Skip to content

Commit

Permalink
add unit tests
Browse files Browse the repository at this point in the history
  • Loading branch information
@BinamB
BinamB committed Nov 23, 2021
1 parent 2cd1263 commit 3ab4776
Showing 1 changed file with 279 additions and 1 deletion.
280 changes: 279 additions & 1 deletion tests/test_drs.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -243,7 +243,7 @@ def test_get_presigned_url_with_query_params(
@patch("httpx.get")
@patch("fence.resources.google.utils._create_proxy_group")
@patch("fence.resources.ga4gh.passports.ArboristClient")
def test_get_presigned_url_with_passport_for_non_public_acl(
def test_get_presigned_url_for_non_public_data_with_passport(
mock_arborist,
mock_google_proxy_group,
mock_httpx_get,
Expand Down Expand Up @@ -394,3 +394,281 @@ def test_get_presigned_url_with_passport_for_non_public_acl(
data=json.dumps(data),
)
assert res.status_code == 200


@responses.activate
@pytest.mark.parametrize("indexd_client", ["s3", "gs"], indirect=True)
@patch("httpx.get")
@patch("fence.resources.google.utils._create_proxy_group")
@patch("fence.resources.ga4gh.passports.ArboristClient")
def test_get_presigned_url_with_passport_with_incorrect_authz(
mock_arborist,
mock_google_proxy_group,
mock_httpx_get,
client,
indexd_client,
kid,
rsa_private_key,
rsa_public_key,
indexd_client_accepting_record,
mock_arborist_requests,
google_proxy_group,
primary_google_service_account,
cloud_manager,
google_signed_url,
):
indexd_record_with_non_public_authz_and_public_acl_populated = {
"did": "1",
"baseid": "",
"rev": "",
"size": 10,
"file_name": "file1",
"urls": ["s3://bucket1/key", "gs://bucket1/key"],
"hashes": {},
"metadata": {},
"authz": ["/orgA/programs/phs000991.c1"],
"acl": ["*"],
"form": "",
"created_date": "",
"updated_date": "",
}
indexd_client_accepting_record(
indexd_record_with_non_public_authz_and_public_acl_populated
)
mock_arborist_requests({"arborist/auth/request": {"POST": ({"auth": False}, 200)}})
mock_arborist.return_value = MagicMock(ArboristClient)
mock_google_proxy_group.return_value = google_proxy_group

# Prepare Passport/Visa
headers = {"kid": kid}
decoded_visa = {
"iss": "https://stsstg.nih.gov",
"sub": "abcde12345aspdij",
"iat": int(time.time()),
"exp": int(time.time()) + 1000,
"scope": "openid ga4gh_passport_v1 email profile",
"jti": "jtiajoidasndokmasdl",
"txn": "sapidjspa.asipidja",
"name": "",
"ga4gh_visa_v1": {
"type": "https://ras.nih.gov/visas/v1.1",
"asserted": int(time.time()),
"value": "https://stsstg.nih.gov/passport/dbgap/v1.1",
"source": "https://ncbi.nlm.nih.gov/gap",
},
"ras_dbgap_permissions": [
{
"consent_name": "Health/Medical/Biomedical",
"phs_id": "phs000991",
"version": "v1",
"participant_set": "p1",
"consent_group": "c1",
"role": "designated user",
"expiration": int(time.time()) + 1001,
},
{
"consent_name": "General Research Use (IRB, PUB)",
"phs_id": "phs000961",
"version": "v1",
"participant_set": "p1",
"consent_group": "c1",
"role": "designated user",
"expiration": int(time.time()) + 1001,
},
{
"consent_name": "Disease-Specific (Cardiovascular Disease)",
"phs_id": "phs000279",
"version": "v2",
"participant_set": "p1",
"consent_group": "c1",
"role": "designated user",
"expiration": int(time.time()) + 1001,
},
{
"consent_name": "Health/Medical/Biomedical (IRB)",
"phs_id": "phs000286",
"version": "v6",
"participant_set": "p2",
"consent_group": "c3",
"role": "designated user",
"expiration": int(time.time()) + 1001,
},
{
"consent_name": "Disease-Specific (Focused Disease Only, IRB, NPU)",
"phs_id": "phs000289",
"version": "v6",
"participant_set": "p2",
"consent_group": "c2",
"role": "designated user",
"expiration": int(time.time()) + 1001,
},
{
"consent_name": "Disease-Specific (Autism Spectrum Disorder)",
"phs_id": "phs000298",
"version": "v4",
"participant_set": "p3",
"consent_group": "c1",
"role": "designated user",
"expiration": int(time.time()) + 1001,
},
],
}
encoded_visa = jwt.encode(
decoded_visa, key=rsa_private_key, headers=headers, algorithm="RS256"
).decode("utf-8")

passport_header = {
"type": "JWT",
"alg": "RS256",
"kid": kid,
}
passport = {
"iss": "https://stsstg.nih.gov",
"sub": "abcde12345aspdij",
"iat": int(time.time()),
"scope": "openid ga4gh_passport_v1 email profile",
"exp": int(time.time()) + 1000,
"ga4gh_passport_v1": [encoded_visa],
}
encoded_passport = jwt.encode(
passport, key=rsa_private_key, headers=passport_header, algorithm="RS256"
).decode("utf-8")

access_id = indexd_client["indexed_file_location"]
test_guid = "1"

passports = [encoded_passport]

data = {"passports": passports}

keys = [keypair.public_key_to_jwk() for keypair in flask.current_app.keypairs]
mock_httpx_get.return_value = httpx.Response(200, json={"keys": keys})

res = client.post(
"/ga4gh/drs/v1/objects/" + test_guid + "/access/" + access_id,
headers={
"Content-Type": "application/json",
},
data=json.dumps(data),
)
assert res.status_code == 401


@responses.activate
@pytest.mark.parametrize("indexd_client", ["s3", "gs"], indirect=True)
@patch("httpx.get")
@patch("fence.resources.google.utils._create_proxy_group")
@patch("fence.resources.ga4gh.passports.ArboristClient")
def test_get_presigned_url_for_public_data_with_no_passport(
mock_arborist,
mock_google_proxy_group,
mock_httpx_get,
client,
indexd_client,
kid,
rsa_private_key,
rsa_public_key,
indexd_client_accepting_record,
mock_arborist_requests,
google_proxy_group,
primary_google_service_account,
cloud_manager,
google_signed_url,
):
indexd_record_with_public_authz_and_public_acl_populated = {
"did": "1",
"baseid": "",
"rev": "",
"size": 10,
"file_name": "file1",
"urls": ["s3://bucket1/key", "gs://bucket1/key"],
"hashes": {},
"metadata": {},
"authz": ["/open"],
"acl": ["*"],
"form": "",
"created_date": "",
"updated_date": "",
}
indexd_client_accepting_record(
indexd_record_with_public_authz_and_public_acl_populated
)
mock_arborist_requests({"arborist/auth/request": {"POST": ({"auth": True}, 200)}})
mock_arborist.return_value = MagicMock(ArboristClient)
mock_google_proxy_group.return_value = google_proxy_group

access_id = indexd_client["indexed_file_location"]
test_guid = "1"

passports = []

data = {"passports": passports}

res = client.post(
"/ga4gh/drs/v1/objects/" + test_guid + "/access/" + access_id,
headers={
"Content-Type": "application/json",
},
data=json.dumps(data),
)
assert res.status_code == 200


@responses.activate
@pytest.mark.parametrize("indexd_client", ["s3", "gs"], indirect=True)
@patch("httpx.get")
@patch("fence.resources.google.utils._create_proxy_group")
@patch("fence.resources.ga4gh.passports.ArboristClient")
def test_get_presigned_url_for_non_public_data_with_no_passport(
mock_arborist,
mock_google_proxy_group,
mock_httpx_get,
client,
indexd_client,
kid,
rsa_private_key,
rsa_public_key,
indexd_client_accepting_record,
mock_arborist_requests,
google_proxy_group,
primary_google_service_account,
cloud_manager,
google_signed_url,
):
indexd_record_with_public_authz_and_non_public_acl_populated = {
"did": "1",
"baseid": "",
"rev": "",
"size": 10,
"file_name": "file1",
"urls": ["s3://bucket1/key", "gs://bucket1/key"],
"hashes": {},
"metadata": {},
"authz": ["/orgA/programs/phs000991.c1"],
"acl": ["*"],
"form": "",
"created_date": "",
"updated_date": "",
}
indexd_client_accepting_record(
indexd_record_with_public_authz_and_non_public_acl_populated
)
mock_arborist_requests({"arborist/auth/request": {"POST": ({"auth": False}, 200)}})
mock_arborist.return_value = MagicMock(ArboristClient)
mock_google_proxy_group.return_value = google_proxy_group

access_id = indexd_client["indexed_file_location"]
test_guid = "1"

passports = []

data = {"passports": passports}

res = client.post(
"/ga4gh/drs/v1/objects/" + test_guid + "/access/" + access_id,
headers={
"Content-Type": "application/json",
},
data=json.dumps(data),
)
assert res.status_code == 401

0 comments on commit 3ab4776

Please sign in to comment.