def test_remove_member_removes_group_to_the_user(session, monkeypatch): # pylint:disable=unused-argument
"""Assert that accepting an invite adds group to the user."""
# Create a user in keycloak
keycloak_service = KeycloakService()
request = KeycloakScenario.create_user_request()
keycloak_service.add_user(request, return_if_exists=True)
kc_user = keycloak_service.get_user_by_username(request.user_name)
user = factory_user_model(TestUserInfo.get_user_with_kc_guid(kc_guid=kc_user.id))
# Patch token info
def token_info(): # pylint: disable=unused-argument; mocks of library methods
return {
'sub': str(kc_user.id),
'username': '******',
'realm_access': {
'roles': [
'edit'
]
},
'product_code': ProductCode.BUSINESS.value
}
monkeypatch.setattr('auth_api.services.keycloak.KeycloakService._get_token_info', token_info)
org = OrgService.create_org(TestOrgInfo.org1, user_id=user.id)
# Create another user
request = KeycloakScenario.create_user_request()
keycloak_service.add_user(request, return_if_exists=True)
kc_user2 = keycloak_service.get_user_by_username(request.user_name)
user2 = factory_user_model(TestUserInfo.get_user_with_kc_guid(kc_guid=kc_user2.id))
# Add a membership to the user for the org created
factory_membership_model(user2.id, org.as_dict().get('id'), member_type='COORDINATOR', member_status=4)
# Add a product to org
factory_product_model(org.as_dict().get('id'), product_code=ProductCode.BUSINESS.value)
# Find the membership and update to ACTIVE
membership = MembershipService.get_membership_for_org_and_user(org.as_dict().get('id'), user2.id)
active_membership_status = MembershipStatusCodeModel.get_membership_status_by_code(Status.ACTIVE.name)
updated_fields = {'membership_status': active_membership_status}
MembershipService(membership).update_membership(updated_fields=updated_fields, token_info=token_info())
user_groups = keycloak_service.get_user_groups(user_id=kc_user2.id)
groups = []
for group in user_groups:
groups.append(group.get('name'))
assert GROUP_ACCOUNT_HOLDERS in groups
# Find the membership and update to INACTIVE
active_membership_status = MembershipStatusCodeModel.get_membership_status_by_code(Status.INACTIVE.name)
updated_fields = {'membership_status': active_membership_status}
MembershipService(membership).update_membership(updated_fields=updated_fields, token_info=token_info())
user_groups = keycloak_service.get_user_groups(user_id=kc_user2.id)
groups = []
for group in user_groups:
groups.append(group.get('name'))
assert GROUP_ACCOUNT_HOLDERS not in groups
def test_delete_does_not_remove_user_from_account_holder_group(session, monkeypatch,
auth_mock): # pylint:disable=unused-argument
"""Assert that if the user has multiple Orgs, and deleting one doesn't remove account holders group."""
# Create a user in keycloak
keycloak_service = KeycloakService()
request = KeycloakScenario.create_user_request()
keycloak_service.add_user(request, return_if_exists=True)
kc_user = keycloak_service.get_user_by_username(request.user_name)
user = factory_user_model(TestUserInfo.get_user_with_kc_guid(kc_guid=kc_user.id))
# Patch token info
def token_info(): # pylint: disable=unused-argument; mocks of library methods
return {
'sub': str(kc_user.id),
'username': '******',
'realm_access': {
'roles': [
]
}
}
monkeypatch.setattr('auth_api.services.keycloak.KeycloakService._get_token_info', token_info)
org1 = OrgService.create_org(TestOrgInfo.org1, user_id=user.id)
OrgService.create_org(TestOrgInfo.org2, user_id=user.id)
OrgService.delete_org(org1.as_dict().get('id'), token_info())
user_groups = keycloak_service.get_user_groups(user_id=kc_user.id)
groups = []
for group in user_groups:
groups.append(group.get('name'))
assert GROUP_ACCOUNT_HOLDERS in groups
def test_create_org_adds_user_to_account_holders_group(session, monkeypatch): # pylint:disable=unused-argument
"""Assert that an Org creation adds the user to account holders group."""
# Create a user in keycloak
keycloak_service = KeycloakService()
request = KeycloakScenario.create_user_request()
keycloak_service.add_user(request, return_if_exists=True)
kc_user = keycloak_service.get_user_by_username(request.user_name)
user = factory_user_model(TestUserInfo.get_user_with_kc_guid(kc_guid=kc_user.id))
# Patch token info
def token_info(): # pylint: disable=unused-argument; mocks of library methods
return {
'sub': str(kc_user.id),
'username': '******',
'realm_access': {
'roles': [
]
}
}
monkeypatch.setattr('auth_api.services.keycloak.KeycloakService._get_token_info', token_info)
OrgService.create_org(TestOrgInfo.org1, user_id=user.id)
user_groups = keycloak_service.get_user_groups(user_id=kc_user.id)
groups = []
for group in user_groups:
groups.append(group.get('name'))
assert GROUP_ACCOUNT_HOLDERS in groups
def test_add_back_a_delete_bcros(client, jwt, session, keycloak_mock):
"""Assert different conditions of user deletion."""
org = factory_org_model(org_info=TestOrgInfo.org_anonymous)
user = factory_user_model(user_info=TestUserInfo.user_bcros_active)
factory_membership_model(user.id, org.id)
factory_product_model(org.id, product_code=ProductCode.DIR_SEARCH.value)
owner_claims = TestJwtClaims.get_test_real_user(user.keycloak_guid)
member = TestAnonymousMembership.generate_random_user(USER)
membership = [
member,
TestAnonymousMembership.generate_random_user(COORDINATOR)
]
UserService.create_user_and_add_membership(membership,
org.id,
token_info=owner_claims)
headers = factory_auth_header(jwt=jwt, claims=owner_claims)
member_user_id = IdpHint.BCROS.value + '/' + member.get('username')
rv = client.delete(f'/api/v1/users/{member_user_id}',
headers=headers,
content_type='application/json')
assert rv.status_code == http_status.HTTP_204_NO_CONTENT
kc_user = KeycloakService.get_user_by_username(member.get('username'))
assert kc_user.enabled is False
user_model = UserService.find_by_username(member_user_id)
assert user_model.as_dict().get('user_status') == UserStatus.INACTIVE.value
membership = MembershipModel.find_membership_by_userid(
user_model.identifier)
assert membership.status == Status.INACTIVE.value
def test_delete_otp_for_user(session, auth_mock, keycloak_mock):
"""Assert that the otp cant be reset."""
kc_service = KeycloakService()
org = factory_org_model(org_info=TestOrgInfo.org_anonymous)
admin_user = factory_user_model()
factory_membership_model(admin_user.id, org.id)
admin_claims = TestJwtClaims.get_test_real_user(admin_user.keycloak_guid)
membership = [TestAnonymousMembership.generate_random_user(USER)]
keycloak_service = KeycloakService()
request = KeycloakScenario.create_user_request()
request.user_name = membership[0]['username']
keycloak_service.add_user(request)
user = kc_service.get_user_by_username(request.user_name)
user = factory_user_model(TestUserInfo.get_bceid_user_with_kc_guid(user.id))
factory_membership_model(user.id, org.id)
UserService.delete_otp_for_user(user.username, admin_claims)
user1 = kc_service.get_user_by_username(request.user_name)
assert 'CONFIGURE_TOTP' in json.loads(user1.value()).get('requiredActions')
def test_create_org_adds_user_to_account_holders_group(session, monkeypatch): # pylint:disable=unused-argument
"""Assert that an Org creation adds the user to account holders group."""
# Create a user in keycloak
keycloak_service = KeycloakService()
request = KeycloakScenario.create_user_request()
keycloak_service.add_user(request, return_if_exists=True)
kc_user = keycloak_service.get_user_by_username(request.user_name)
user = factory_user_model(TestUserInfo.get_user_with_kc_guid(kc_guid=kc_user.id))
patch_token_info({'sub': user.keycloak_guid}, monkeypatch)
OrgService.create_org(TestOrgInfo.org1, user_id=user.id)
user_groups = keycloak_service.get_user_groups(user_id=kc_user.id)
groups = []
for group in user_groups:
groups.append(group.get('name'))
assert GROUP_ACCOUNT_HOLDERS in groups
def test_reset_bceid_user(session, auth_mock): # pylint: disable=unused-argument
"""Assert that reset data from a bceid user."""
keycloak_service = KeycloakService()
request = KeycloakScenario.create_user_by_user_info(
TestJwtClaims.tester_bceid_role)
keycloak_service.add_user(request, return_if_exists=True)
user = keycloak_service.get_user_by_username(request.user_name)
assert user is not None
user_id = user.id
user_with_token = TestUserInfo.user_bceid_tester
user_with_token['keycloak_guid'] = user_id
user = factory_user_model(user_info=user_with_token)
org = factory_org_model(user_id=user.id)
response = ResetDataService.reset(
TestJwtClaims.get_test_user(user_id, 'BCEID'))
assert response is None
found_org = OrgService.find_by_org_id(org.id)
assert found_org is None
def test_delete_does_not_remove_user_from_account_holder_group(session, monkeypatch,
auth_mock): # pylint:disable=unused-argument
"""Assert that if the user has multiple Orgs, and deleting one doesn't remove account holders group."""
# Create a user in keycloak
keycloak_service = KeycloakService()
request = KeycloakScenario.create_user_request()
keycloak_service.add_user(request, return_if_exists=True)
kc_user = keycloak_service.get_user_by_username(request.user_name)
user = factory_user_model(TestUserInfo.get_user_with_kc_guid(kc_guid=kc_user.id))
patch_token_info({'sub': user.keycloak_guid}, monkeypatch)
patch_pay_account_delete(monkeypatch)
org1 = OrgService.create_org(TestOrgInfo.org1, user_id=user.id)
OrgService.create_org(TestOrgInfo.org2, user_id=user.id)
OrgService.delete_org(org1.as_dict().get('id'))
user_groups = keycloak_service.get_user_groups(user_id=kc_user.id)
groups = []
for group in user_groups:
groups.append(group.get('name'))
assert GROUP_ACCOUNT_HOLDERS in groups
