def Run(self):
with test_lib.FakeTime(42):
self.CreateAdminUser(u"requestor")
client_id = self.SetupClient(0)
# Delete the certificate as it's being regenerated every time the
# client is created.
with aff4.FACTORY.Open(client_id, mode="rw",
token=self.token) as grr_client:
grr_client.DeleteAttribute(grr_client.Schema.CERT)
with test_lib.FakeTime(44):
approval_id = self.RequestClientApproval(
client_id.Basename(),
reason="foo",
approver=self.token.username,
requestor=u"requestor")
with test_lib.FakeTime(126):
self.Check("GrantClientApproval",
args=user_plugin.ApiGrantClientApprovalArgs(
client_id=client_id.Basename(),
approval_id=approval_id,
username=u"requestor"),
replace={approval_id: "approval:111111"})
def testSendsEmailWithApprovalGrantInformation(self):
approval_id = self.RequestClientApproval(self.client_id,
reason="requestreason",
requestor="requestuser")
with mock.patch.object(email_alerts.EMAIL_ALERTER,
"SendEmail") as send_fn:
self.handler.Handle(
user_plugin.ApiGrantClientApprovalArgs(
client_id=self.client_id,
approval_id=approval_id,
username="******"), self.context)
send_fn.assert_called_once()
message = send_fn.call_args[1]["message"]
self.assertIn(
(f"href=\"http://localhost:8000/v2/clients/{self.client_id}\""),
message)
# Check for correct link to legacy UI.
# TODO: Remove once new UI is stable.
self.assertIn(
f"href=\"http://localhost:8000/#/clients/{self.client_id}\"",
message)
self.assertIn(self.context.username, message)
self.assertIn("requestreason", message)
self.assertIn(self.client_id, message)
def Run(self):
with test_lib.FakeTime(42):
self.CreateAdminUser(u"requestor")
client_id = self.SetupClient(0)
with test_lib.FakeTime(44):
approval_id = self.RequestClientApproval(
client_id,
reason="foo",
approver=self.token.username,
requestor=u"requestor")
with test_lib.FakeTime(126):
self.Check("GrantClientApproval",
args=user_plugin.ApiGrantClientApprovalArgs(
client_id=client_id,
approval_id=approval_id,
username=u"requestor"),
replace={approval_id: "approval:111111"})
def GrantClientApproval(self,
client_id,
requestor=None,
approval_id=None,
approver=u"approver",
admin=True):
"""Grant an approval from approver to delegate.
Args:
client_id: ClientURN
requestor: username string of the user receiving approval.
approval_id: id of the approval to grant.
approver: username string of the user granting approval.
admin: If True, make approver an admin user.
Raises:
ValueError: if approval_id is empty.
"""
if not approval_id:
raise ValueError("approval_id can't be empty.")
if hasattr(client_id, "Basename"):
client_id = client_id.Basename()
if not requestor:
requestor = self.token.username
self.CreateUser(requestor)
if admin:
self.CreateAdminUser(approver)
else:
self.CreateUser(approver)
if not requestor:
requestor = self.token.username
args = api_user.ApiGrantClientApprovalArgs(client_id=client_id,
username=requestor,
approval_id=approval_id)
handler = api_user.ApiGrantClientApprovalHandler()
handler.Handle(args, token=access_control.ACLToken(username=approver))
def GrantClientApproval(self,
client_id,
requestor=None,
approval_id=None,
approver=u"approver",
admin=True):
"""Grant an approval from approver to delegate.
Args:
client_id: Client id.
requestor: username string of the user receiving approval.
approval_id: id of the approval to grant.
approver: username string of the user granting approval.
admin: If True, make approver an admin user.
Raises:
ValueError: if approval_id is empty.
"""
if not approval_id:
raise ValueError("approval_id can't be empty.")
if not requestor:
requestor = self.test_username
self.CreateUser(requestor)
if admin:
self.CreateAdminUser(approver)
else:
self.CreateUser(approver)
if not requestor:
requestor = self.test_username
args = api_user.ApiGrantClientApprovalArgs(client_id=client_id,
username=requestor,
approval_id=approval_id)
handler = api_user.ApiGrantClientApprovalHandler()
handler.Handle(
args, context=api_call_context.ApiCallContext(username=approver))
