Mercurial > hg > orthanc-tests

annotate NewTests/Authorization/test_authorization.py @ 577:0649a19df194

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
new tests for auth-service
author Alain Mazy <am@osimis.io>
date Fri, 08 Sep 2023 12:03:50 +0200
parents 80ba6f1d521c
children c474f0f815b6
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
576
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
1 import unittest
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
2 import time
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
3 import pprint
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
4 import subprocess
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
5 from helpers import OrthancTestCase, Helpers
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
6
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
7 from orthanc_api_client import OrthancApiClient, generate_test_dicom_file
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
8 from orthanc_api_client import exceptions as orthanc_exceptions
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
9
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
10 import logging
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
11 import pathlib
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
12 here = pathlib.Path(__file__).parent.resolve()
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
13
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
14
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
15
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
16 class TestAuthorization(OrthancTestCase):
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
17
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
18 label_a_study_id = None
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
19 label_b_study_id = None
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
20 no_label_study_id = None
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
21 auth_service_process = None
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
22
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
23 @classmethod
577
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
24 def terminate(cls):
576
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
25 cls.auth_service_process.terminate()
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
26
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
27 @classmethod
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
28 def prepare(cls):
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
29 test_name = "Authorization"
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
30 storage_name = "authorization"
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
31
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
32 print(f'-------------- preparing {test_name} tests')
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
33
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
34 cls.clear_storage(storage_name=storage_name)
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
35
577
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
36 auth_service_hostname = "localhost"
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
37 if Helpers.is_docker():
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
38 auth_service_hostname = "auth-service"
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
39 cls.create_docker_network("auth-test-network")
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
40
576
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
41 config = {
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
42 "AuthenticationEnabled": False,
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
43 "Authorization": {
577
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
44 "WebServiceRootUrl": f"http://{auth_service_hostname}:8020/",
576
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
45 "StandardConfigurations": [
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
46 "orthanc-explorer-2",
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
47 "stone-webviewer"
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
48 ],
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
49 "CheckedLevel": "studies",
577
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
50 "TokenHttpHeaders": ["user-token-key", "resource-token-key"],
576
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
51 "TokenGetArguments": ["resource-token-key"]
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
52 }
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
53 }
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
54
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
55 config_path = cls.generate_configuration(
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
56 config_name=f"{test_name}",
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
57 storage_name=storage_name,
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
58 config=config,
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
59 plugins=Helpers.plugins
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
60 )
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
61
577
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
62 if Helpers.is_exe():
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
63 # Start the auth-service application as a subprocess and wait for it to start
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
64 cls.auth_service_process = subprocess.Popen(["uvicorn", "auth_service:app", "--host", "0.0.0.0", "--port", "8020"], cwd=here)
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
65 time.sleep(2)
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
66 else:
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
67 # first build the docker image for the auth-service
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
68 subprocess.run(["docker", "build", "-t", "auth-service", "."], cwd=here)
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
69 cls.auth_service_process = subprocess.Popen(["docker", "run", "-p", "8020:8020", "--network", "auth-test-network", "--name", "auth-service", "auth-service"])
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
70 pass
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
71
576
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
72
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
73 if Helpers.break_before_preparation:
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
74 print(f"++++ It is now time to start your Orthanc under tests with configuration file '{config_path}' +++++")
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
75 input("Press Enter to continue")
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
76 else:
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
77 cls.launch_orthanc_under_tests(
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
78 config_name=f"{test_name}",
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
79 storage_name=storage_name,
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
80 config=config,
577
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
81 plugins=Helpers.plugins,
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
82 docker_network="auth-test-network"
576
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
83 )
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
84
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
85 uploader = OrthancApiClient(cls.o._root_url, headers={"user-token-key": "token-uploader"})
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
86
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
87 uploader.delete_all_content()
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
88
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
89 # upload a few studies and add labels
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
90 instances_ids = uploader.upload_file(here / "../../Database/Knix/Loc/IM-0001-0001.dcm")
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
91 cls.label_a_study_id = uploader.instances.get_parent_study_id(instances_ids[0])
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
92 uploader.studies.add_label(cls.label_a_study_id, "label_a")
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
93
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
94 instances_ids = uploader.upload_file(here / "../../Database/Brainix/Epi/IM-0001-0001.dcm")
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
95 cls.label_b_study_id = uploader.instances.get_parent_study_id(instances_ids[0])
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
96 uploader.studies.add_label(cls.label_b_study_id, "label_b")
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
97
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
98 instances_ids = uploader.upload_file(here / "../../Database/Comunix/Pet/IM-0001-0001.dcm")
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
99 cls.no_label_study_id = uploader.instances.get_parent_study_id(instances_ids[0])
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
100
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
101
577
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
102 def assert_is_forbidden(self, api_call):
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
103 with self.assertRaises(orthanc_exceptions.HttpError) as ctx:
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
104 api_call()
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
105 self.assertEqual(403, ctx.exception.http_status_code)
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
106
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
107
576
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
108 def test_admin_user(self):
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
109
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
110 o = OrthancApiClient(self.o._root_url, headers={"user-token-key": "token-admin"})
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
111
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
112 # make sure we can access all these urls (they would throw if not)
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
113 system = o.get_system()
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
114
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
115 # make sure we can access all studies
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
116 o.studies.get_tags(self.no_label_study_id)
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
117 o.studies.get_tags(self.label_a_study_id)
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
118 o.studies.get_tags(self.label_b_study_id)
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
119
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
120 # make sure we can access series and instances of these studies
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
121 series_ids = o.studies.get_series_ids(self.label_a_study_id)
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
122 instances_ids = o.series.get_instances_ids(series_ids[0])
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
123 o.instances.get_tags(instances_ids[0])
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
124
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
125 # make sure labels filtering still works
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
126 self.assertEqual(3, len(o.studies.find(query={},
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
127 labels=[],
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
128 labels_constraint='Any')))
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
129
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
130 self.assertEqual(2, len(o.studies.find(query={},
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
131 labels=['label_a', 'label_b'],
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
132 labels_constraint='Any')))
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
133
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
134 self.assertEqual(2, len(o.studies.find(query={},
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
135 labels=['label_a'],
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
136 labels_constraint='None')))
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
137
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
138 all_labels = o.get_all_labels()
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
139 self.assertEqual(2, len(all_labels))
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
140
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
141 def test_user_a(self):
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
142
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
143 o = OrthancApiClient(self.o._root_url, headers={"user-token-key": "token-user-a"})
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
144
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
145 # # make sure we can access all these urls (they would throw if not)
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
146 # system = o.get_system()
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
147
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
148 all_labels = o.get_all_labels()
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
149 self.assertEqual(1, len(all_labels))
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
150 self.assertEqual("label_a", all_labels[0])
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
151
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
152 # make sure we can access only the label_a studies
577
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
153 self.assert_is_forbidden(lambda: o.studies.get_tags(self.label_b_study_id))
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
154 self.assert_is_forbidden(lambda: o.studies.get_tags(self.no_label_study_id))
576
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
155
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
156 # should not raise
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
157 o.studies.get_tags(self.label_a_study_id)
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
158
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
159 # make sure we can access series and instances of the label_a studies
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
160 series_ids = o.studies.get_series_ids(self.label_a_study_id)
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
161 instances_ids = o.series.get_instances_ids(series_ids[0])
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
162 o.instances.get_tags(instances_ids[0])
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
163
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
164 # make sure we can not access series and instances of the label_b studies
577
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
165 self.assert_is_forbidden(lambda: o.studies.get_series_ids(self.label_b_study_id))
576
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
166
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
167 # make sure tools/find only returns the label_a studies
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
168 studies = o.studies.find(query={},
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
169 labels=[],
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
170 labels_constraint='Any')
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
171 self.assertEqual(1, len(studies))
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
172 self.assertEqual(self.label_a_study_id, studies[0].orthanc_id)
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
173
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
174 # if searching Any of label_a & label_b, return only label_a
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
175 studies = o.studies.find(query={},
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
176 labels=['label_a', 'label_b'],
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
177 labels_constraint='Any')
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
178 self.assertEqual(1, len(studies))
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
179 self.assertEqual(self.label_a_study_id, studies[0].orthanc_id)
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
180
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
181 # if searching Any of label_b, expect a Forbidden access
577
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
182 self.assert_is_forbidden(lambda: o.studies.find(query={},
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
183 labels=['label_b'],
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
184 labels_constraint='Any'))
576
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
185
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
186 # if searching None of label_b, expect a Forbidden access because we are not able to compute this filter
577
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
187 self.assert_is_forbidden(lambda: o.studies.find(query={},
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
188 labels=['label_b'],
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
189 labels_constraint='None'))
576
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
190
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
191 # if searching All of label_b, expect a Forbidden access because we are not able to compute this filter
577
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
192 self.assert_is_forbidden(lambda: o.studies.find(query={},
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
193 labels=['label_b'],
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
194 labels_constraint='All'))
576
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
195
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
196 studies = o.studies.find(query={"PatientName": "KNIX"}, # KNIX is label_a
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
197 labels=[],
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
198 labels_constraint='Any')
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
199 self.assertEqual(1, len(studies))
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
200
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
201 studies = o.studies.find(query={"PatientName": "KNIX"}, # KNIX is label_a
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
202 labels=['label_a'],
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
203 labels_constraint='Any')
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
204 self.assertEqual(1, len(studies))
80ba6f1d521c new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff changeset
205
577
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
206 self.assert_is_forbidden(lambda: o.studies.find(query={"PatientName": "KNIX"}, # KNIX is label_a
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
207 labels=['label_b'],
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
208 labels_constraint='Any'))
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
209
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
210 # make sure some generic routes are not accessible
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
211 self.assert_is_forbidden(lambda: o.get_json('patients?expand'))
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
212 self.assert_is_forbidden(lambda: o.get_json('studies?expand'))
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
213 self.assert_is_forbidden(lambda: o.get_json('series?expand'))
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
214 self.assert_is_forbidden(lambda: o.get_json('instances?expand'))
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
215 self.assert_is_forbidden(lambda: o.get_json('studies'))
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
216 self.assert_is_forbidden(lambda: o.get_json('studies/'))
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
217
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
218
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
219
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
220 def test_resource_token(self):
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
221
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
222 o = OrthancApiClient(self.o._root_url, headers={"resource-token-key": "token-knix-study"})
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
223
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
224 # with a resource token, we can access only the given resource, not generic resources or resources from other studies
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
225
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
226 # generic resources are forbidden
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
227 self.assert_is_forbidden(lambda: o.studies.find(query={"PatientName": "KNIX"}, # KNIX is label_a
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
228 labels=['label_b'],
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
229 labels_constraint='Any'))
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
230 self.assert_is_forbidden(lambda: o.get_all_labels())
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
231 self.assert_is_forbidden(lambda: o.studies.get_all_ids())
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
232 self.assert_is_forbidden(lambda: o.patients.get_all_ids())
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
233 self.assert_is_forbidden(lambda: o.series.get_all_ids())
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
234 self.assert_is_forbidden(lambda: o.instances.get_all_ids())
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
235 self.assert_is_forbidden(lambda: o.get_json('patients?expand'))
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
236 self.assert_is_forbidden(lambda: o.get_json('studies?expand'))
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
237 self.assert_is_forbidden(lambda: o.get_json('series?expand'))
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
238 self.assert_is_forbidden(lambda: o.get_json('instances?expand'))
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
239
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
240 # some resources are still accessible to the 'anonymous' user -> does not throw
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
241 o.get_system()
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
242 o.lookup("1.2.3") # this route is still explicitely authorized because it is used by Stone
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
243
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
244 # other studies are forbidden
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
245 self.assert_is_forbidden(lambda: o.studies.get_series_ids(self.label_b_study_id))
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
246
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
247 # the label_a study is allowed
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
248 o.studies.get_series_ids(self.label_a_study_id)
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
249
0649a19df194 new tests for auth-service
Alain Mazy <am@osimis.io>
parents: 576
diff changeset
250 # TODO: test with DicomWEB routes + sub-routes