def test_user_can():
    myFactory = Faker()
    content = myFactory.text()

    # Create a new resource with a random name
    do = DataObject.create(content.encode())
    resc_name = uuid.uuid4().hex
    resc = Resource.create('/',
                           resc_name,
                           url="{}{}".format(cfg.protocol_cassandra, do.uuid))

    usr1 = User.find(USR1_NAME)
    usr2 = User.find(USR2_NAME)

    # usr1 should be admin
    assert resc.user_can(usr1, "read")
    # usr2 should not be admin, on root collection, only read
    assert resc.user_can(usr2, "read")
    assert not resc.user_can(usr2, "write")

    resc.delete()
Beispiel #2
0
 def authenticate_credentials(self, userid, password, request=None):
     """
     Authenticate the userid and password against username and password.
     """
     cass_user = User.find(userid)
     if cass_user is None or not cass_user.is_active():
         raise exceptions.AuthenticationFailed(_("User inactive or deleted."))
     if not cass_user.authenticate(password) and not ldap_authenticate(
         cass_user.uuid, password
     ):
         raise exceptions.AuthenticationFailed(_("Invalid username/password."))
     return (cass_user, None)
Beispiel #3
0
 def rm_user(self, args):
     """Remove a user."""
     if not args[ARG_NAME]:
         name = input(MSG_PROMPT_USER)
     else:
         name = args[ARG_NAME]
     user = User.find(name)
     if not user:
         self.print_error(MSG_USER_NOT_EXIST.format(name))
         return
     user.delete()
     print(MSG_USER_DELETED.format(name))
Beispiel #4
0
def user_view(request, name):
    """Render the view page for users"""
    # argument is the login name, not the uuid in Cassandra
    user = User.find(name)
    if not user:
        return redirect("users:home")
 
    ctx = {
        "req_user": request.user,
        "user_obj": user,
        "groups": [Group.find(gname) for gname in user.groups],
    }
    return render(request, "users/view.html", ctx)
Beispiel #5
0
    def process_request(self, request):
        """Process a request, add the user in the cache"""

        username = request.session.get("user")
        if not username:
            return None

        # Cache the user rather than hitting the database for
        # each request.  We can also invalidate the entry if the
        # user is marked as inactive.
        user = cache.get("user_{}".format(username), None)
        if not user:
            user = User.find(username)
        request.user = user
        cache.set("user_{}".format(username), user, 60)

        return None
Beispiel #6
0
def test_update():
    user_name = uuid.uuid4().hex
    email = uuid.uuid4().hex
    password = uuid.uuid4().hex
    administrator = True
    groups = ['grp1']
    notification_username = uuid.uuid4().hex

    # Simple create
    user = User.create(name=user_name,
                       email=email,
                       password=password,
                       administrator=administrator,
                       groups=groups)
    new_password = uuid.uuid4().hex
    new_email = uuid.uuid4().hex
    user.update(password=new_password)
    user.update(email=new_email, username=notification_username)
    user = User.find(user_name)
Beispiel #7
0
 def mk_ldap_user(self, args):
     """Create a new ldap user. Ask in the terminal for mandatory fields"""
     if not args[ARG_NAME]:
         name = input("Please enter the user's username: "******"Username {} already exists".format(name))
         return
     admin = input("Is this an administrator? [y/N] ")
     pwd = random_password(20)
     User.create(
         name=name,
         password=pwd,
         email="STORED_IN_LDAP",
         ldap=True,
         administrator=(admin.lower() in ["true", "y", "yes"]),
     )
     print(MSG_USER_CREATED.format(name))
Beispiel #8
0
def test_dict():
    user_name = uuid.uuid4().hex
    email = uuid.uuid4().hex
    password = uuid.uuid4().hex
    administrator = True
    groups = ['grp1']
    notification_username = uuid.uuid4().hex

    # Simple create
    user = User.create(name=user_name,
                       email=email,
                       password=password,
                       administrator=administrator,
                       groups=groups)
    user = User.find(user_name)

    user_dict = user.to_dict()
    assert user_dict['uuid'] == user.uuid
    assert user_dict['administrator'] == True
    user.delete()
Beispiel #9
0
def rm_user(request, name, uname):
    """Remove a user from a group"""
    group = Group.find(name)
    user = User.find(uname)
    if not request.user.administrator:
        raise PermissionDenied
    if user and group:
        removed, not_there, not_exist = group.rm_user(
            uname, username=request.user.name)
        if removed:
            msg = "'{}' has been removed from the group '{}'".format(
                uname, name)
        elif not_there:
            msg = "'{}' isn't in the group '{}'".format(uname, name)
        elif not_exist:
            msg = "'{}' doesn't exist".format(uname)
        messages.add_message(request, messages.INFO, msg)
    else:
        raise Http404
    return redirect("groups:view", name=name)
Beispiel #10
0
def delete_user(request, name):
    """Delete a user"""
    user = User.find(name)
    if not user:
        raise Http404

    if not request.user.administrator:
        raise PermissionDenied
 
    if request.method == "POST":
        user.delete(username=request.user.name)
        messages.add_message(
            request, messages.INFO, "The user '{}' has been deleted".format(user.name)
        )
        return redirect("users:home")

    # Requires delete on user
    ctx = {
        "user": user,
    }

    return render(request, "users/delete.html", ctx)
Beispiel #11
0
def edit_user(request, name):
    """Modify a user"""
    # Requires edit on user
    user = User.find(name)
    if not user:
        raise Http404()
 
    if not request.user.administrator:
        raise PermissionDenied
 
    if request.method == "POST":
        form = UserForm(request.POST)
        if form.is_valid():
            data = form.cleaned_data
            user.update(
                email=data["email"],
                administrator=data["administrator"],
                active=data["active"],
                username=request.user.name,
            )
            if data["password"] != user.password:
                user.update(password=data["password"], username=request.user.name)
            return redirect("users:home")
    else:
        initial_data = {
            "username": user.name,
            "email": user.email,
            "administrator": user.administrator,
            "active": user.active,
            "password": user.password,
        }
        form = UserForm(initial=initial_data)

    ctx = {
        "form": form,
        "user": user,
    }
 
    return render(request, "users/edit.html", ctx)
Beispiel #12
0
def test_create_acl_fail(mocker):
    list_read = ['grp1']
    list_write = ['grp1']
    user2 = User.find("user2")

    # Create a new collection with a random name
    coll_name = uuid.uuid4().hex + "/"
    coll = Collection.create('/', coll_name)

    mocker.patch('radon.model.collection.acemask_to_str',
                 return_value="wrong_oper")
    coll.create_acl_list(list_read, list_write)
    coll = Collection.find('/{}'.format(coll_name))
    # Test get_acl_list wrong operation name
    acl_list = coll.get_acl_list()
    assert acl_list == ([], [])

    coll.delete()

    # Check authorized actions for root
    coll = Collection.find("/")
    mocker.patch.object(Collection, 'get_acl_dict', return_value=None)
    assert coll.get_authorized_actions(user2) == set([])
Beispiel #13
0
 def mk_user(self, args):
     """Create a new user. Ask in the terminal for mandatory fields"""
     if not args[ARG_NAME]:
         name = input("Please enter the user's username: "******"Username {} already exists".format(name))
         return
     admin = input("Is this an administrator? [y/N] ")
     email = ""
     while not email:
         email = input("Please enter the user's email address: ")
     pwd = ""
     while not pwd:
         pwd = getpass("Please enter the user's password: "******"true", "y", "yes"]),
     )
     print(MSG_USER_CREATED.format(name))
Beispiel #14
0
def test_create_acl():
    list_read = ['grp1']
    list_write = ['grp1']
    user1 = User.find("user1")
    user2 = User.find("user2")

    # Create a new collection with a random name
    coll_name = uuid.uuid4().hex + "/"
    coll = Collection.create('/', coll_name)

    # Test Read/Write ACL
    coll.create_acl_list(list_read, list_write)
    coll = Collection.find('/{}'.format(coll_name))
    acl = coll.get_acl_dict()
    assert acl['grp1'].acemask == 95
    acl_list = coll.get_acl_list()
    assert acl_list == (list_read, list_write)
    assert coll.get_authorized_actions(user2) == {
        'edit', 'write', 'delete', 'read'
    }
    cdmi_acl = coll.get_acl_metadata()
    assert 'cdmi_acl' in cdmi_acl

    # Test Read ACL
    coll.create_acl_list(list_read, [])
    coll = Collection.find('/{}'.format(coll_name))
    acl = coll.get_acl_dict()
    assert acl['grp1'].acemask == 9
    acl_list = coll.get_acl_list()
    assert acl_list == (list_read, [])
    assert coll.get_authorized_actions(user2) == {'read'}

    # Test Write ACL
    coll.create_acl_list([], list_write)
    coll = Collection.find('/{}'.format(coll_name))
    acl = coll.get_acl_dict()
    assert acl['grp1'].acemask == 86
    acl_list = coll.get_acl_list()
    assert acl_list == ([], list_write)
    assert coll.get_authorized_actions(user2) == {'edit', 'write', 'delete'}

    #     # Test the ACL metadata returned as a dictionary
    #     acl = coll.get_acl_metadata()
    #     assert acl['cdmi_acl'][0]['acetype'] == "ALLOW"
    #     assert acl['cdmi_acl'][0]['identifier'] == "grp1"
    #     assert acl['cdmi_acl'][0]['aceflags'] == 'CONTAINER_INHERIT, OBJECT_INHERIT'
    #     assert acl['cdmi_acl'][0]['acemask'] == 'DELETE_SUBCONTAINER, WRITE_METADATA, ADD_SUBCONTAINER, ADD_OBJECT'

    coll.delete()

    # Check authorized actions for root
    coll = Collection.find("/")
    assert coll.get_authorized_actions(user1) == {
        'edit', 'write', 'delete', 'read'
    }

    # Check the inheritance of the ACL
    # (from a collection to its parents, root in this test)
    coll = Collection.create('/', coll_name)
    assert coll.get_authorized_actions(user2) == {'read'}
    coll.delete()
def test_acl():
    list_read = [GRP1_NAME]
    list_write = [GRP1_NAME]

    coll_name = uuid.uuid4().hex
    coll = Collection.create('/', coll_name)
    myFactory = Faker()
    content = myFactory.text()

    # Read/Write resource stored in Cassandra
    do = DataObject.create(content.encode())
    resc_name = uuid.uuid4().hex
    resc = Resource.create(coll.path,
                           resc_name,
                           url="{}{}".format(cfg.protocol_cassandra, do.uuid))
    resc.create_acl_list(list_read, list_write)
    resc = Resource.find(resc.path)

    assert resc.get_acl_dict()[GRP1_NAME].acemask == 95  # read/write
    assert resc.get_authorized_actions(
        User.find(USR2_NAME)) == {'delete', 'read', 'edit', 'write'}
    read_access, write_access = resc.get_acl_list()
    assert read_access == [GRP1_NAME]
    assert write_access == [GRP1_NAME]
    cdmi_acl = resc.get_acl_metadata()
    assert 'cdmi_acl' in cdmi_acl

    cdmi_acl = [{
        'identifier': GRP1_NAME,
        'acetype': 'ALLOW',
        'aceflags': "INHERITED",
        'acemask': "READ"
    }]
    resc.update_acl_cdmi(cdmi_acl)

    resc.delete()

    # Read resource stored in Cassandra
    do = DataObject.create(content.encode())
    resc_name = uuid.uuid4().hex
    resc = Resource.create(coll.path,
                           resc_name,
                           url="{}{}".format(cfg.protocol_cassandra, do.uuid))
    resc.create_acl_list(list_read, [])
    resc = Resource.find(resc.path)
    assert resc.get_acl_dict()[GRP1_NAME].acemask == 9  # read
    assert resc.get_authorized_actions(User.find(USR2_NAME)) == {'read'}
    read_access, write_access = resc.get_acl_list()
    assert read_access == [GRP1_NAME]
    assert write_access == []
    resc.delete()

    # Write resource stored in Cassandra
    do = DataObject.create(content.encode())
    resc_name = uuid.uuid4().hex
    resc = Resource.create(coll.path,
                           resc_name,
                           url="{}{}".format(cfg.protocol_cassandra, do.uuid))
    resc.create_acl_list([], list_write)
    resc = Resource.find(resc.path)
    assert resc.get_acl_dict()[GRP1_NAME].acemask == 86  # write
    assert resc.get_authorized_actions(
        User.find(USR2_NAME)) == {'edit', 'delete', 'write'}
    read_access, write_access = resc.get_acl_list()
    assert read_access == []
    assert write_access == [GRP1_NAME]

    resc.delete()

    # Resource stored in Cassandra, acl inherited from root
    do = DataObject.create(content.encode())
    resc_name = uuid.uuid4().hex
    resc = Resource.create(coll.path,
                           resc_name,
                           url="{}{}".format(cfg.protocol_cassandra, do.uuid))
    assert resc.get_authorized_actions(User.find(USR2_NAME)) == {"read"}
    resc.delete()

    # Read/Write resource stored as a reference
    resc_name = uuid.uuid4().hex
    resc = Resource.create(coll.path, resc_name, url="http://www.google.fr")
    resc.create_acl_list(list_read, list_write)
    resc = Resource.find(resc.path)
    assert resc.get_acl_dict()[GRP1_NAME].acemask == 95
    assert resc.get_authorized_actions(
        User.find(USR2_NAME)) == {'delete', 'read', 'edit', 'write'}
    resc.delete()

    coll.delete()