Mercurial > hg > orthanc-tests
annotate NewTests/Authorization/auth_service.py @ 722:6cdba3322ef0 find-refactoring
more find tests
author | Alain Mazy <am@orthanc.team> |
---|---|
date | Mon, 14 Oct 2024 17:21:47 +0200 |
parents | 3ac37a99a093 |
children |
rev | line source |
---|---|
576
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
1 from fastapi import FastAPI |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
2 import logging |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
3 from models import * |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
4 import pprint |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
5 |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
6 # Sample Authorization service that is started when the test starts. |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
7 # It does not check token validity and simply implements a set of basic users |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
8 |
577 | 9 |
10 logger = logging.getLogger() | |
11 logger.setLevel(logging.DEBUG) | |
12 | |
576
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
13 app = FastAPI() |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
14 |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
15 |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
16 |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
17 @app.post("/user/get-profile") |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
18 def get_user_profile(user_profile_request: UserProfileRequest): |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
19 logging.info("get user profile: " + user_profile_request.json()) |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
20 |
577 | 21 p = UserProfileResponse( |
22 name="anonymous", | |
23 permissions=[], | |
24 authorized_labels=[], | |
25 validity=60 | |
26 ) | |
27 | |
576
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
28 if user_profile_request.token_key == "user-token-key": |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
29 if user_profile_request.token_value == "token-uploader": |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
30 p = UserProfileResponse( |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
31 name="uploader", |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
32 permissions=["upload", "edit-labels", "delete", "view"], |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
33 authorized_labels=["*"], |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
34 validity=60 |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
35 ) |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
36 elif user_profile_request.token_value == "token-admin": |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
37 p = UserProfileResponse( |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
38 name="admin", |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
39 permissions=["all"], |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
40 authorized_labels=["*"], |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
41 validity=60 |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
42 ) |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
43 elif user_profile_request.token_value == "token-user-a": |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
44 p = UserProfileResponse( |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
45 name="user-a", |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
46 permissions=["view"], |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
47 authorized_labels=["label_a"], |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
48 validity=60 |
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
49 ) |
659
3ac37a99a093
new tests for auth: uploader-a
Alain Mazy <am@orthanc.team>
parents:
590
diff
changeset
|
50 elif user_profile_request.token_value == "token-uploader-a": # this use shall be able to upload anything but view only the labeled studies |
3ac37a99a093
new tests for auth: uploader-a
Alain Mazy <am@orthanc.team>
parents:
590
diff
changeset
|
51 p = UserProfileResponse( |
3ac37a99a093
new tests for auth: uploader-a
Alain Mazy <am@orthanc.team>
parents:
590
diff
changeset
|
52 name="uploader-a", |
3ac37a99a093
new tests for auth: uploader-a
Alain Mazy <am@orthanc.team>
parents:
590
diff
changeset
|
53 permissions=["view", "upload"], |
3ac37a99a093
new tests for auth: uploader-a
Alain Mazy <am@orthanc.team>
parents:
590
diff
changeset
|
54 authorized_labels=["label_a"], |
3ac37a99a093
new tests for auth: uploader-a
Alain Mazy <am@orthanc.team>
parents:
590
diff
changeset
|
55 validity=60 |
3ac37a99a093
new tests for auth: uploader-a
Alain Mazy <am@orthanc.team>
parents:
590
diff
changeset
|
56 ) |
577 | 57 |
58 return p | |
59 | |
60 | |
61 @app.post("/tokens/validate") | |
62 def validate_authorization(request: TokenValidationRequest): | |
63 | |
64 logging.info("validating token: " + request.json()) | |
576
80ba6f1d521c
new tests for authorization plugin (native only)
Alain Mazy <am@osimis.io>
parents:
diff
changeset
|
65 |
577 | 66 granted = False |
590
c28bd957cb93
new tests for auth wrt /tools/create-media
Alain Mazy <am@osimis.io>
parents:
577
diff
changeset
|
67 if request.token_value == "token-a-study": |
577 | 68 granted = request.orthanc_id == "b9c08539-26f93bde-c81ab0d7-bffaf2cb-a4d0bdd0" |
590
c28bd957cb93
new tests for auth wrt /tools/create-media
Alain Mazy <am@osimis.io>
parents:
577
diff
changeset
|
69 if request.token_value == "token-b-study": |
c28bd957cb93
new tests for auth wrt /tools/create-media
Alain Mazy <am@osimis.io>
parents:
577
diff
changeset
|
70 granted = request.orthanc_id == "27f7126f-4f66fb14-03f4081b-f9341db2-53925988" |
c28bd957cb93
new tests for auth wrt /tools/create-media
Alain Mazy <am@osimis.io>
parents:
577
diff
changeset
|
71 if request.token_value == "token-both-studies": |
c28bd957cb93
new tests for auth wrt /tools/create-media
Alain Mazy <am@osimis.io>
parents:
577
diff
changeset
|
72 granted = request.orthanc_id in ["b9c08539-26f93bde-c81ab0d7-bffaf2cb-a4d0bdd0", "27f7126f-4f66fb14-03f4081b-f9341db2-53925988"] |
577 | 73 |
74 response = TokenValidationResponse( | |
75 granted=granted, | |
76 validity=60 | |
77 ) | |
78 | |
79 logging.info("validate token: " + response.json()) | |
80 return response |