Databases \and modules in Vachan-Engine. " f"
Vachan-TBT docs " f"
Vachan-CMS docs " + f"
Vachan-Auth Access docs " ), routes=app.routes ) diff --git a/app/test/conftest.py b/app/test/conftest.py index e2bc0838..9bc6d0dd 100644 --- a/app/test/conftest.py +++ b/app/test/conftest.py @@ -38,190 +38,190 @@ def db_transaction(): trans.rollback() CONN.close() -#Users data with apps -initial_test_users = { - "AgAdmin": { - "user_email": "agadmintest@mail.test", - "password": "passwordtest@1", - "firstname": "Autographa", - "lastname": "Admin", - "token":"", - "test_user_id": "", - "app" : schema_auth.App.AG.value - }, - "SanketMASTAdmin": { - "user_email": "smadmintest@mail.test", - "password": "passwordtest@1", - "firstname": "SanketMAST", - "lastname": "Admin", - "token":"", - "test_user_id": "", - "app" : schema_auth.App.SMAST.value - }, - "BcsDev":{ - "user_email": "bcsdevtest@mail.test", - "password": "passwordtest@1", - "firstname": "BCS", - "lastname": "Developer", - "token":"", - "test_user_id": "", - "app" : schema_auth.App.API.value - }, - "AgUser":{ - "user_email": "agtest@mail.test", - "password": "passwordtest@1", - "firstname": "Autographa", - "lastname": "User", - "token":"", - "test_user_id": "", - "app" : schema_auth.App.AG.value - }, - "SanketMASTUser":{ - "user_email": "smtest@mail.test", - "password": "passwordtest@1", - "firstname": "SanketMAST", - "lastname": "User", - "token":"", - "test_user_id": "", - "app" : schema_auth.App.SMAST.value - }, - "VachanUser":{ - "user_email": "vachantest@mail.test", - "password": "passwordtest@1", - "firstname": "Vachan", - "lastname": "user", - "token":"", - "test_user_id": "", - "app" : schema_auth.App.VACHAN.value - }, - "APIUser":{ - "user_email": "apitest@mail.test", - "password": "passwordtest@1", - "firstname": "Api", - "lastname": "User", - "token":"", - "test_user_id": "", - "app" : schema_auth.App.API.value - }, - "VachanAdmin":{ - "user_email": "vachanadmintest@mail.test", - "password": "passwordtest@1", - "firstname": "Vachan", - "lastname": "Admin", - "token":"", - "test_user_id": "", - "app" : schema_auth.App.VACHAN.value - }, - "VachanContentAdmin":{ - "user_email": "vachancontentadmintest@mail.test", - "password": "passwordtest@1", - "firstname": "VachanContent", - "lastname": "Admin", - "token":"", - "test_user_id": "", - "app" : schema_auth.App.VACHANCONTENTDASHBOARD.value - }, - "VachanContentViewer":{ - "user_email": "vachancontentviewer@mail.test", - "password": "passwordtest@1", - "firstname": "VachanContent", - "lastname": "Vieer", - "token":"", - "test_user_id": "", - "app" : schema_auth.App.VACHANCONTENTDASHBOARD.value - }, - "APIUser2":{ - "user_email": "abctest@mail.test", - "password": "passwordtest@1", - "firstname": "Api", - "lastname": "User two", - "token":"", - "test_user_id": "", - "app" : schema_auth.App.API.value - }, - "AgUser2":{ - "user_email": "agtest2@mail.test", - "password": "passwordtest@1", - "firstname": "Autographa", - "lastname": "User Two", - "token":"", - "test_user_id": "", - "app" : schema_auth.App.AG.value - }, - "SanketMASTUser2":{ - "user_email": "smtest2@mail.test", - "password": "passwordtest@1", - "firstname": "SanketMAST", - "lastname": "User Two", - "token":"", - "test_user_id": "", - "app" : schema_auth.App.SMAST.value - } - } +# #Users data with apps +# initial_test_users = { +# "AgAdmin": { +# "user_email": "agadmintest@mail.test", +# "password": "passwordtest@1", +# "firstname": "Autographa", +# "lastname": "Admin", +# "token":"", +# "test_user_id": "", +# "app" : schema_auth.App.AG.value +# }, +# "SanketMASTAdmin": { +# "user_email": "smadmintest@mail.test", +# "password": "passwordtest@1", +# "firstname": "SanketMAST", +# "lastname": "Admin", +# "token":"", +# "test_user_id": "", +# "app" : schema_auth.App.SMAST.value +# }, +# "BcsDev":{ +# "user_email": "bcsdevtest@mail.test", +# "password": "passwordtest@1", +# "firstname": "BCS", +# "lastname": "Developer", +# "token":"", +# "test_user_id": "", +# "app" : schema_auth.App.API.value +# }, +# "AgUser":{ +# "user_email": "agtest@mail.test", +# "password": "passwordtest@1", +# "firstname": "Autographa", +# "lastname": "User", +# "token":"", +# "test_user_id": "", +# "app" : schema_auth.App.AG.value +# }, +# "SanketMASTUser":{ +# "user_email": "smtest@mail.test", +# "password": "passwordtest@1", +# "firstname": "SanketMAST", +# "lastname": "User", +# "token":"", +# "test_user_id": "", +# "app" : schema_auth.App.SMAST.value +# }, +# "VachanUser":{ +# "user_email": "vachantest@mail.test", +# "password": "passwordtest@1", +# "firstname": "Vachan", +# "lastname": "user", +# "token":"", +# "test_user_id": "", +# "app" : schema_auth.App.VACHAN.value +# }, +# "APIUser":{ +# "user_email": "apitest@mail.test", +# "password": "passwordtest@1", +# "firstname": "Api", +# "lastname": "User", +# "token":"", +# "test_user_id": "", +# "app" : schema_auth.App.API.value +# }, +# "VachanAdmin":{ +# "user_email": "vachanadmintest@mail.test", +# "password": "passwordtest@1", +# "firstname": "Vachan", +# "lastname": "Admin", +# "token":"", +# "test_user_id": "", +# "app" : schema_auth.App.VACHAN.value +# }, +# "VachanContentAdmin":{ +# "user_email": "vachancontentadmintest@mail.test", +# "password": "passwordtest@1", +# "firstname": "VachanContent", +# "lastname": "Admin", +# "token":"", +# "test_user_id": "", +# "app" : schema_auth.App.VACHANCONTENTDASHBOARD.value +# }, +# "VachanContentViewer":{ +# "user_email": "vachancontentviewer@mail.test", +# "password": "passwordtest@1", +# "firstname": "VachanContent", +# "lastname": "Vieer", +# "token":"", +# "test_user_id": "", +# "app" : schema_auth.App.VACHANCONTENTDASHBOARD.value +# }, +# "APIUser2":{ +# "user_email": "abctest@mail.test", +# "password": "passwordtest@1", +# "firstname": "Api", +# "lastname": "User two", +# "token":"", +# "test_user_id": "", +# "app" : schema_auth.App.API.value +# }, +# "AgUser2":{ +# "user_email": "agtest2@mail.test", +# "password": "passwordtest@1", +# "firstname": "Autographa", +# "lastname": "User Two", +# "token":"", +# "test_user_id": "", +# "app" : schema_auth.App.AG.value +# }, +# "SanketMASTUser2":{ +# "user_email": "smtest2@mail.test", +# "password": "passwordtest@1", +# "firstname": "SanketMAST", +# "lastname": "User Two", +# "token":"", +# "test_user_id": "", +# "app" : schema_auth.App.SMAST.value +# } +# } -#session fixture for access checks working -@pytest.fixture(scope="session", autouse=True) -def create_user_session_run_at_start(): - try: - print("Session fixture for create user------------------>") - from .test_auth_basic import register,delete_user_identity,assign_roles,SUPER_USER,SUPER_PASSWORD +# #session fixture for access checks working +# @pytest.fixture(scope="session", autouse=True) +# def create_user_session_run_at_start(): +# try: +# print("Session fixture for create user------------------>") +# from .test_auth_basic import register,delete_user_identity,assign_roles,SUPER_USER,SUPER_PASSWORD - for user_data in initial_test_users: - current_user = initial_test_users[user_data] - data = { - "email": current_user['user_email'], - "password": current_user['password'], - "firstname": current_user['firstname'], - "lastname": current_user['firstname'] - } - response = register(data, apptype=current_user['app']) - current_user['test_user_id'] = response.json()["registered_details"]["id"] - current_user['token'] = response.json()["token"] - #admin roles provide for - super_data = { - "user_email": SUPER_USER, - "password": SUPER_PASSWORD - } - #AgAdmin - role_user_id = initial_test_users["AgAdmin"]["test_user_id"] - role_list = [schema_auth.AdminRoles.AGADMIN.value] - response = assign_roles(super_data,role_user_id,role_list) - assert response.status_code == 201 - assert response.json()["role_list"] == \ - [schema_auth.AdminRoles.AGUSER.value, schema_auth.AdminRoles.AGADMIN.value] - #SanketMASTAdmin - role_user_id = initial_test_users["SanketMASTAdmin"]["test_user_id"] - role_list = [schema_auth.AdminRoles.SMASTADMIN.value] - response = assign_roles(super_data,role_user_id,role_list) - assert response.status_code == 201 - assert response.json()["role_list"] == \ - [schema_auth.AdminRoles.SMASTUSER.value, schema_auth.AdminRoles.SMASTADMIN.value] - #VachanAdmin - role_user_id = initial_test_users["VachanAdmin"]["test_user_id"] - role_list = [schema_auth.AdminRoles.VACHANADMIN.value] - response = assign_roles(super_data,role_user_id,role_list) - assert response.status_code == 201 - assert response.json()["role_list"] == \ - [schema_auth.AdminRoles.VACHANUSER.value, schema_auth.AdminRoles.VACHANADMIN.value] - #VachanContentAdmin - role_user_id = initial_test_users["VachanContentAdmin"]["test_user_id"] - role_list = [schema_auth.AdminRoles.VACHANCONTENTADMIN.value] - response = assign_roles(super_data,role_user_id,role_list) - assert response.status_code == 201 - assert response.json()["role_list"] == \ - [schema_auth.AdminRoles.VACHANCONTENTVIEWER.value, schema_auth.AdminRoles.VACHANCONTENTADMIN.value] - #BcsDeveloper - role_user_id = initial_test_users["BcsDev"]["test_user_id"] - role_list = [schema_auth.AdminRoles.BCSDEV.value] - response = assign_roles(super_data,role_user_id,role_list) - assert response.status_code == 201 - assert response.json()["role_list"] == \ - [schema_auth.AdminRoles.APIUSER.value, schema_auth.AdminRoles.BCSDEV.value] - yield initial_test_users - finally: - delete_list = [] - for user_data in initial_test_users: - current_user = initial_test_users[user_data] - delete_list.append(current_user["test_user_id"]) - delete_user_identity(delete_list) - print("Session fixture for create user END------------------>") +# for user_data in initial_test_users: +# current_user = initial_test_users[user_data] +# data = { +# "email": current_user['user_email'], +# "password": current_user['password'], +# "firstname": current_user['firstname'], +# "lastname": current_user['firstname'] +# } +# response = register(data, apptype=current_user['app']) +# current_user['test_user_id'] = response.json()["registered_details"]["id"] +# current_user['token'] = response.json()["token"] +# #admin roles provide for +# super_data = { +# "user_email": SUPER_USER, +# "password": SUPER_PASSWORD +# } +# #AgAdmin +# role_user_id = initial_test_users["AgAdmin"]["test_user_id"] +# role_list = [schema_auth.AdminRoles.AGADMIN.value] +# response = assign_roles(super_data,role_user_id,role_list) +# assert response.status_code == 201 +# assert response.json()["role_list"] == \ +# [schema_auth.AdminRoles.AGUSER.value, schema_auth.AdminRoles.AGADMIN.value] +# #SanketMASTAdmin +# role_user_id = initial_test_users["SanketMASTAdmin"]["test_user_id"] +# role_list = [schema_auth.AdminRoles.SMASTADMIN.value] +# response = assign_roles(super_data,role_user_id,role_list) +# assert response.status_code == 201 +# assert response.json()["role_list"] == \ +# [schema_auth.AdminRoles.SMASTUSER.value, schema_auth.AdminRoles.SMASTADMIN.value] +# #VachanAdmin +# role_user_id = initial_test_users["VachanAdmin"]["test_user_id"] +# role_list = [schema_auth.AdminRoles.VACHANADMIN.value] +# response = assign_roles(super_data,role_user_id,role_list) +# assert response.status_code == 201 +# assert response.json()["role_list"] == \ +# [schema_auth.AdminRoles.VACHANUSER.value, schema_auth.AdminRoles.VACHANADMIN.value] +# #VachanContentAdmin +# role_user_id = initial_test_users["VachanContentAdmin"]["test_user_id"] +# role_list = [schema_auth.AdminRoles.VACHANCONTENTADMIN.value] +# response = assign_roles(super_data,role_user_id,role_list) +# assert response.status_code == 201 +# assert response.json()["role_list"] == \ +# [schema_auth.AdminRoles.VACHANCONTENTVIEWER.value, schema_auth.AdminRoles.VACHANCONTENTADMIN.value] +# #BcsDeveloper +# role_user_id = initial_test_users["BcsDev"]["test_user_id"] +# role_list = [schema_auth.AdminRoles.BCSDEV.value] +# response = assign_roles(super_data,role_user_id,role_list) +# assert response.status_code == 201 +# assert response.json()["role_list"] == \ +# [schema_auth.AdminRoles.APIUSER.value, schema_auth.AdminRoles.BCSDEV.value] +# yield initial_test_users +# finally: +# delete_list = [] +# for user_data in initial_test_users: +# current_user = initial_test_users[user_data] +# delete_list.append(current_user["test_user_id"]) +# delete_user_identity(delete_list) +# print("Session fixture for create user END------------------>") diff --git a/app/test/test_auth_basic.py b/app/test/test_auth_basic.py index aa779172..608f8ea0 100644 --- a/app/test/test_auth_basic.py +++ b/app/test/test_auth_basic.py @@ -1,694 +1,694 @@ -"""Basic test cases of features Register, Login, Logout, Role assignment""" -import json -import os -import pytest -from urllib.parse import quote - -from app.schema import schema_auth -from . import assert_input_validation_error, client, check_skip, check_limit -from .conftest import initial_test_users - -LOGIN_URL = '/v2/user/login' -REGISTER_URL = '/v2/user/register' -LOGOUT_URL = '/v2/user/logout' -GETUSERURL = '/v2/users' -USERROLE_URL = '/v2/user/role' -DELETE_URL = '/v2/user' -SUPER_USER = os.environ.get("VACHAN_SUPER_USERNAME") -SUPER_PASSWORD = os.environ.get("VACHAN_SUPER_PASSWORD") -ADMIN_BASE_URL = os.environ.get("VACHAN_KRATOS_ADMIN_URL") - -headers_auth = {"contentType": "application/json", - "accept": "application/json"} - -#Fixture for delete users from kratos created -@pytest.fixture -def create_user_fixture(): - """fixture for revoke created user Kratos""" - try: - create_user = [] - yield create_user - finally: - delete_user_identity(create_user) - -#login check -def login(data): - '''test for login feature''' - #headers = {"contentType": "application/json", "accept": "application/json"} - params = f"?user_email={quote(data['user_email'])}&password={quote(data['password'])}" - response = client.get(LOGIN_URL+params) - if response.status_code == 200: - assert response.json()['message'] == "Login Succesfull" - token = response.json()['token'] - assert len(token) == 39 - assert "userId" in response.json() - elif response.status_code == 401: - assert response.json()['error'] == "Authentication Error" - assert response.json()['details'] ==\ - "The provided credentials are invalid, check for spelling mistakes "+\ - "in your password or username, email address, or phone number." - return response - -#registration check -def register(data,apptype): - """test for registration""" - headers = {"contentType": "application/json", "accept": "application/json"} - params = f"?app_type={apptype}" - response = client.post(REGISTER_URL+params, headers=headers, json=data) - if response.status_code == 200: - assert response.json()["message"] == "Registration Successfull" - assert isinstance(response.json()["registered_details"],dict) - assert "id" in response.json()["registered_details"] - assert "email" in response.json()["registered_details"] - assert "Permissions" in response.json()["registered_details"] - assert "token" in response.json() - token = response.json()['token'] - assert len(token) == 39 - return response - -#appending roles to same user on duplicate registration -def register_role_appending(data,apptype): - """test for appending roles for same user registration""" - headers = {"contentType": "application/json", "accept": "application/json"} - params = f"?app_type={apptype}" - response = client.post(REGISTER_URL+params, headers=headers, json=data) - if response.status_code == 200: - assert response.json()["message"] == "User Already Registered, New Permission updated" - assert isinstance(response.json()["registered_details"],dict) - assert "id" in response.json()["registered_details"] - assert "email" in response.json()["registered_details"] - assert "Permissions" in response.json()["registered_details"] - assert "token" in response.json() - assert response.json()['token'] == 'null' - return response - -#delete created user with super admin authentication -def delete_user_identity(users_list): - """delete a user identity""" - data = { - "user_email": SUPER_USER, - "password": SUPER_PASSWORD - } - response = login(data) - token = response.json()['token'] - - for identity in users_list: - data = { - "userid": identity - } - headers = {"contentType": "application/json", - "accept": "application/json", - 'Authorization': "Bearer"+" "+token - } - response = client.request("delete",DELETE_URL, headers=headers, json=data) - assert response.status_code == 200 - assert response.json()["message"] == \ - "deleted identity "+ str(identity) - -#role assignment -def assign_roles(data,user_id,role_list): - """assign roles to users""" - response = login(data) - token = response.json()['token'] - - role_data = { - "userid": user_id, - "roles": role_list - } - - headers = {"contentType": "application/json", - "accept": "application/json", - 'Authorization': "Bearer"+" "+token - } - response = client.put(USERROLE_URL, headers=headers, json=role_data) - return response - -#logout user -def logout_user(token): - """logout a user""" - headers = {"contentType": "application/json", - "accept": "application/json", - 'Authorization': "Bearer"+" "+token - } - response = client.get(LOGOUT_URL,headers=headers) - return response - -#--------------------------------------------test starts-------------------------------------- - -#test for super user login -def test_superuser_login(): - """test for super user login""" - data = { - "user_email": SUPER_USER, - "password": SUPER_PASSWORD -} - response =login(data) - assert response.json()['message'] == "Login Succesfull" - -#not passing the App type in the url params -def test_register_user_with_none_apptype(create_user_fixture): - """register user with none type as app""" - data = { - "email": "ab@gmail.com", - "password": "passwordab@1", - "firstname": "user registration", - "lastname": "AB Test" - } - headers = {"contentType": "application/json", "accept": "application/json"} - response = client.post(REGISTER_URL, headers=headers, json=data) - assert response.json()['message'] == "Registration Successfull" - ab_id = response.json()["registered_details"]["id"] - users_list = create_user_fixture - users_list.append(ab_id) - -#Try logging in user ABC before and after registration. -def test_login_register(create_user_fixture): - """series of test based on login and register""" - - #login a non exisitng user ABC - data = { - "user_email": "abc@gmail.com", - "password": "passwordabc@1" - } - response = login(data) - assert 'error' in response.json() - - #register the user ABC - data = { - "email": "abc@gmail.com", - "password": "passwordabc@1", - "firstname": "user registration", - "lastname": "ABC Test" - } - response = register(data,apptype=schema_auth.App.API.value) - abc_id = response.json()["registered_details"]["id"] - - #test user ABC login after register - data = { - "user_email": "abc@gmail.com", - "password": "passwordabc@1" - } - response = login(data) - assert response.json()['message'] == "Login Succesfull" - - #register user ABC again with same credentials - data = { - "email": "abc@gmail.com", - "password": "passwordabc@1", - "firstname": "user registration", - "lastname": "ABC Test" - } - response = register(data,apptype=schema_auth.App.API.value) - assert response.status_code == 400 - assert response.json()['error'] == "HTTP Error" - assert response.json()['details'] == \ - "An account with the same identifier (email, phone, username, ...) exists already." - - users_list = create_user_fixture - users_list.append(abc_id) - - -#test for validate register data -def test_incorrect_email(): - """test for validation of incorrect email""" - data = { - "email": "incorrectemail", - "password": "passwordabc@1", - "firstname": "user registration", - "lastname": "ABCD Test" - } - response = register(data,apptype=schema_auth.App.API.value) - assert response.status_code == 422 - assert response.json()['error'] == "Unprocessable Data" - -#test for validate register data -def test_validate_password(): - """test for validation of password""" - #short password - data = { - "email": "PQR@gmail.com", - "password": "test", - "firstname": "user registration", - "lastname": "PQR Test" - } - response = register(data,apptype=schema_auth.App.API.value) - assert response.status_code == 422 - assert response.json()['error'] == "Unprocessable Data" - - #less secure password - data = { - "email": "PQR@gmail.com", - "password": "password", - "firstname": "user registration", - "lastname": "PQR Test" - } - response = register(data,apptype=schema_auth.App.API.value) - assert response.status_code == 422 - assert response.json()['error'] == "Unprocessable Data" - -#test for optional params in registration -def test_optional_register_params(create_user_fixture): - """test for optional params in the registration""" - #app type is none and lastname is not passed - data = { - "email": "abcd@gmail.com", - "password": "passwordabc@11", - "firstname": "user registration" - } - response = register(data,apptype=schema_auth.App.API.value) - assert response.json()["registered_details"]["Permissions"] == \ - [schema_auth.App.API.value] - abc_id = response.json()["registered_details"]["id"] - - - users_list = create_user_fixture - users_list.append(abc_id) - -#test register with missing field -def test_register_incorrectdatas(): - """wrong data type check""" - data = { - "firstname": "user registration", - "lastname": "ABC Test" -} - response = register(data,apptype=schema_auth.App.API.value) - assert_input_validation_error(response) - - data = { - "email": "abc@gmail.com" -} - response = register(data,apptype=schema_auth.App.API.value) - assert_input_validation_error(response) - - data = { - "password": "passwordabc@1" -} - response = register(data,apptype=schema_auth.App.API.value) - assert_input_validation_error(response) - - -#Register new users, xyz1, xyz2, xyz3 with app_info as "Vachan-online or vachan-app", -# "Autographa" and API-user respectively. -#Check logins and their user roles -def test_register_roles(create_user_fixture): - """check for expected roles on register""" - data_xyz1 = { - "email": "xyz1@gmail.com", - "password": "passwordxyz1@1", - "firstname": "user XYZ1", - "lastname": "Vachan role Test" - } - response1 = register(data_xyz1,apptype=schema_auth.App.VACHAN.value) - xyz1_id = response1.json()["registered_details"]["id"] - assert response1.json()["registered_details"]["Permissions"] == \ - [schema_auth.App.VACHAN.value] - - data_xyz2 = { - "email": "xyz2@gmail.com", - "password": "passwordxyz2@1", - "firstname": "user XYZ2", - "lastname": "Ag role Test" - } - response2 = register(data_xyz2,apptype= schema_auth.App.AG.value) - xyz2_id = response2.json()["registered_details"]["id"] - assert response2.json()["registered_details"]["Permissions"] == \ - [ schema_auth.App.AG.value] - data_xyz3 = \ - { - "email": "xyz3@gmail.com", - "password": "passwordxyz3@1", - "firstname": "user XYZ3", - "lastname": "No role Test" - } - response3 = register(data_xyz3,apptype=schema_auth.App.API.value) - xyz3_id = response3.json()["registered_details"]["id"] - assert response3.json()["registered_details"]["Permissions"] == [schema_auth.App.API.value] - - # data_xyz4 = { - # "email": "xyz4@gmail.com", - # "password": "passwordxyz4@1", - # "firstname": "user XYZ4", - # "lastname": "No role Test" - # } - # response4 = register(data_xyz4,apptype=schema_auth.App.VACHANADMIN.value) - # xyz4_id = response4.json()["registered_details"]["id"] - # assert response4.json()["registered_details"]["Permissions"] == \ - # [schema_auth.App.VACHANADMIN.value] - - #login check for users - data_xyz1 = { - "user_email": "xyz1@gmail.com", - "password": "passwordxyz1@1" - } - response = login(data_xyz1) - assert response.json()['message'] == "Login Succesfull" - - data_xyz2 = { - "user_email": "xyz2@gmail.com", - "password": "passwordxyz2@1" - } - response2 = login(data_xyz2) - assert response2.json()['message'] == "Login Succesfull" - - data_xyz3 = { - "user_email": "xyz3@gmail.com", - "password": "passwordxyz3@1" - } - response3 = login(data_xyz3) - assert response3.json()['message'] == "Login Succesfull" - - # data_xyz4 = { - # "user_email": "xyz4@gmail.com", - # "password": "passwordxyz4@1" - # } - # response4 = login(data_xyz4) - # assert response4.json()['message'] == "Login Succesfull" - - #Register same users xyz1, xyz2 & xyz3 as above with different app_info - # and ensure that, their roles are appended - - #role changed vachan --> none - data_xyz1 = { - "email": "xyz1@gmail.com", - "password": "passwordxyz1@1", - "firstname": "user XYZ1", - "lastname": "Vachan role Test", - } - response1 = register_role_appending(data_xyz1,apptype=schema_auth.App.API.value) - assert response1.json()["registered_details"]["Permissions"] == \ - [schema_auth.App.VACHAN.value,schema_auth.App.API.value] - - # #role changed ag --> vachan - data_xyz2 = { - "email": "xyz2@gmail.com", - "password": "passwordxyz2@1", - "firstname": "xyz user 2", - "lastname": "xyz Test 2" - } - response2 = register_role_appending(data_xyz2,apptype=schema_auth.App.VACHAN.value) - assert response2.json()["registered_details"]["Permissions"] ==\ - [schema_auth.App.AG.value,schema_auth.App.VACHAN.value] - - #role changed none --> ag - data_xyz3 = { - "email": "xyz3@gmail.com", - "password": "passwordxyz3@1", - "firstname": "xyz user 3", - "lastname": "xyz Test 3" - } - response3 = register_role_appending(data_xyz3,apptype=schema_auth.App.AG.value) - assert response3.json()["registered_details"]["Permissions"] ==\ - [schema_auth.App.API.value,schema_auth.App.AG.value] - - # #role changed Vachan Admin --> ag - # data_xyz4 = { - # "email": "xyz4@gmail.com", - # "password": "passwordxyz4@1" - # } - # response4 = register_role_appending(data_xyz4,apptype=schema_auth.App.AG.value) - # assert response4.json()["registered_details"]["Permissions"] == \ - # [schema_auth.App.VACHANADMIN.value,schema_auth.App.AG.value] - - users_list = create_user_fixture - users_list.append(xyz1_id) - users_list.append(xyz2_id) - users_list.append(xyz3_id) - # users_list.append(xyz4_id) - -#Register two users with app_info=API -#and make them VachanAdmin and AgAdmin -#(ensure only SuperAdmin should be able to do this) -def test_role_assignment_superadmin(create_user_fixture): - """test only super admin can assign roles""" - - #create 2 users - user1 = { - "email": "vachan@gmail.com", - "password": "passwordvachan@1", - "firstname": "vachan", - "lastname": "User Test" - } - response1 = register(user1,apptype=schema_auth.App.API.value) - user1_id = response1.json()["registered_details"]["id"] - assert response1.json()["registered_details"]["Permissions"] == [schema_auth.App.API.value] - - user2 = { - "email": "ag@gmail.com", - "password": "passwordag@1", - "firstname": "Ag", - "lastname": "User Test" - } - response2 = register(user2,apptype=schema_auth.App.API.value) - user2_id = response2.json()["registered_details"]["id"] - assert response2.json()["registered_details"]["Permissions"] == [schema_auth.App.API.value] - - #try to change user2 permision after login user1 - user1 = { - "user_email": "vachan@gmail.com", - "password": "passwordvachan@1" - } - - role_list = [schema_auth.AdminRoles.VACHANADMIN.value] - response = assign_roles(user1,user2_id,role_list) - assert response.status_code == 403 - assert response.json()["details"] == "Access Permission Denied for the URL" - - #role assign with super user - data = { - "user_email": SUPER_USER, - "password": SUPER_PASSWORD - } - role_list = [schema_auth.AdminRoles.VACHANADMIN.value] - response1 = assign_roles(data,user1_id,role_list) - assert response1.status_code == 201 - assert response1.json()["role_list"] == \ - [schema_auth.AdminRoles.APIUSER.value, schema_auth.AdminRoles.VACHANADMIN.value] - - role_list = [schema_auth.AdminRoles.AGADMIN.value] - response2 = assign_roles(data,user2_id,role_list) - assert response2.status_code == 201 - assert response2.json()["role_list"] == \ - [schema_auth.AdminRoles.APIUSER.value, schema_auth.AdminRoles.AGADMIN.value] - - #assigning a wrong role that is not allowed - role_list = ["AllAdmin"] - response3 = assign_roles(data,user2_id,role_list) - assert response3.status_code == 422 - assert response3.json()['error'] == "Input Validation Error" - - users_list = create_user_fixture - users_list.append(user1_id) - users_list.append(user2_id) - -#Login a user and then log him out. -#Then try using the old token and ensure it is expired -def test_token_expiry(create_user_fixture): - """checking the token expiry""" - data = { - "user_email": SUPER_USER, - "password": SUPER_PASSWORD - } - response = login(data) - assert response.json()['message'] == "Login Succesfull" - token = response.json()['token'] - - #logout user - response = logout_user(token) - assert response.status_code == 200 - - #try change role with super user after logout - user = { - "email": "user@gmail.com", - "password": "passworduser@1", - "firstname": "user ", - "lastname": "role change Test" - } - response2 = register(user,apptype=schema_auth.App.API.value) - user_id = response2.json()["registered_details"]["id"] - assert response2.json()["registered_details"]["Permissions"] == [schema_auth.App.API.value] - - role_data = { - "userid": user_id, - "roles": [schema_auth.AdminRoles.AGADMIN.value] - } - headers = {"contentType": "application/json", - "accept": "application/json", - 'Authorization': "Bearer"+" "+token - } - response = client.put(USERROLE_URL, headers=headers, json=role_data) - - users_list = create_user_fixture - users_list.append(user_id) - - assert response.status_code == 401 - assert response.json()["error"] == "Authentication Error" - -def test_get_put_users(): - """get users""" - #get list of users - #without auth - params = f"?skip=0&limit=100" - response = client.get(GETUSERURL+params) - assert response.status_code == 401 - #with Auth - headers_auth['Authorization'] = "Bearer"+" "+initial_test_users['APIUser']['token'] - response = client.get(GETUSERURL+params,headers=headers_auth) - assert response.status_code == 200 - assert isinstance(response.json(),list) - assert len(response.json()) >= len(initial_test_users) - for item in response.json(): - assert "userId" in item - assert "name" in item - assert isinstance(item["name"],dict) - - #users created in initial test users-check pagination content - check_skip(GETUSERURL,headers_auth) - check_limit(GETUSERURL,headers_auth) - - #filter with name - params = f"?name=api&roles={schema_auth.FilterRoles.ALL}" - response = client.get(GETUSERURL+params,headers=headers_auth) - assert len(response.json()) >= 2 - - #filter with not available name in initial test user - params = f"?name=aqsdwerfgtyuiolkj&roles={schema_auth.FilterRoles.ALL}" - response = client.get(GETUSERURL+params,headers=headers_auth) - assert len(response.json()) == 0 - - #filter with roles - params = f"?roles={schema_auth.FilterRoles.ALL}" - response = client.get(GETUSERURL+params,headers=headers_auth) - assert len(response.json()) >=8 - - params = f"?roles={schema_auth.FilterRoles.API}" - response = client.get(GETUSERURL+params,headers=headers_auth) - assert len(response.json()) >=3 - - params = f"?roles={schema_auth.FilterRoles.AG}" - response = client.get(GETUSERURL+params,headers=headers_auth) - assert len(response.json()) >=2 - - params = f"?roles={schema_auth.FilterRoles.VACHAN}" - response = client.get(GETUSERURL+params,headers=headers_auth) - assert len(response.json()) >=2 - - params = f"?roles={schema_auth.FilterRoles.VACHAN}&roles={schema_auth.FilterRoles.AG}" - response = client.get(GETUSERURL+params,headers=headers_auth) - assert len(response.json()) >=4 - - #get user - params = f"?user_id={initial_test_users['APIUser']['test_user_id']}" - response = client.get(GETUSERURL+params,headers=headers_auth) - assert response.status_code == 200 - assert len(response.json()) == 1 - assert response.json()[0]["userId"] == initial_test_users['APIUser']['test_user_id'] - assert response.json()[0]["name"]["first"] == initial_test_users['APIUser']['firstname'] - - #wrong user id - params = f"?user_id=hgtyr-1234-tthhh-6677-yyyyyy-67777-111" - response = client.get(GETUSERURL+params,headers=headers_auth) - assert response.status_code == 404 - assert response.json()["error"] == "Requested Content Not Available" - - #edit user - #No auth - data = { - 'firstname': 'API user', - 'lastname': 'Edited' - } - response = client.put(f"/v2/user/{initial_test_users['APIUser']['test_user_id']}",json=data) - assert response.status_code == 401 - assert response.json()["error"] == 'Authentication Error' - - #with auth super admin - data_SA = { - "user_email": SUPER_USER, - "password": SUPER_PASSWORD - } - response = login(data_SA) - token = response.json()['token'] - - #before update get data - params = f"?user_id={initial_test_users['APIUser']['test_user_id']}" - response = client.get(GETUSERURL+params,headers=headers_auth) - assert response.json()[0]["userId"] == initial_test_users['APIUser']['test_user_id'] - assert response.json()[0]["name"]["first"] == initial_test_users['APIUser']['firstname'] - - #SA - headers_SA = {"contentType": "application/json", - "accept": "application/json", - 'Authorization': "Bearer"+" "+token - } - response = client.put(f"/v2/user/{initial_test_users['APIUser']['test_user_id']}",json=data,headers=headers_SA) - assert response.status_code == 201 - assert response.json()["message"] == "User details updated successfully" - assert "userId" in response.json()["data"] - assert "name" in response.json()["data"] - assert response.json()["data"]["name"]["first"] == data["firstname"] - assert response.json()["data"]["name"]["last"] == data["lastname"] - assert response.json()["data"]["name"]["first"] != initial_test_users['APIUser']['firstname'] - assert response.json()["data"]["name"]["last"] != initial_test_users['APIUser']['firstname'] - #Created User - data = { - 'firstname': 'API', - 'lastname': 'Edited by createdUser' - } - - headers_auth['Authorization'] = "Bearer"+" "+initial_test_users['APIUser']['token'] - response1 = client.put(f"/v2/user/{initial_test_users['APIUser']['test_user_id']}",json=data,headers=headers_auth) - assert response1.status_code == 201 - assert response.json()["message"] == "User details updated successfully" - assert "userId" in response.json()["data"] - assert "name" in response.json()["data"] - assert response1.json()["data"]["name"]["first"] == data["firstname"] - assert response1.json()["data"]["name"]["last"] == data["lastname"] - assert response1.json()["data"]["name"]["first"] != response.json()["data"]["name"]["first"] - assert response1.json()["data"]["name"]["last"] != response.json()["data"]["name"]["last"] - - #user otherthan created and SA - headers_auth['Authorization'] = "Bearer"+" "+initial_test_users['VachanAdmin']['token'] - response2 = client.put(f"/v2/user/{initial_test_users['APIUser']['test_user_id']}",json=data,headers=headers_auth) - assert response2.status_code == 403 - assert response2.json()["error"] == "Permission Denied" - -def check_user_profile(response): - '''default check for user profile response''' - assert response.status_code == 200 - assert isinstance(response.json(), dict) - assert "userId" in response.json() - assert "traits" in response.json() - assert isinstance(response.json()["traits"], dict) - assert "name" in response.json()["traits"] - assert "email" in response.json()["traits"] - assert "userrole" in response.json()["traits"] - assert isinstance(response.json()["traits"]["userrole"], list) - -def test_get_user_profile(): - """user profile get test""" - #without auth - response = client.get(f"/v2/user/{initial_test_users['APIUser']['test_user_id']}") - assert response.status_code == 401 - assert response.json()["error"] == 'Authentication Error' - #with auth SA - data_SA = {"user_email": SUPER_USER,"password": SUPER_PASSWORD} - response = login(data_SA) - token = response.json()['token'] - #SA - headers_SA = {"contentType": "application/json", - "accept": "application/json", - 'Authorization': "Bearer"+" "+token} - response = client.get(f"/v2/user/{initial_test_users['APIUser']['test_user_id']}",headers=headers_SA) - check_user_profile(response) - #with created user - headers_auth['Authorization'] = "Bearer"+" "+initial_test_users['APIUser']['token'] - response = client.get(f"/v2/user/{initial_test_users['APIUser']['test_user_id']}",headers=headers_auth) - check_user_profile(response) - #with no permission user - headers_auth['Authorization'] = "Bearer"+" "+initial_test_users['APIUser2']['token'] - response = client.get(f"/v2/user/{initial_test_users['APIUser']['test_user_id']}",headers=headers_auth) - assert response.status_code == 403 - assert response.json()["error"] == "Permission Denied" - headers_auth['Authorization'] = "Bearer"+" "+initial_test_users['VachanAdmin']['token'] - response = client.get(f"/v2/user/{initial_test_users['APIUser']['test_user_id']}",headers=headers_auth) - assert response.status_code == 403 - assert response.json()["error"] == "Permission Denied" +# """Basic test cases of features Register, Login, Logout, Role assignment""" +# import json +# import os +# import pytest +# from urllib.parse import quote + +# from app.schema import schema_auth +# from . import assert_input_validation_error, client, check_skip, check_limit +# from .conftest import initial_test_users + +# LOGIN_URL = '/v2/user/login' +# REGISTER_URL = '/v2/user/register' +# LOGOUT_URL = '/v2/user/logout' +# GETUSERURL = '/v2/users' +# USERROLE_URL = '/v2/user/role' +# DELETE_URL = '/v2/user' +# SUPER_USER = os.environ.get("VACHAN_SUPER_USERNAME") +# SUPER_PASSWORD = os.environ.get("VACHAN_SUPER_PASSWORD") +# ADMIN_BASE_URL = os.environ.get("VACHAN_KRATOS_ADMIN_URL") + +# headers_auth = {"contentType": "application/json", +# "accept": "application/json"} + +# #Fixture for delete users from kratos created +# @pytest.fixture +# def create_user_fixture(): +# """fixture for revoke created user Kratos""" +# try: +# create_user = [] +# yield create_user +# finally: +# delete_user_identity(create_user) + +# #login check +# def login(data): +# '''test for login feature''' +# #headers = {"contentType": "application/json", "accept": "application/json"} +# params = f"?user_email={quote(data['user_email'])}&password={quote(data['password'])}" +# response = client.get(LOGIN_URL+params) +# if response.status_code == 200: +# assert response.json()['message'] == "Login Succesfull" +# token = response.json()['token'] +# assert len(token) == 39 +# assert "userId" in response.json() +# elif response.status_code == 401: +# assert response.json()['error'] == "Authentication Error" +# assert response.json()['details'] ==\ +# "The provided credentials are invalid, check for spelling mistakes "+\ +# "in your password or username, email address, or phone number." +# return response + +# #registration check +# def register(data,apptype): +# """test for registration""" +# headers = {"contentType": "application/json", "accept": "application/json"} +# params = f"?app_type={apptype}" +# response = client.post(REGISTER_URL+params, headers=headers, json=data) +# if response.status_code == 200: +# assert response.json()["message"] == "Registration Successfull" +# assert isinstance(response.json()["registered_details"],dict) +# assert "id" in response.json()["registered_details"] +# assert "email" in response.json()["registered_details"] +# assert "Permissions" in response.json()["registered_details"] +# assert "token" in response.json() +# token = response.json()['token'] +# assert len(token) == 39 +# return response + +# #appending roles to same user on duplicate registration +# def register_role_appending(data,apptype): +# """test for appending roles for same user registration""" +# headers = {"contentType": "application/json", "accept": "application/json"} +# params = f"?app_type={apptype}" +# response = client.post(REGISTER_URL+params, headers=headers, json=data) +# if response.status_code == 200: +# assert response.json()["message"] == "User Already Registered, New Permission updated" +# assert isinstance(response.json()["registered_details"],dict) +# assert "id" in response.json()["registered_details"] +# assert "email" in response.json()["registered_details"] +# assert "Permissions" in response.json()["registered_details"] +# assert "token" in response.json() +# assert response.json()['token'] == 'null' +# return response + +# #delete created user with super admin authentication +# def delete_user_identity(users_list): +# """delete a user identity""" +# data = { +# "user_email": SUPER_USER, +# "password": SUPER_PASSWORD +# } +# response = login(data) +# token = response.json()['token'] + +# for identity in users_list: +# data = { +# "userid": identity +# } +# headers = {"contentType": "application/json", +# "accept": "application/json", +# 'Authorization': "Bearer"+" "+token +# } +# response = client.request("delete",DELETE_URL, headers=headers, json=data) +# assert response.status_code == 200 +# assert response.json()["message"] == \ +# "deleted identity "+ str(identity) + +# #role assignment +# def assign_roles(data,user_id,role_list): +# """assign roles to users""" +# response = login(data) +# token = response.json()['token'] + +# role_data = { +# "userid": user_id, +# "roles": role_list +# } + +# headers = {"contentType": "application/json", +# "accept": "application/json", +# 'Authorization': "Bearer"+" "+token +# } +# response = client.put(USERROLE_URL, headers=headers, json=role_data) +# return response + +# #logout user +# def logout_user(token): +# """logout a user""" +# headers = {"contentType": "application/json", +# "accept": "application/json", +# 'Authorization': "Bearer"+" "+token +# } +# response = client.get(LOGOUT_URL,headers=headers) +# return response + +# #--------------------------------------------test starts-------------------------------------- + +# #test for super user login +# def test_superuser_login(): +# """test for super user login""" +# data = { +# "user_email": SUPER_USER, +# "password": SUPER_PASSWORD +# } +# response =login(data) +# assert response.json()['message'] == "Login Succesfull" + +# #not passing the App type in the url params +# def test_register_user_with_none_apptype(create_user_fixture): +# """register user with none type as app""" +# data = { +# "email": "ab@gmail.com", +# "password": "passwordab@1", +# "firstname": "user registration", +# "lastname": "AB Test" +# } +# headers = {"contentType": "application/json", "accept": "application/json"} +# response = client.post(REGISTER_URL, headers=headers, json=data) +# assert response.json()['message'] == "Registration Successfull" +# ab_id = response.json()["registered_details"]["id"] +# users_list = create_user_fixture +# users_list.append(ab_id) + +# #Try logging in user ABC before and after registration. +# def test_login_register(create_user_fixture): +# """series of test based on login and register""" + +# #login a non exisitng user ABC +# data = { +# "user_email": "abc@gmail.com", +# "password": "passwordabc@1" +# } +# response = login(data) +# assert 'error' in response.json() + +# #register the user ABC +# data = { +# "email": "abc@gmail.com", +# "password": "passwordabc@1", +# "firstname": "user registration", +# "lastname": "ABC Test" +# } +# response = register(data,apptype=schema_auth.App.API.value) +# abc_id = response.json()["registered_details"]["id"] + +# #test user ABC login after register +# data = { +# "user_email": "abc@gmail.com", +# "password": "passwordabc@1" +# } +# response = login(data) +# assert response.json()['message'] == "Login Succesfull" + +# #register user ABC again with same credentials +# data = { +# "email": "abc@gmail.com", +# "password": "passwordabc@1", +# "firstname": "user registration", +# "lastname": "ABC Test" +# } +# response = register(data,apptype=schema_auth.App.API.value) +# assert response.status_code == 400 +# assert response.json()['error'] == "HTTP Error" +# assert response.json()['details'] == \ +# "An account with the same identifier (email, phone, username, ...) exists already." + +# users_list = create_user_fixture +# users_list.append(abc_id) + + +# #test for validate register data +# def test_incorrect_email(): +# """test for validation of incorrect email""" +# data = { +# "email": "incorrectemail", +# "password": "passwordabc@1", +# "firstname": "user registration", +# "lastname": "ABCD Test" +# } +# response = register(data,apptype=schema_auth.App.API.value) +# assert response.status_code == 422 +# assert response.json()['error'] == "Unprocessable Data" + +# #test for validate register data +# def test_validate_password(): +# """test for validation of password""" +# #short password +# data = { +# "email": "PQR@gmail.com", +# "password": "test", +# "firstname": "user registration", +# "lastname": "PQR Test" +# } +# response = register(data,apptype=schema_auth.App.API.value) +# assert response.status_code == 422 +# assert response.json()['error'] == "Unprocessable Data" + +# #less secure password +# data = { +# "email": "PQR@gmail.com", +# "password": "password", +# "firstname": "user registration", +# "lastname": "PQR Test" +# } +# response = register(data,apptype=schema_auth.App.API.value) +# assert response.status_code == 422 +# assert response.json()['error'] == "Unprocessable Data" + +# #test for optional params in registration +# def test_optional_register_params(create_user_fixture): +# """test for optional params in the registration""" +# #app type is none and lastname is not passed +# data = { +# "email": "abcd@gmail.com", +# "password": "passwordabc@11", +# "firstname": "user registration" +# } +# response = register(data,apptype=schema_auth.App.API.value) +# assert response.json()["registered_details"]["Permissions"] == \ +# [schema_auth.App.API.value] +# abc_id = response.json()["registered_details"]["id"] + + +# users_list = create_user_fixture +# users_list.append(abc_id) + +# #test register with missing field +# def test_register_incorrectdatas(): +# """wrong data type check""" +# data = { +# "firstname": "user registration", +# "lastname": "ABC Test" +# } +# response = register(data,apptype=schema_auth.App.API.value) +# assert_input_validation_error(response) + +# data = { +# "email": "abc@gmail.com" +# } +# response = register(data,apptype=schema_auth.App.API.value) +# assert_input_validation_error(response) + +# data = { +# "password": "passwordabc@1" +# } +# response = register(data,apptype=schema_auth.App.API.value) +# assert_input_validation_error(response) + + +# #Register new users, xyz1, xyz2, xyz3 with app_info as "Vachan-online or vachan-app", +# # "Autographa" and API-user respectively. +# #Check logins and their user roles +# def test_register_roles(create_user_fixture): +# """check for expected roles on register""" +# data_xyz1 = { +# "email": "xyz1@gmail.com", +# "password": "passwordxyz1@1", +# "firstname": "user XYZ1", +# "lastname": "Vachan role Test" +# } +# response1 = register(data_xyz1,apptype=schema_auth.App.VACHAN.value) +# xyz1_id = response1.json()["registered_details"]["id"] +# assert response1.json()["registered_details"]["Permissions"] == \ +# [schema_auth.App.VACHAN.value] + +# data_xyz2 = { +# "email": "xyz2@gmail.com", +# "password": "passwordxyz2@1", +# "firstname": "user XYZ2", +# "lastname": "Ag role Test" +# } +# response2 = register(data_xyz2,apptype= schema_auth.App.AG.value) +# xyz2_id = response2.json()["registered_details"]["id"] +# assert response2.json()["registered_details"]["Permissions"] == \ +# [ schema_auth.App.AG.value] +# data_xyz3 = \ +# { +# "email": "xyz3@gmail.com", +# "password": "passwordxyz3@1", +# "firstname": "user XYZ3", +# "lastname": "No role Test" +# } +# response3 = register(data_xyz3,apptype=schema_auth.App.API.value) +# xyz3_id = response3.json()["registered_details"]["id"] +# assert response3.json()["registered_details"]["Permissions"] == [schema_auth.App.API.value] + +# # data_xyz4 = { +# # "email": "xyz4@gmail.com", +# # "password": "passwordxyz4@1", +# # "firstname": "user XYZ4", +# # "lastname": "No role Test" +# # } +# # response4 = register(data_xyz4,apptype=schema_auth.App.VACHANADMIN.value) +# # xyz4_id = response4.json()["registered_details"]["id"] +# # assert response4.json()["registered_details"]["Permissions"] == \ +# # [schema_auth.App.VACHANADMIN.value] + +# #login check for users +# data_xyz1 = { +# "user_email": "xyz1@gmail.com", +# "password": "passwordxyz1@1" +# } +# response = login(data_xyz1) +# assert response.json()['message'] == "Login Succesfull" + +# data_xyz2 = { +# "user_email": "xyz2@gmail.com", +# "password": "passwordxyz2@1" +# } +# response2 = login(data_xyz2) +# assert response2.json()['message'] == "Login Succesfull" + +# data_xyz3 = { +# "user_email": "xyz3@gmail.com", +# "password": "passwordxyz3@1" +# } +# response3 = login(data_xyz3) +# assert response3.json()['message'] == "Login Succesfull" + +# # data_xyz4 = { +# # "user_email": "xyz4@gmail.com", +# # "password": "passwordxyz4@1" +# # } +# # response4 = login(data_xyz4) +# # assert response4.json()['message'] == "Login Succesfull" + +# #Register same users xyz1, xyz2 & xyz3 as above with different app_info +# # and ensure that, their roles are appended + +# #role changed vachan --> none +# data_xyz1 = { +# "email": "xyz1@gmail.com", +# "password": "passwordxyz1@1", +# "firstname": "user XYZ1", +# "lastname": "Vachan role Test", +# } +# response1 = register_role_appending(data_xyz1,apptype=schema_auth.App.API.value) +# assert response1.json()["registered_details"]["Permissions"] == \ +# [schema_auth.App.VACHAN.value,schema_auth.App.API.value] + +# # #role changed ag --> vachan +# data_xyz2 = { +# "email": "xyz2@gmail.com", +# "password": "passwordxyz2@1", +# "firstname": "xyz user 2", +# "lastname": "xyz Test 2" +# } +# response2 = register_role_appending(data_xyz2,apptype=schema_auth.App.VACHAN.value) +# assert response2.json()["registered_details"]["Permissions"] ==\ +# [schema_auth.App.AG.value,schema_auth.App.VACHAN.value] + +# #role changed none --> ag +# data_xyz3 = { +# "email": "xyz3@gmail.com", +# "password": "passwordxyz3@1", +# "firstname": "xyz user 3", +# "lastname": "xyz Test 3" +# } +# response3 = register_role_appending(data_xyz3,apptype=schema_auth.App.AG.value) +# assert response3.json()["registered_details"]["Permissions"] ==\ +# [schema_auth.App.API.value,schema_auth.App.AG.value] + +# # #role changed Vachan Admin --> ag +# # data_xyz4 = { +# # "email": "xyz4@gmail.com", +# # "password": "passwordxyz4@1" +# # } +# # response4 = register_role_appending(data_xyz4,apptype=schema_auth.App.AG.value) +# # assert response4.json()["registered_details"]["Permissions"] == \ +# # [schema_auth.App.VACHANADMIN.value,schema_auth.App.AG.value] + +# users_list = create_user_fixture +# users_list.append(xyz1_id) +# users_list.append(xyz2_id) +# users_list.append(xyz3_id) +# # users_list.append(xyz4_id) + +# #Register two users with app_info=API +# #and make them VachanAdmin and AgAdmin +# #(ensure only SuperAdmin should be able to do this) +# def test_role_assignment_superadmin(create_user_fixture): +# """test only super admin can assign roles""" + +# #create 2 users +# user1 = { +# "email": "vachan@gmail.com", +# "password": "passwordvachan@1", +# "firstname": "vachan", +# "lastname": "User Test" +# } +# response1 = register(user1,apptype=schema_auth.App.API.value) +# user1_id = response1.json()["registered_details"]["id"] +# assert response1.json()["registered_details"]["Permissions"] == [schema_auth.App.API.value] + +# user2 = { +# "email": "ag@gmail.com", +# "password": "passwordag@1", +# "firstname": "Ag", +# "lastname": "User Test" +# } +# response2 = register(user2,apptype=schema_auth.App.API.value) +# user2_id = response2.json()["registered_details"]["id"] +# assert response2.json()["registered_details"]["Permissions"] == [schema_auth.App.API.value] + +# #try to change user2 permision after login user1 +# user1 = { +# "user_email": "vachan@gmail.com", +# "password": "passwordvachan@1" +# } + +# role_list = [schema_auth.AdminRoles.VACHANADMIN.value] +# response = assign_roles(user1,user2_id,role_list) +# assert response.status_code == 403 +# assert response.json()["details"] == "Access Permission Denied for the URL" + +# #role assign with super user +# data = { +# "user_email": SUPER_USER, +# "password": SUPER_PASSWORD +# } +# role_list = [schema_auth.AdminRoles.VACHANADMIN.value] +# response1 = assign_roles(data,user1_id,role_list) +# assert response1.status_code == 201 +# assert response1.json()["role_list"] == \ +# [schema_auth.AdminRoles.APIUSER.value, schema_auth.AdminRoles.VACHANADMIN.value] + +# role_list = [schema_auth.AdminRoles.AGADMIN.value] +# response2 = assign_roles(data,user2_id,role_list) +# assert response2.status_code == 201 +# assert response2.json()["role_list"] == \ +# [schema_auth.AdminRoles.APIUSER.value, schema_auth.AdminRoles.AGADMIN.value] + +# #assigning a wrong role that is not allowed +# role_list = ["AllAdmin"] +# response3 = assign_roles(data,user2_id,role_list) +# assert response3.status_code == 422 +# assert response3.json()['error'] == "Input Validation Error" + +# users_list = create_user_fixture +# users_list.append(user1_id) +# users_list.append(user2_id) + +# #Login a user and then log him out. +# #Then try using the old token and ensure it is expired +# def test_token_expiry(create_user_fixture): +# """checking the token expiry""" +# data = { +# "user_email": SUPER_USER, +# "password": SUPER_PASSWORD +# } +# response = login(data) +# assert response.json()['message'] == "Login Succesfull" +# token = response.json()['token'] + +# #logout user +# response = logout_user(token) +# assert response.status_code == 200 + +# #try change role with super user after logout +# user = { +# "email": "user@gmail.com", +# "password": "passworduser@1", +# "firstname": "user ", +# "lastname": "role change Test" +# } +# response2 = register(user,apptype=schema_auth.App.API.value) +# user_id = response2.json()["registered_details"]["id"] +# assert response2.json()["registered_details"]["Permissions"] == [schema_auth.App.API.value] + +# role_data = { +# "userid": user_id, +# "roles": [schema_auth.AdminRoles.AGADMIN.value] +# } +# headers = {"contentType": "application/json", +# "accept": "application/json", +# 'Authorization': "Bearer"+" "+token +# } +# response = client.put(USERROLE_URL, headers=headers, json=role_data) + +# users_list = create_user_fixture +# users_list.append(user_id) + +# assert response.status_code == 401 +# assert response.json()["error"] == "Authentication Error" + +# def test_get_put_users(): +# """get users""" +# #get list of users +# #without auth +# params = f"?skip=0&limit=100" +# response = client.get(GETUSERURL+params) +# assert response.status_code == 401 +# #with Auth +# headers_auth['Authorization'] = "Bearer"+" "+initial_test_users['APIUser']['token'] +# response = client.get(GETUSERURL+params,headers=headers_auth) +# assert response.status_code == 200 +# assert isinstance(response.json(),list) +# assert len(response.json()) >= len(initial_test_users) +# for item in response.json(): +# assert "userId" in item +# assert "name" in item +# assert isinstance(item["name"],dict) + +# #users created in initial test users-check pagination content +# check_skip(GETUSERURL,headers_auth) +# check_limit(GETUSERURL,headers_auth) + +# #filter with name +# params = f"?name=api&roles={schema_auth.FilterRoles.ALL}" +# response = client.get(GETUSERURL+params,headers=headers_auth) +# assert len(response.json()) >= 2 + +# #filter with not available name in initial test user +# params = f"?name=aqsdwerfgtyuiolkj&roles={schema_auth.FilterRoles.ALL}" +# response = client.get(GETUSERURL+params,headers=headers_auth) +# assert len(response.json()) == 0 + +# #filter with roles +# params = f"?roles={schema_auth.FilterRoles.ALL}" +# response = client.get(GETUSERURL+params,headers=headers_auth) +# assert len(response.json()) >=8 + +# params = f"?roles={schema_auth.FilterRoles.API}" +# response = client.get(GETUSERURL+params,headers=headers_auth) +# assert len(response.json()) >=3 + +# params = f"?roles={schema_auth.FilterRoles.AG}" +# response = client.get(GETUSERURL+params,headers=headers_auth) +# assert len(response.json()) >=2 + +# params = f"?roles={schema_auth.FilterRoles.VACHAN}" +# response = client.get(GETUSERURL+params,headers=headers_auth) +# assert len(response.json()) >=2 + +# params = f"?roles={schema_auth.FilterRoles.VACHAN}&roles={schema_auth.FilterRoles.AG}" +# response = client.get(GETUSERURL+params,headers=headers_auth) +# assert len(response.json()) >=4 + +# #get user +# params = f"?user_id={initial_test_users['APIUser']['test_user_id']}" +# response = client.get(GETUSERURL+params,headers=headers_auth) +# assert response.status_code == 200 +# assert len(response.json()) == 1 +# assert response.json()[0]["userId"] == initial_test_users['APIUser']['test_user_id'] +# assert response.json()[0]["name"]["first"] == initial_test_users['APIUser']['firstname'] + +# #wrong user id +# params = f"?user_id=hgtyr-1234-tthhh-6677-yyyyyy-67777-111" +# response = client.get(GETUSERURL+params,headers=headers_auth) +# assert response.status_code == 404 +# assert response.json()["error"] == "Requested Content Not Available" + +# #edit user +# #No auth +# data = { +# 'firstname': 'API user', +# 'lastname': 'Edited' +# } +# response = client.put(f"/v2/user/{initial_test_users['APIUser']['test_user_id']}",json=data) +# assert response.status_code == 401 +# assert response.json()["error"] == 'Authentication Error' + +# #with auth super admin +# data_SA = { +# "user_email": SUPER_USER, +# "password": SUPER_PASSWORD +# } +# response = login(data_SA) +# token = response.json()['token'] + +# #before update get data +# params = f"?user_id={initial_test_users['APIUser']['test_user_id']}" +# response = client.get(GETUSERURL+params,headers=headers_auth) +# assert response.json()[0]["userId"] == initial_test_users['APIUser']['test_user_id'] +# assert response.json()[0]["name"]["first"] == initial_test_users['APIUser']['firstname'] + +# #SA +# headers_SA = {"contentType": "application/json", +# "accept": "application/json", +# 'Authorization': "Bearer"+" "+token +# } +# response = client.put(f"/v2/user/{initial_test_users['APIUser']['test_user_id']}",json=data,headers=headers_SA) +# assert response.status_code == 201 +# assert response.json()["message"] == "User details updated successfully" +# assert "userId" in response.json()["data"] +# assert "name" in response.json()["data"] +# assert response.json()["data"]["name"]["first"] == data["firstname"] +# assert response.json()["data"]["name"]["last"] == data["lastname"] +# assert response.json()["data"]["name"]["first"] != initial_test_users['APIUser']['firstname'] +# assert response.json()["data"]["name"]["last"] != initial_test_users['APIUser']['firstname'] +# #Created User +# data = { +# 'firstname': 'API', +# 'lastname': 'Edited by createdUser' +# } + +# headers_auth['Authorization'] = "Bearer"+" "+initial_test_users['APIUser']['token'] +# response1 = client.put(f"/v2/user/{initial_test_users['APIUser']['test_user_id']}",json=data,headers=headers_auth) +# assert response1.status_code == 201 +# assert response.json()["message"] == "User details updated successfully" +# assert "userId" in response.json()["data"] +# assert "name" in response.json()["data"] +# assert response1.json()["data"]["name"]["first"] == data["firstname"] +# assert response1.json()["data"]["name"]["last"] == data["lastname"] +# assert response1.json()["data"]["name"]["first"] != response.json()["data"]["name"]["first"] +# assert response1.json()["data"]["name"]["last"] != response.json()["data"]["name"]["last"] + +# #user otherthan created and SA +# headers_auth['Authorization'] = "Bearer"+" "+initial_test_users['VachanAdmin']['token'] +# response2 = client.put(f"/v2/user/{initial_test_users['APIUser']['test_user_id']}",json=data,headers=headers_auth) +# assert response2.status_code == 403 +# assert response2.json()["error"] == "Permission Denied" + +# def check_user_profile(response): +# '''default check for user profile response''' +# assert response.status_code == 200 +# assert isinstance(response.json(), dict) +# assert "userId" in response.json() +# assert "traits" in response.json() +# assert isinstance(response.json()["traits"], dict) +# assert "name" in response.json()["traits"] +# assert "email" in response.json()["traits"] +# assert "userrole" in response.json()["traits"] +# assert isinstance(response.json()["traits"]["userrole"], list) + +# def test_get_user_profile(): +# """user profile get test""" +# #without auth +# response = client.get(f"/v2/user/{initial_test_users['APIUser']['test_user_id']}") +# assert response.status_code == 401 +# assert response.json()["error"] == 'Authentication Error' +# #with auth SA +# data_SA = {"user_email": SUPER_USER,"password": SUPER_PASSWORD} +# response = login(data_SA) +# token = response.json()['token'] +# #SA +# headers_SA = {"contentType": "application/json", +# "accept": "application/json", +# 'Authorization': "Bearer"+" "+token} +# response = client.get(f"/v2/user/{initial_test_users['APIUser']['test_user_id']}",headers=headers_SA) +# check_user_profile(response) +# #with created user +# headers_auth['Authorization'] = "Bearer"+" "+initial_test_users['APIUser']['token'] +# response = client.get(f"/v2/user/{initial_test_users['APIUser']['test_user_id']}",headers=headers_auth) +# check_user_profile(response) +# #with no permission user +# headers_auth['Authorization'] = "Bearer"+" "+initial_test_users['APIUser2']['token'] +# response = client.get(f"/v2/user/{initial_test_users['APIUser']['test_user_id']}",headers=headers_auth) +# assert response.status_code == 403 +# assert response.json()["error"] == "Permission Denied" +# headers_auth['Authorization'] = "Bearer"+" "+initial_test_users['VachanAdmin']['token'] +# response = client.get(f"/v2/user/{initial_test_users['APIUser']['test_user_id']}",headers=headers_auth) +# assert response.status_code == 403 +# assert response.json()["error"] == "Permission Denied" diff --git a/docker/Kratos_config/email-password/app.schema.json b/docker/Kratos_config/email-password/app.schema.json new file mode 100644 index 00000000..7b7f6e4c --- /dev/null +++ b/docker/Kratos_config/email-password/app.schema.json @@ -0,0 +1,61 @@ +{ + "$id": "https://schemas.ory.sh/presets/kratos/quickstart/email-password/app.schema.json", + "$schema": "http://json-schema.org/draft-07/schema#", + "title": "App", + "type": "object", + "properties": { + "traits": { + "type": "object", + "properties": { + "email": { + "type": "string", + "format": "email", + "title": "E-Mail", + "minLength": 3, + "ory.sh/kratos": { + "credentials": { + "password": { + "identifier": true + } + }, + "verification": { + "via": "email" + }, + "recovery": { + "via": "email" + } + } + }, + "name": { + "uniqueItems":true, + "minLength": 2, + "title": "App Name", + "type": "string" + }, + "organization": { + "minLength": 2, + "title": "Organization Name", + "type": "string" + }, + "contacts": { + "type": "object", + "properties": { + "email": { + "title": "email address", + "type": "string" + }, + "phone": { + "title": "phone number", + "type": "string" + } + } + } + }, + "required": [ + "email","name","organization" + ], + "additionalProperties": false + } + } + } + \ No newline at end of file diff --git a/docker/Kratos_config/email-password/kratos-app.yml b/docker/Kratos_config/email-password/kratos-app.yml new file mode 100644 index 00000000..ef2b7d02 --- /dev/null +++ b/docker/Kratos_config/email-password/kratos-app.yml @@ -0,0 +1,89 @@ +version: v0.10.1 + +dsn: memory + +serve: + public: + base_url: http://kratos-app:4433/ + cors: + enabled: true + admin: + base_url: http://kratos-app:4434/ + +selfservice: + default_browser_return_url: http://127.0.0.1:4455/ + allowed_return_urls: + - http://127.0.0.1:4455 + + methods: + password: + enabled: true + link: + enabled: true + + flows: + error: + ui_url: http://127.0.0.1:4455/error + + settings: + ui_url: http://127.0.0.1:4455/settings + privileged_session_max_age: 15m + + recovery: + enabled: true + ui_url: http://127.0.0.1:4455/recovery + + verification: + enabled: true + ui_url: http://127.0.0.1:4455/verify + after: + default_browser_return_url: https://api.vachanengine.org/ + + logout: + after: + default_browser_return_url: http://127.0.0.1:4455/auth/login + + login: + ui_url: http://127.0.0.1:4455/auth/login + lifespan: 2m + + registration: + lifespan: 10m + ui_url: http://127.0.0.1:4455/auth/registration + after: + password: + hooks: + - hook: session + +log: + level: debug + format: text + leak_sensitive_values: true + +secrets: + cookie: + - PLEASE-CHANGE-ME-I-AM-VERY-INSECURE + +hashers: + argon2: + parallelism: 1 + memory: 128MB + iterations: 2 + salt_length: 16 + key_length: 16 + +session: + lifespan: 60m + +identity: + default_schema_id: app + schemas: + - id: default + url: file:///etc/config/kratos/identity.schema.json + - id: app + url: file:///etc/config/kratos/app.schema.json + +# courier: +# smtp: +# connection_uri: smtps://test:test@mailslurper:1025/?skip_ssl_verify=true&legacy_ssl=true +# from_address: diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index 481e781a..f3a2a966 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -47,7 +47,7 @@ services: image: oryd/kratos:v1.0.0 ports: - '4433:4433' # public - # -'4434:4434' # admin + - '4434:4434' # admin restart: unless-stopped environment: - DSN=${VACHAN_AUTH_DATABASE:-postgres://kratos:secret@kratos-postgresd:5432/kratos?sslmode=disable&max_conns=20&max_idle_conns=4} @@ -288,6 +288,73 @@ services: networks: - VE-network + kratos-app: + depends_on: + - kratos-migrate + image: oryd/kratos:v1.0.0 + ports: + - "4443:4433" # public + - "4444:4434" # admin + expose: + - 4443 + - 4444 + restart: unless-stopped + environment: + - COURIER_SMTP_CONNECTION_URI=${VACHAN_SUPPORT_EMAIL_CREDS:-smtps://test:test@mailslurper:1025/?skip_ssl_verify=true&legacy_ssl=true} + - COURIER_SMTP_FROM_ADDRESS=${VACHAN_SUPPORT_EMAIL:-EMAIL_ADDRESS@bridgeconn.com} + - DSN=postgres://kratos:secret@postgresd:5432/kratos?sslmode=disable&max_conns=20&max_idle_conns=4 + - LOG_LEVEL=trace + command: serve -c /etc/config/kratos/kratos-app.yml --watch-courier + volumes: + - type: volume + source: kratos-sqlite + target: /var/lib/sqlite + read_only: false + - type: bind + source: ./Kratos_config/email-password + target: /etc/config/kratos + profiles: + - local-run + - deployment + networks: + - VE-network + + vachan-access: + image: shimilshijo/vachan-access:v2.0.2 + expose: + - 8007 + command: uvicorn main:app --host 0.0.0.0 --port 8007 + restart: always + environment: + - VACHAN_POSTGRES_HOST=vachan-db + - VACHAN_POSTGRES_USER=${VACHAN_POSTGRES_USER:-postgres} + - VACHAN_POSTGRES_PASSWORD=${VACHAN_POSTGRES_PASSWORD:-password} + - VACHAN_POSTGRES_DATABASE=${VACHAN_POSTGRES_DATABASE:-vachan_dev} + - VACHAN_POSTGRES_PORT=5432 + - VACHAN_KRATOS_PUBLIC_URL=${VACHAN_KRATOS_PUBLIC_URL:-http://kratos:4433/} + - VACHAN_KRATOS_ADMIN_URL=http://kratos:4434/ + - VACHAN_KRATOS_APP_PUBLIC_URL=http://kratos-app:4433/ + - VACHAN_KRATOS_APP_ADMIN_URL=http://kratos-app:4434/ + - VACHAN_SUPER_USERNAME=${VACHAN_SUPER_USERNAME} + - VACHAN_SUPER_PASSWORD=${VACHAN_SUPER_PASSWORD} + - VACHAN_TEST_MODE="False" + - VACHAN_LOGGING_LEVEL=INFO + - VACHAN_DOMAIN=${VACHAN_DOMAIN:-http://localhost:8000} + + volumes: + - logs-vol:/app/logs + depends_on: + - vachan-db + - kratos + - kratos-app + + profiles: + - local-run + - deployment + + networks: + - VE-network + # Web Server web-server-local: image: nginx:latest diff --git a/docker/nginx/default.conf b/docker/nginx/default.conf index 31a069b2..48cae1b9 100644 --- a/docker/nginx/default.conf +++ b/docker/nginx/default.conf @@ -19,6 +19,10 @@ server { proxy_set_header X-Forwarded-Proto $scheme; } + location /v2/auth-access/ { + proxy_pass http://vachan-access:8007; + } + location /v2/cms/rest/ { proxy_pass http://vachan-cms-rest:8005; } diff --git a/docker/nginx/prod/app.conf.template b/docker/nginx/prod/app.conf.template index c9043dff..d40d2bb1 100644 --- a/docker/nginx/prod/app.conf.template +++ b/docker/nginx/prod/app.conf.template @@ -35,15 +35,19 @@ server { ssl_certificate /etc/nginx/ssl/live/${VACHAN_DOMAIN}/fullchain.pem; ssl_certificate_key /etc/nginx/ssl/live/${VACHAN_DOMAIN}/privkey.pem; - - location /graphql/ { - proxy_pass http://vachan-cms-graphql:8004; + location /v2/auth-access/ { + proxy_pass http://vachan-access:8007; } + location /v2/cms/rest/ { proxy_pass http://vachan-cms-rest:8005; } + location /graphql/ { + proxy_pass http://vachan-cms-graphql:8004; + } + location /v2/text/translate/token-based/ { proxy_pass http://vachan-tbt:8003; }