diff --git a/tests/fixtures.py b/tests/fixtures.py index df45b9b..183d6b0 100644 --- a/tests/fixtures.py +++ b/tests/fixtures.py @@ -7,6 +7,11 @@ import pytest from keyosk import config from keyosk import database +from keyosk.database import Account +from keyosk.database import AccountACLEntry +from keyosk.database import Domain +from keyosk.database import DomainAccessList +from keyosk.database import DomainPermission @contextlib.contextmanager @@ -37,7 +42,7 @@ def demo_database(request, tmp_path_factory): tmp_path = _pytest.tmpdir._mk_tmp(request, tmp_path_factory) accounts = [ - database.Account( + Account( username="lskywalker", encrypted_client_set_secret=passlib.hash.pbkdf2_sha512.hash( "xWingLuvr4evA" @@ -50,7 +55,7 @@ def demo_database(request, tmp_path_factory): "jedi": True, }, ), - database.Account( + Account( username="dvader", encrypted_client_set_secret=passlib.hash.pbkdf2_sha512.hash( "nobodyKnowsIKilledAllTheYounglings" @@ -63,15 +68,15 @@ def demo_database(request, tmp_path_factory): "jedi": False, }, ), - database.Account( + Account( username="hsolo", encrypted_client_set_secret=passlib.hash.pbkdf2_sha512.hash("landosux"), encrypted_server_set_secret=passlib.hash.pbkdf2_sha512.hash("12ab34cd"), enabled=True, extras={"full-name": "Han Solo", "homeworld": "Corellia", "jedi": False,}, ), - database.Account( - username="dexmachina", + Account( + username="deusexmachina", encrypted_client_set_secret=passlib.hash.pbkdf2_sha512.hash( "whenyouneedsomethingtosavetheday:whoyagonnacall" ), @@ -85,14 +90,14 @@ def demo_database(request, tmp_path_factory): "species": None, }, ), - database.Account( + Account( username="jack.oneill@airforce.gov", encrypted_client_set_secret=passlib.hash.pbkdf2_sha512.hash("topgun"), encrypted_server_set_secret=passlib.hash.pbkdf2_sha512.hash("987654321"), enabled=True, extras={"rank": "colonel", "species": "human",}, ), - database.Account( + Account( username="tealc@airforce.gov", encrypted_client_set_secret=passlib.hash.pbkdf2_sha512.hash( "yourloginpassword" @@ -101,7 +106,7 @@ def demo_database(request, tmp_path_factory): enabled=True, extras={"rank": None, "species": "jaffa"}, ), - database.Account( + Account( username="jonas.quinn@airforce.gov", encrypted_client_set_secret=passlib.hash.pbkdf2_sha512.hash( "d7409ed1dd0a485b8e09f7147ad0e3ab" @@ -113,7 +118,7 @@ def demo_database(request, tmp_path_factory): ] domains = [ - database.Domain( + Domain( name="star-wars", audience="stwr", title="Star Wars (by Disney)", @@ -126,7 +131,7 @@ def demo_database(request, tmp_path_factory): lifespan_access=datetime.timedelta(minutes=30), lifespan_refresh=datetime.timedelta(days=30), ), - database.Domain( + Domain( name="stargate", audience="sg1", title="Stargate SG-1", @@ -143,34 +148,141 @@ def demo_database(request, tmp_path_factory): with sqlite_database(tmp_path): with database.interface.atomic(): - database.Account.bulk_create(accounts) - database.Domain.bulk_create(domains) + Account.bulk_create(accounts) + Domain.bulk_create(domains) - starwars = database.Domain.get(database.Domain.name == "star-wars") - stargate = database.Domain.get(database.Domain.name == "stargate") + starwars = Domain.get(Domain.name == "star-wars") + stargate = Domain.get(Domain.name == "stargate") access_lists = [ - database.DomainAccessList(name="imperial-star-destroyer", domain=starwars), - database.DomainAccessList(name="millenium-falcon", domain=starwars), - database.DomainAccessList(name="x-wing", domain=starwars), - database.DomainAccessList(name="nebulon-b", domain=starwars), - database.DomainAccessList(name="p90", domain=stargate), - database.DomainAccessList(name="staff-weapon", domain=stargate), - database.DomainAccessList(name="zatniktel", domain=stargate), + DomainAccessList(name="imperial-star-destroyer", domain=starwars), + DomainAccessList(name="millenium-falcon", domain=starwars), + DomainAccessList(name="x-wing", domain=starwars), + DomainAccessList(name="nebulon-b", domain=starwars), + DomainAccessList(name="p90", domain=stargate), + DomainAccessList(name="staff-weapon", domain=stargate), + DomainAccessList(name="zatniktel", domain=stargate), ] permissions = [ - database.DomainPermission(name="access", bitindex=0, domain=starwars), - database.DomainPermission(name="fly", bitindex=1, domain=starwars), - database.DomainPermission(name="attack", bitindex=2, domain=starwars), - database.DomainPermission(name="own", bitindex=0, domain=stargate), - database.DomainPermission(name="fire", bitindex=1, domain=stargate), - database.DomainPermission(name="reload", bitindex=2, domain=stargate), - database.DomainPermission(name="repair", bitindex=3, domain=stargate), + DomainPermission(name="access", bitindex=0, domain=starwars), + DomainPermission(name="fly", bitindex=1, domain=starwars), + DomainPermission(name="attack", bitindex=2, domain=starwars), + DomainPermission(name="own", bitindex=0, domain=stargate), + DomainPermission(name="fire", bitindex=1, domain=stargate), + DomainPermission(name="reload", bitindex=2, domain=stargate), + DomainPermission(name="repair", bitindex=3, domain=stargate), ] with database.interface.atomic(): - database.DomainAccessList.bulk_create(access_lists) - database.DomainPermission.bulk_create(permissions) + DomainAccessList.bulk_create(access_lists) + DomainPermission.bulk_create(permissions) + + deusexmachina = Account.get(Account.username == "deusexmachina") + lskywalker = Account.get(Account.username == "lskywalker") + jackoneill = Account.get(Account.username == "jack.oneill@airforce.gov") + + sw_isd = DomainAccessList.get( + DomainAccessList.name == "imperial-star-destroyer" + ) + sg_zatniktel = DomainAccessList.get(DomainAccessList.name == "zatniktel") + + sw_access = DomainPermission.get(DomainPermission.name == "access") + sw_fly = DomainPermission.get(DomainPermission.name == "fly") + sw_attack = DomainPermission.get(DomainPermission.name == "attack") + sg_own = DomainPermission.get(DomainPermission.name == "own") + sg_fire = DomainPermission.get(DomainPermission.name == "fire") + sg_reload = DomainPermission.get(DomainPermission.name == "reload") + sg_repair = DomainPermission.get(DomainPermission.name == "repair") + + acls = [ + AccountACLEntry( + account=deusexmachina, + access_list=sw_isd, + permission=sw_access, + with_server_secret=True, + with_client_secret=False, + ), + AccountACLEntry( + account=deusexmachina, + access_list=sw_isd, + permission=sw_fly, + with_server_secret=True, + with_client_secret=False, + ), + AccountACLEntry( + account=deusexmachina, + access_list=sw_isd, + permission=sw_attack, + with_server_secret=True, + with_client_secret=False, + ), + AccountACLEntry( + account=deusexmachina, + access_list=sg_zatniktel, + permission=sg_own, + with_server_secret=True, + with_client_secret=False, + ), + AccountACLEntry( + account=deusexmachina, + access_list=sg_zatniktel, + permission=sg_fire, + with_server_secret=True, + with_client_secret=False, + ), + AccountACLEntry( + account=deusexmachina, + access_list=sg_zatniktel, + permission=sg_reload, + with_server_secret=True, + with_client_secret=False, + ), + AccountACLEntry( + account=deusexmachina, + access_list=sg_zatniktel, + permission=sg_repair, + with_server_secret=True, + with_client_secret=False, + ), + AccountACLEntry( + account=lskywalker, + access_list=sw_isd, + permission=sw_attack, + with_server_secret=True, + with_client_secret=True, + ), + AccountACLEntry( + account=lskywalker, + access_list=sw_isd, + permission=sw_access, + with_server_secret=True, + with_client_secret=False, + ), + AccountACLEntry( + account=jackoneill, + access_list=sg_zatniktel, + permission=sg_fire, + with_server_secret=True, + with_client_secret=True, + ), + AccountACLEntry( + account=jackoneill, + access_list=sg_zatniktel, + permission=sg_reload, + with_server_secret=True, + with_client_secret=True, + ), + AccountACLEntry( + account=jackoneill, + access_list=sg_zatniktel, + permission=sg_repair, + with_server_secret=True, + with_client_secret=False, + ), + ] + + with database.interface.atomic(): + AccountACLEntry.bulk_create(acls) yield