def test_set_inital_admin_twice(self):
# first create the user table
SetPasswordHandler.create_table(self.db_context)
admin_user = '******'
admin_pw = utils.crypt_password('admin_password')
# setup the inital user and it's password
SetPasswordHandler.create_admin_user(self.db_context,
username=admin_user,
crypted_password=admin_pw)
admin_user = '******'
admin_pw = utils.crypt_password('password_of_admin')
# setup the inital user and try to set it's password a second time
# - this will fail as the user could only be set once
SetPasswordHandler.create_admin_user(self.db_context,
username=admin_user,
crypted_password=admin_pw)
pw_handler = SetPasswordHandler(self.db_context)
msg = "old password missmatch!"
self.check_for_exeption(pw_handler,
'admin', 'password_of_admin', 'new_password',
Exception, message=msg)
pw_handler.set_password('admin', 'admin_password', 'new_password')
return
def test_set_inital_admin_twice(self):
# first create the user table
SetPasswordHandler.create_table(self.db_context)
admin_user = '******'
admin_pw = libcrypt_password('admin_password')
# setup the inital user and it's password
SetPasswordHandler.create_admin_user(self.db_context,
username=admin_user,
crypted_password=admin_pw)
admin_user = '******'
admin_pw = libcrypt_password('password_of_admin')
# setup the inital user and try to set it's password a second time
# - this will fail as the user could only be set once
SetPasswordHandler.create_admin_user(self.db_context,
username=admin_user,
crypted_password=admin_pw)
pw_handler = SetPasswordHandler(self.db_context)
msg = "old password missmatch!"
self.check_for_exeption(pw_handler,
'admin', 'password_of_admin', 'new_password',
Exception, message=msg)
pw_handler.set_password('admin', 'admin_password', 'new_password')
return
def create_admin_user(self):
"""
for testing we require the admin user to exist
"""
db_context = None # not required
SetPasswordHandler.create_table(db_context)
SetPasswordHandler.create_admin_user(
db_context,
username='******',
crypted_password=utils.crypt_password('nimda'))
def create_admin_user(self):
"""
for testing we require the admin user to exist
"""
sqlconnect = self.appconf.get('sqlalchemy.url')
engine = create_engine(sqlconnect)
db_context = DataBaseContext(engine.url)
SetPasswordHandler.create_table(db_context)
SetPasswordHandler.create_admin_user(
db_context,
username='******',
crypted_password=libcrypt_password('nimda'))
def create_admin_user(self):
"""
for testing we require the admin user to exist
"""
sqlconnect = self.appconf.get('sqlalchemy.url')
engine = create_engine(sqlconnect)
db_context = DataBaseContext(engine.url)
SetPasswordHandler.create_table(db_context)
SetPasswordHandler.create_admin_user(
db_context,
username='******',
crypted_password=libcrypt_password('nimda'))
def create_admin_user(self):
"""
for testing we require the admin user to exist
"""
sqlconnect = self.app.config.get('SQLALCHEMY_DATABASE_URI')
engine = create_engine(sqlconnect)
db_context = DataBaseContext(engine.url)
SetPasswordHandler.create_table(db_context)
SetPasswordHandler.create_admin_user(
db_context,
username='******',
crypted_password=utils.crypt_password('nimda'))
def test_set_password_various(app, db_context, user, oldpw, newpw, exception,
message):
SetPasswordHandler.create_table(db_context)
pw_handler = SetPasswordHandler(db_context)
admin_user = '******'
admin_pw = utils.crypt_password('old_password')
SetPasswordHandler.create_admin_user(db_context,
username=admin_user,
crypted_password=admin_pw)
check_for_exception(pw_handler, user, oldpw, newpw, exception, message)
# make sure that the password did not change in between and the
# password could be set correctly
pw_handler.set_password("admin", 'old_password', 'admin_password')
def test_set_password(app, db_context):
# first create the user table
SetPasswordHandler.create_table(db_context)
admin_user = "******"
admin_pw = utils.crypt_password("admin_password")
# setup the inital user and it's password
SetPasswordHandler.create_admin_user(
db_context, username=admin_user, crypted_password=admin_pw
)
# run a valid change of the admin password
pw_handler = SetPasswordHandler(db_context)
pw_handler.set_password(admin_user, "admin_password", "new_password")
def test_set_inital_admin_twice(app, db_context):
# first create the user table
SetPasswordHandler.create_table(db_context)
admin_user = "******"
admin_pw = utils.crypt_password("admin_password")
# setup the inital user and it's password
SetPasswordHandler.create_admin_user(
db_context, username=admin_user, crypted_password=admin_pw
)
admin_user = "******"
admin_pw = utils.crypt_password("password_of_admin")
# setup the inital user and try to set it's password a second time
# - this will fail as the user could only be set once
SetPasswordHandler.create_admin_user(
db_context, username=admin_user, crypted_password=admin_pw
)
pw_handler = SetPasswordHandler(db_context)
msg = "old password missmatch!"
check_for_exception(
pw_handler,
"admin",
"password_of_admin",
"new_password",
Exception,
message=msg,
)
pw_handler.set_password("admin", "admin_password", "new_password")
def setup_app(conf, conf_global=None, unitTest=False):
'''
setup_app is the hook, which is called, when the application is created
:param conf: the application configuration
:return: - nothing -
'''
if unitTest is True:
log.debug("Deleting previous tables...")
meta.metadata.drop_all(bind=meta.engine)
# Create the tables if they don't already exist
log.info("Creating tables...")
meta.metadata.create_all(bind=meta.engine)
# ---------------------------------------------------------------------- --
# for the cloud mode we require the admin_user table to
# manage the admin users to allow password setting
if 'linotpadmin.username' in conf and 'linotpadmin.password' in conf:
from linotp.lib.tools.set_password import SetPasswordHandler
from linotp.lib.tools.set_password import DataBaseContext
db_context = DataBaseContext(sql_url=meta.engine.url)
SetPasswordHandler.create_table(db_context)
# create the initial admin
admin_user = conf.get('linotpadmin.username', '')
admin_pw = conf.get('linotpadmin.password', '')
if admin_user and admin_pw:
SetPasswordHandler.create_admin_user(db_context,
username=admin_user,
crypted_password=admin_pw)
# ---------------------------------------------------------------------- --
#
# hook for schema upgrade -
# - called by paster setup-app or on the first request to linotp
#
# define the most recent target version
sql_data_model_version = "2.9.1.0"
# get the actual version - should be None or should be the same
# if migration is finished
current_data_model_version = get_config('sql_data_model_version')
#
# in case of unitTest the database has been erased and recreated - thus
# the db model update is not require - so we have already the most recent
# target version
if unitTest:
current_data_model_version = sql_data_model_version
set_config('sql_data_model_version',
sql_data_model_version,
typ='text')
if current_data_model_version != sql_data_model_version:
run_data_model_migration(meta, target_version=sql_data_model_version)
set_config('sql_data_model_version',
sql_data_model_version,
typ='text')
#
# create the secret key file if it does not exist
#
if "linotpSecretFile" in conf:
filename = conf.get("linotpSecretFile")
try:
open(filename)
except IOError:
log.warning(
"The Linotp Secret File could not be found. " +
"Creating a new one at %s", filename)
f_handle = open(filename, 'ab+')
secret = os.urandom(32 * 5)
f_handle.write(secret)
f_handle.close()
os.chmod(filename, 0400)
log.debug("linotpSecretFile: %s", filename)
set_defaults()
Session.commit()
init_logging_config()
log.info("Successfully set up.")
def init_db_tables(app, drop_data=False, add_defaults=True):
"""Initialise LinOTP database tables.
This function initialises the LinOTP tables given an empty database
(it also works if the database isn't empty).
:param drop_data: If `True`, all data will be cleared. Use with caution!
:param add_defaults: Adds default configuration variables if `True`.
Don't set this to `False` unless you know what you are doing.
"""
# Use `app.echo()` if available, otherwise standard logging.
echo = getattr(
app,
"echo",
lambda msg, v=0: log.log(logging.INFO if v else logging.ERROR, msg),
)
echo("Setting up database...", v=1)
try:
if app.config["AUDIT_DATABASE_URI"] != "OFF":
# The audit table is created in the configured audit database
# connection if audit is not turned off. The database model is
# added to SQLAlchemy if the file is imported.
import linotp.lib.audit.SQLAudit
if drop_data:
echo("Dropping tables to erase all data...", v=1)
db.drop_all()
echo(f"Creating tables...", v=1)
db.create_all()
run_data_model_migration(db.engine)
if add_defaults:
set_defaults(app)
# For the cloud mode, we require the `admin_user` table to
# manage the admin users to allow password setting
admin_username = app.config["ADMIN_USERNAME"]
admin_password = app.config["ADMIN_PASSWORD"]
if admin_username and admin_password:
echo("Setting up cloud admin user...", v=1)
from linotp.lib.tools.set_password import (
DataBaseContext,
SetPasswordHandler,
)
db_context = DataBaseContext(sql_url=db.engine.url)
SetPasswordHandler.create_table(db_context)
SetPasswordHandler.create_admin_user(
db_context,
username=admin_username,
crypted_password=admin_password,
)
except Exception as exx:
echo(f"Exception occured during database setup: {exx!r}")
db.session.rollback()
raise exx
db.session.commit()
def test_set_password(self):
# first create the user table
SetPasswordHandler.create_table(self.db_context)
admin_user = '******'
admin_pw = libcrypt_password('admin_password')
# setup the inital user and it's password
SetPasswordHandler.create_admin_user(self.db_context,
username=admin_user,
crypted_password=admin_pw)
# run a valid change of the admin password
pw_handler = SetPasswordHandler(self.db_context)
pw_handler.set_password(admin_user, 'admin_password', 'new_password')
# test for non existing user
msg = "no user 'username' found!"
self.check_for_exeption(pw_handler,
'username',
'old_password',
'new_password',
Exception,
message=msg)
# test for old password mismatch
msg = "old password missmatch!"
self.check_for_exeption(pw_handler,
'admin',
'old_password',
'new_password',
Exception,
message=msg)
# test for invalid new password using different data types
msg = "must be string, not None"
self.check_for_exeption(pw_handler,
'admin',
'new_password',
None,
Exception,
message=msg)
msg = "must be string, not int"
self.check_for_exeption(pw_handler,
'admin',
'new_password',
123456,
Exception,
message=msg)
msg = "must be string, not float"
self.check_for_exeption(pw_handler,
'admin',
'new_password',
1234.56,
Exception,
message=msg)
msg = "must be string, not DataBaseContext"
self.check_for_exeption(pw_handler,
'admin',
'new_password',
self.db_context,
Exception,
message=msg)
# make sure that the password did not change in between and the
# password could be set correctly
pw_handler.set_password(admin_user, 'new_password', 'admin_password')
return
def test_set_password(self):
# first create the user table
SetPasswordHandler.create_table(self.db_context)
admin_user = '******'
admin_pw = libcrypt_password('admin_password')
# setup the inital user and it's password
SetPasswordHandler.create_admin_user(self.db_context,
username=admin_user,
crypted_password=admin_pw)
# run a valid change of the admin password
pw_handler = SetPasswordHandler(self.db_context)
pw_handler.set_password(admin_user,
'admin_password',
'new_password')
# test for non existing user
msg = "no user 'username' found!"
self.check_for_exeption(pw_handler,
'username', 'old_password', 'new_password',
Exception, message=msg)
# test for old password mismatch
msg = "old password missmatch!"
self.check_for_exeption(pw_handler,
'admin', 'old_password', 'new_password',
Exception, message=msg)
# test for invalid new password using different data types
msg = "must be string, not None"
self.check_for_exeption(pw_handler,
'admin', 'new_password', None,
Exception, message=msg)
msg = "must be string, not int"
self.check_for_exeption(pw_handler,
'admin', 'new_password', 123456,
Exception, message=msg)
msg = "must be string, not float"
self.check_for_exeption(pw_handler,
'admin', 'new_password', 1234.56,
Exception, message=msg)
msg = "must be string, not DataBaseContext"
self.check_for_exeption(pw_handler,
'admin', 'new_password', self.db_context,
Exception, message=msg)
# make sure that the password did not change in between and the
# password could be set correctly
pw_handler.set_password(admin_user,
'new_password',
'admin_password')
return
