c402f1ff87
Adds in per user api keys to the backend of lemur.
the basics are:
- API Keys are really just JWTs with custom second length TTLs.
- API Keys are provided in the exact same ways JWTs are now.
- API Keys can be revoked/unrevoked at any time by their creator
as well as have their TTL Change at anytime.
- Users can create/view/list their own API Keys at will, and
an admin role has permission to modify all api keys in the
instance.
Adds in support for lemur api keys to the frontend of lemur.
doing this required a few changes to the backend as well, but it is
now all working (maybe not the best way though, review will determine
that).
- fixes inconsistency in moduleauthor name I inputted during the
first commit.
- Allows the revoke schema to optionally allow a full api_key object.
- Adds `/users/:user_id/api_keys/:api_key` and `/users/:user_id/api_keys`
endpoints.
- normalizes use of `userId` vs `userId`
- makes `put` call respond with a JWT so the frontend can show
the token on updating.
- adds in the API Key views for clicking "API Keys" on the main nav.
- adds in the API Key views for clicking into a users edit page.
- adds tests for the API Key backend views I added.
107 lines
3.3 KiB
Python
107 lines
3.3 KiB
Python
import pytest
|
|
|
|
from lemur.endpoints.views import * # noqa
|
|
from lemur.tests.factories import EndpointFactory, CertificateFactory
|
|
|
|
|
|
from .vectors import VALID_ADMIN_API_TOKEN, VALID_ADMIN_HEADER_TOKEN, VALID_USER_HEADER_TOKEN
|
|
|
|
|
|
def test_rotate_certificate(client, source_plugin):
|
|
from lemur.deployment.service import rotate_certificate
|
|
new_certificate = CertificateFactory()
|
|
endpoint = EndpointFactory()
|
|
|
|
rotate_certificate(endpoint, new_certificate)
|
|
assert endpoint.certificate == new_certificate
|
|
|
|
|
|
@pytest.mark.parametrize("token,status", [
|
|
(VALID_USER_HEADER_TOKEN, 404),
|
|
(VALID_ADMIN_HEADER_TOKEN, 404),
|
|
(VALID_ADMIN_API_TOKEN, 404),
|
|
('', 401)
|
|
])
|
|
def test_endpoint_get(client, token, status):
|
|
assert client.get(api.url_for(Endpoints, endpoint_id=1), headers=token).status_code == status
|
|
|
|
|
|
@pytest.mark.parametrize("token,status", [
|
|
(VALID_USER_HEADER_TOKEN, 405),
|
|
(VALID_ADMIN_HEADER_TOKEN, 405),
|
|
(VALID_ADMIN_API_TOKEN, 405),
|
|
('', 405)
|
|
])
|
|
def test_endpoint_post_(client, token, status):
|
|
assert client.post(api.url_for(Endpoints, endpoint_id=1), data={}, headers=token).status_code == status
|
|
|
|
|
|
@pytest.mark.parametrize("token,status", [
|
|
(VALID_USER_HEADER_TOKEN, 405),
|
|
(VALID_ADMIN_HEADER_TOKEN, 405),
|
|
(VALID_ADMIN_API_TOKEN, 405),
|
|
('', 405)
|
|
])
|
|
def test_endpoint_put(client, token, status):
|
|
assert client.put(api.url_for(Endpoints, endpoint_id=1), data={}, headers=token).status_code == status
|
|
|
|
|
|
@pytest.mark.parametrize("token,status", [
|
|
(VALID_USER_HEADER_TOKEN, 405),
|
|
(VALID_ADMIN_HEADER_TOKEN, 405),
|
|
(VALID_ADMIN_API_TOKEN, 405),
|
|
('', 405)
|
|
])
|
|
def test_endpoint_delete(client, token, status):
|
|
assert client.delete(api.url_for(Endpoints, endpoint_id=1), headers=token).status_code == status
|
|
|
|
|
|
@pytest.mark.parametrize("token,status", [
|
|
(VALID_USER_HEADER_TOKEN, 405),
|
|
(VALID_ADMIN_HEADER_TOKEN, 405),
|
|
(VALID_ADMIN_API_TOKEN, 405),
|
|
('', 405)
|
|
])
|
|
def test_endpoint_patch(client, token, status):
|
|
assert client.patch(api.url_for(Endpoints, endpoint_id=1), data={}, headers=token).status_code == status
|
|
|
|
|
|
@pytest.mark.parametrize("token,status", [
|
|
(VALID_USER_HEADER_TOKEN, 405),
|
|
(VALID_ADMIN_HEADER_TOKEN, 405),
|
|
(VALID_ADMIN_API_TOKEN, 405),
|
|
('', 405)
|
|
])
|
|
def test_endpoint_list_post_(client, token, status):
|
|
assert client.post(api.url_for(EndpointsList), data={}, headers=token).status_code == status
|
|
|
|
|
|
@pytest.mark.parametrize("token,status", [
|
|
(VALID_USER_HEADER_TOKEN, 200),
|
|
(VALID_ADMIN_HEADER_TOKEN, 200),
|
|
(VALID_ADMIN_API_TOKEN, 200),
|
|
('', 401)
|
|
])
|
|
def test_endpoint_list_get(client, token, status):
|
|
assert client.get(api.url_for(EndpointsList), headers=token).status_code == status
|
|
|
|
|
|
@pytest.mark.parametrize("token,status", [
|
|
(VALID_USER_HEADER_TOKEN, 405),
|
|
(VALID_ADMIN_HEADER_TOKEN, 405),
|
|
(VALID_ADMIN_API_TOKEN, 405),
|
|
('', 405)
|
|
])
|
|
def test_endpoint_list_delete(client, token, status):
|
|
assert client.delete(api.url_for(EndpointsList), headers=token).status_code == status
|
|
|
|
|
|
@pytest.mark.parametrize("token,status", [
|
|
(VALID_USER_HEADER_TOKEN, 405),
|
|
(VALID_ADMIN_HEADER_TOKEN, 405),
|
|
(VALID_ADMIN_API_TOKEN, 405),
|
|
('', 405)
|
|
])
|
|
def test_endpoint_list_patch(client, token, status):
|
|
assert client.patch(api.url_for(EndpointsList), data={}, headers=token).status_code == status
|