def decline_test(self):
ns_inv_data = self.ns_inv_data
test_ns = Nodespace.get_existing_nodespace(PGDB_TEST, TestData.NODESPACE_1["nodespace_name"])
admin_user = User.get_existing_user_by_email(PGDB_TEST, TestData.USER_ADMIN["email_addr"])
ns_inv_data["nodespace_id"] = test_ns.nodespace_id
ns_inv_data["creator"] = admin_user.user_id
with AutoRollbackTransaction() as test_trans:
ns_invitation = NodespaceInvitation.create_new_invitation(
PGDB_TEST,
ns_inv_data["nodespace_invitation_code"],
ns_inv_data["invitee_email_addr"],
ns_inv_data["nodespace_id"],
ns_inv_data["initial_nodespace_privileges"],
ns_inv_data["invitation_msg"],
ns_inv_data["creator"],
)
decision_date_lb = DateTimeUtil.datetime_now_utc_aware()
ns_invitation.decline_invitation(PGDB_TEST)
ns_invitation = NodespaceInvitation.get_existing_invitation(
PGDB_TEST, ns_inv_data["nodespace_invitation_code"]
)
assert ns_invitation.was_accepted == False
assert decision_date_lb <= ns_invitation.decision_date <= DateTimeUtil.datetime_now_utc_aware()
def NodespacePrivilegeChecker_tests():
ns_inv_data = TestData.NS_INV_HORATIO
test_ns = Nodespace.get_existing_nodespace(PGDB_TEST, TestData.NODESPACE_1["nodespace_name"])
admin_user = User.get_existing_user_by_email(PGDB_TEST, TestData.USER_ADMIN["email_addr"])
ns_inv_data["nodespace_id"] = test_ns.nodespace_id
ns_inv_data["creator"] = admin_user.user_id
with AutoRollbackTransaction() as test_trans:
ns_invitation = NodespaceInvitation.create_new_invitation(
PGDB_TEST,
ns_inv_data["nodespace_invitation_code"],
ns_inv_data["invitee_email_addr"],
ns_inv_data["nodespace_id"],
ns_inv_data["initial_nodespace_privileges"],
ns_inv_data["invitation_msg"],
ns_inv_data["creator"],
)
new_user = ns_invitation.create_user_and_accept_invitation(
DB_TUPLE_PT_NM,
ns_inv_data["invitee_username"],
ns_inv_data["invitee_password"],
ns_inv_data["invitee_user_statement"],
)
assert not NodespacePrivilegeChecker.is_allowed_to_do(
DB_TUPLE_PT_NM, NodespacePrivilegeChecker.ALTER_NODESPACE_ACCESS_ACTION, test_ns, new_user, False
)
def accept_test(self):
ns_inv_data = self.ns_inv_data
test_ns = Nodespace.get_existing_nodespace(PGDB_TEST, TestData.NODESPACE_1["nodespace_name"])
admin_user = User.get_existing_user_by_email(PGDB_TEST, TestData.USER_ADMIN["email_addr"])
ns_inv_data["nodespace_id"] = test_ns.nodespace_id
ns_inv_data["creator"] = admin_user.user_id
with AutoRollbackTransaction() as test_trans:
ns_invitation = NodespaceInvitation.create_new_invitation(
PGDB_TEST,
ns_inv_data["nodespace_invitation_code"],
ns_inv_data["invitee_email_addr"],
ns_inv_data["nodespace_id"],
ns_inv_data["initial_nodespace_privileges"],
ns_inv_data["invitation_msg"],
ns_inv_data["creator"],
)
ns_inv_data["nodespace_invitation_id"] = ns_invitation.nodespace_invitation_id
ns_inv_data["nodespace_invitation_code"] = ns_invitation.nodespace_invitation_code
assert ns_inv_data["nodespace_invitation_code"] is not None
for field_name in NodespaceInvitation.FIELD_NAMES:
if field_name not in ["creation_date"]:
assert ns_inv_data[field_name] == vars(ns_invitation)[field_name]
ns_invitation = NodespaceInvitation.get_existing_invitation(
PGDB_TEST, ns_inv_data["nodespace_invitation_code"]
)
for field_name in NodespaceInvitation.FIELD_NAMES:
if field_name not in ["creation_date"]:
assert ns_inv_data[field_name] == vars(ns_invitation)[field_name]
decision_date_lb = DateTimeUtil.datetime_now_utc_aware()
ns_invitation.create_user_and_accept_invitation(
DB_TUPLE_PT_NM,
ns_inv_data["invitee_username"],
ns_inv_data["invitee_password"],
ns_inv_data["invitee_user_statement"],
)
assert ns_invitation.was_accepted == True
assert decision_date_lb <= ns_invitation.decision_date <= DateTimeUtil.datetime_now_utc_aware()
new_user = User.get_existing_user_by_email(PGDB_TEST, ns_inv_data["invitee_email_addr"])
assert new_user.user_id == ns_invitation.user_id
assert new_user.check_password(ns_inv_data["invitee_password"]) == True
def setup_test_pgdb():
# create the first user if they don't already exist
admin_user = User.get_existing_user_by_email(PGDB_TEST, TestData.USER_ADMIN["email_addr"])
if admin_user is None:
admin_data = TestData.USER_ADMIN
admin_user = User.create_new_user(
DB_TUPLE_TEST,
admin_data["email_addr"],
admin_data["username"],
admin_data["cleartext_password"],
admin_data["user_statement"],
admin_data["is_enabled"],
admin_data["metaspace_privileges"],
admin_data["creator"],
)
ns_data = TestData.NODESPACE_1
Nodespace.create_new_nodespace(
DB_TUPLE_TEST, ns_data["nodespace_name"], ns_data["nodespace_description"], admin_user.user_id
)
def Nodespace_test():
ns_data = TestData.NS_ARSFT
admin_user = User.get_existing_user_by_email(PGDB_TEST, TestData.USER_ADMIN["email_addr"])
ns_data["creator"] = admin_user.user_id
with AutoRollbackTransaction() as test_trans:
ns = Nodespace.create_new_nodespace(
DB_TUPLE_PT_NM, ns_data["nodespace_name"], ns_data["nodespace_description"], ns_data["creator"]
)
ns_data["nodespace_id"] = ns.nodespace_id
for field_name in Nodespace.FIELD_NAMES:
if field_name not in ["creation_date"]:
assert ns_data[field_name] == vars(ns)[field_name]
ns = Nodespace.get_existing_nodespace(PGDB_TEST, ns_data["nodespace_name"])
for field_name in Nodespace.FIELD_NAMES:
if field_name not in ["creation_date"]:
assert ns_data[field_name] == vars(ns)[field_name]
assert Nodespace.is_valid_nodespace_name("_named_like-a-private-pyth0n-var")
assert not Nodespace.is_valid_nodespace_name("")
def accept_test(self):
ms_inv_data = self.ms_inv_data
admin_user = User.get_existing_user_by_email(PGDB_TEST, TestData.USER_ADMIN["email_addr"])
ms_inv_data["creator"] = admin_user.user_id
with AutoRollbackTransaction() as test_trans:
creation_date_lb = DateTimeUtil.datetime_now_utc_aware()
ms_invitation = MetaspaceInvitation.create_new_invitation(
PGDB_TEST,
ms_inv_data["metaspace_invitation_code"],
ms_inv_data["invitee_email_addr"],
ms_inv_data["initial_metaspace_privileges"],
ms_inv_data["invitation_msg"],
ms_inv_data["creator"],
)
creation_date_ub = DateTimeUtil.datetime_now_utc_aware()
ms_inv_data["metaspace_invitation_id"] = ms_invitation.metaspace_invitation_id
ms_inv_data["metaspace_invitation_code"] = ms_invitation.metaspace_invitation_code
assert creation_date_lb <= ms_invitation.creation_date <= creation_date_ub
assert ms_inv_data["metaspace_invitation_code"] is not None
for field_name in MetaspaceInvitation.FIELD_NAMES:
if field_name not in ["creation_date"]:
assert ms_inv_data[field_name] == vars(ms_invitation)[field_name]
ms_invitation = MetaspaceInvitation.get_existing_invitation(
PGDB_TEST, ms_inv_data["metaspace_invitation_code"]
)
for field_name in MetaspaceInvitation.FIELD_NAMES:
if field_name not in ["creation_date"]:
assert ms_inv_data[field_name] == vars(ms_invitation)[field_name]
decision_date_lb = DateTimeUtil.datetime_now_utc_aware()
ms_invitation.create_user_and_accept_invitation(DB_TUPLE_PT_NM, "jasper", "passw0rd", "no comment")
assert ms_invitation.was_accepted
assert decision_date_lb <= ms_invitation.decision_date <= DateTimeUtil.datetime_now_utc_aware()
def decline_test(self):
ms_inv_data = self.ms_inv_data
admin_user = User.get_existing_user_by_email(PGDB_TEST, TestData.USER_ADMIN["email_addr"])
ms_inv_data["creator"] = admin_user.user_id
with AutoRollbackTransaction() as test_trans:
ms_invitation = MetaspaceInvitation.create_new_invitation(
PGDB_TEST,
ms_inv_data["metaspace_invitation_code"],
ms_inv_data["invitee_email_addr"],
ms_inv_data["initial_metaspace_privileges"],
ms_inv_data["invitation_msg"],
ms_inv_data["creator"],
)
decision_date_lb = DateTimeUtil.datetime_now_utc_aware()
ms_invitation.decline_invitation(PGDB_TEST)
assert not ms_invitation.was_accepted
assert decision_date_lb <= ms_invitation.decision_date <= DateTimeUtil.datetime_now_utc_aware()
ms_invitation = MetaspaceInvitation.get_existing_invitation(
PGDB_TEST, ms_inv_data["metaspace_invitation_code"]
)
assert not ms_invitation.was_accepted
def MetaspaceSession_tests():
user = User.get_existing_user_by_email(PGDB_TEST, TestData.USER_ADMIN["email_addr"])
with AutoRollbackTransaction() as test_trans:
creation_date_lb = DateTimeUtil.datetime_now_utc_aware()
ms_session = MetaspaceSession.create_new_session(PGDB_TEST, user.user_id)
creation_date_ub = DateTimeUtil.datetime_now_utc_aware()
assert user.user_id == ms_session.user_id
assert ms_session.is_session_valid()
assert creation_date_lb <= ms_session.creation_date <= creation_date_ub
last_visit_lb = DateTimeUtil.datetime_now_utc_aware()
ms_session.touch_session(PGDB_TEST)
last_visit_ub = DateTimeUtil.datetime_now_utc_aware()
assert last_visit_lb <= ms_session.last_visit <= last_visit_ub
ms_session = MetaspaceSession.get_existing_session(PGDB_TEST, ms_session.metaspace_session_id)
assert user.user_id == ms_session.user_id
assert ms_session.is_session_valid()
assert creation_date_lb <= ms_session.creation_date <= creation_date_ub
assert last_visit_lb <= ms_session.last_visit <= last_visit_ub
# fake session expiry for idle time being exceeded
old_ms_session_id = ms_session.metaspace_session_id
upd_params = {
"last_visit": web.SQLLiteral(
"last_visit - (interval '%i seconds')" % (MetaspaceSession.MAX_SESSION_IDLE_TIME + 60)
)
}
PGDB_TEST.update(
MetaspaceSession.TABLE_NAME,
where="metaspace_session_id = $metaspace_session_id",
vars={"metaspace_session_id": ms_session.metaspace_session_id},
**upd_params
)
ms_session = MetaspaceSession.get_existing_session(PGDB_TEST, ms_session.metaspace_session_id)
assert not ms_session.is_session_valid()
# force create a new session and see that it has the correct info
creation_date_lb = DateTimeUtil.datetime_now_utc_aware()
ms_session = MetaspaceSession.force_create_new_session(PGDB_TEST, user.user_id)
creation_date_ub = DateTimeUtil.datetime_now_utc_aware()
# there is actually a fleeting chance of the same session id, but it's exceedingly unlikely
assert ms_session.metaspace_session_id != old_ms_session_id
assert user.user_id == ms_session.user_id
assert ms_session.is_session_valid()
assert creation_date_lb <= ms_session.creation_date <= creation_date_ub
# fake session expiry for overall age
upd_params = {
"creation_date": web.SQLLiteral(
"creation_date - (interval '%i seconds')" % (MetaspaceSession.MAX_SESSION_AGE + 60)
)
}
PGDB_TEST.update(
MetaspaceSession.TABLE_NAME,
where="metaspace_session_id = $metaspace_session_id",
vars={"metaspace_session_id": ms_session.metaspace_session_id},
**upd_params
)
ms_session = MetaspaceSession.get_existing_session(PGDB_TEST, ms_session.metaspace_session_id)
assert not ms_session.is_session_valid()
# test killing the expired session, which should blank out the existing object and remove the session from the db
old_ms_session_id = ms_session.metaspace_session_id
ms_session.kill_session(PGDB_TEST)
assert ms_session.metaspace_session_id is None
assert MetaspaceSession.get_existing_session(PGDB_TEST, old_ms_session_id) is None
def MetaspacePrivilegeChecker_tests():
super_user = User()
super_user.user_id = -1
super_user.metaspace_privileges = MetaspacePrivilegeSet.create_from_list_of_strings([MetaspacePrivilegeSet.SUPER])
user_creator_user = User()
user_creator_user.user_id = -2
user_creator_user.metaspace_privileges = MetaspacePrivilegeSet.create_from_list_of_strings(
[MetaspacePrivilegeSet.CREATE_USER]
)
space_creator_user = User()
space_creator_user.user_id = -3
space_creator_user.metaspace_privileges = MetaspacePrivilegeSet.create_from_list_of_strings(
[MetaspacePrivilegeSet.CREATE_SPACE]
)
target_user = User()
target_user.user_id = -4
target_user.metaspace_privileges = MetaspacePrivilegeSet()
for temp_user in [super_user, user_creator_user, space_creator_user, target_user]:
setattr(temp_user, "email_addr", "*****@*****.**" % temp_user.user_id)
assert MetaspacePrivilegeChecker.is_allowed_to_do(
DB_TUPLE_PT_NM, MetaspacePrivilegeChecker.CREATE_USER_ACTION, None, super_user
)
assert MetaspacePrivilegeChecker.is_allowed_to_do(
DB_TUPLE_PT_NM, MetaspacePrivilegeChecker.CREATE_USER_ACTION, None, user_creator_user
)
assert MetaspacePrivilegeChecker.is_allowed_to_do(
DB_TUPLE_PT_NM, MetaspacePrivilegeChecker.ALTER_USER_INFO_ACTION, target_user, super_user
)
assert MetaspacePrivilegeChecker.is_allowed_to_do(
DB_TUPLE_PT_NM, MetaspacePrivilegeChecker.ALTER_USER_INFO_ACTION, target_user, target_user
)
assert not MetaspacePrivilegeChecker.is_allowed_to_do(
DB_TUPLE_PT_NM, MetaspacePrivilegeChecker.ALTER_USER_INFO_ACTION, target_user, user_creator_user, False
)
assert not MetaspacePrivilegeChecker.is_allowed_to_do(
DB_TUPLE_PT_NM, MetaspacePrivilegeChecker.ALTER_USER_ACCESS_ACTION, target_user, user_creator_user, False
)
assert not MetaspacePrivilegeChecker.is_allowed_to_do(
DB_TUPLE_PT_NM, MetaspacePrivilegeChecker.CREATE_USER_ACTION, None, space_creator_user, False
)
with AssertExceptionThrown(PrivilegeChecker.InsufficientPrivilegesException):
MetaspacePrivilegeChecker.is_allowed_to_do(
DB_TUPLE_PT_NM, MetaspacePrivilegeChecker.CREATE_USER_ACTION, None, space_creator_user
)
assert MetaspacePrivilegeChecker.is_allowed_to_do(
DB_TUPLE_PT_NM, MetaspacePrivilegeChecker.CREATE_SPACE_ACTION, None, space_creator_user
)
def User_create_and_retrieve_test():
hans_data = TestData.USER_HANS
admin_user = User.get_existing_user_by_email(PGDB_TEST, TestData.USER_ADMIN["email_addr"])
hans_data["creator"] = admin_user.user_id
with AutoRollbackTransaction() as test_trans:
creation_date_lb = DateTimeUtil.datetime_now_utc_aware()
hans = User.create_new_user(
DB_TUPLE_PT_NM,
hans_data["email_addr"],
hans_data["username"],
hans_data["cleartext_password"],
hans_data["user_statement"],
hans_data["is_enabled"],
hans_data["metaspace_privileges"],
hans_data["creator"],
)
creation_date_ub = DateTimeUtil.datetime_now_utc_aware()
hans_data["user_id"] = hans.user_id
hans_data["encrypted_password"] = hans.encrypted_password
assert creation_date_lb <= hans.creation_date <= creation_date_ub
for field_name in User.FIELD_NAMES:
if field_name not in ["creation_date"]:
assert hans_data[field_name] == vars(hans)[field_name]
assert hans.check_password(hans_data["cleartext_password"]) == True
assert hans.check_password(hans_data["new_cleartext_password"]) == False
hans_data["old_encrypted_password"] = hans_data["encrypted_password"]
hans_data["modifier"] = hans_data["creator"]
hans.set_and_save_user_info(
PGDB_TEST,
hans_data["new_username"],
hans_data["new_email_addr"],
hans_data["new_user_statement"],
hans_data["modifier"],
)
modification_date_lb = DateTimeUtil.datetime_now_utc_aware()
hans.set_and_save_metaspace_access(
PGDB_TEST, hans_data["new_is_enabled"], hans_data["new_metaspace_privileges"], hans_data["modifier"]
)
hans.set_and_save_encrypted_password(PGDB_TEST, hans_data["new_cleartext_password"], hans_data["modifier"])
modification_date_ub = DateTimeUtil.datetime_now_utc_aware()
hans = User.get_existing_user_by_email(PGDB_TEST, hans_data["new_email_addr"])
hans_data["encrypted_password"] = hans.encrypted_password
hans_by_id = User.get_existing_user_by_id(PGDB_TEST, hans.user_id)
for field_name in User.FIELD_NAMES:
assert getattr(hans, field_name) == getattr(hans_by_id, field_name)
assert modification_date_lb <= hans.modification_date <= modification_date_ub
assert hans.username == hans_data["new_username"]
assert hans.email_addr == hans_data["new_email_addr"]
assert hans.user_statement == hans_data["new_user_statement"]
assert hans.metaspace_privileges == hans_data["new_metaspace_privileges"]
assert hans.modifier == hans_data["modifier"]
assert hans.check_password(hans_data["new_cleartext_password"]) == True
assert hans.check_password(hans_data["cleartext_password"]) == False
assert hans_data["encrypted_password"] != hans_data["old_encrypted_password"]
latest_pw_chg_audit_entry = PasswordChangeAuditEntry.get_audit_log_entries_for_user(PGDB_TEST, hans.user_id)[0]
latest_ms_priv_audit_entry = MetaspacePrivilegeAuditEntry.get_audit_log_entries_for_user(
PGDB_TEST, hans.user_id
)[0]
assert latest_pw_chg_audit_entry.updated_user == hans.user_id
assert latest_pw_chg_audit_entry.updating_user == hans.modifier
assert modification_date_lb <= latest_pw_chg_audit_entry.passwd_chg_date <= modification_date_ub
assert latest_ms_priv_audit_entry.updated_user == hans.user_id
assert latest_ms_priv_audit_entry.updating_user == hans.modifier
assert latest_ms_priv_audit_entry.new_privileges == hans.metaspace_privileges
assert modification_date_lb <= latest_ms_priv_audit_entry.ms_priv_chg_date <= modification_date_ub
# the following lines are more testing AutoRollbackTransaction
hans = User.get_existing_user_by_email(PGDB_TEST, hans_data["email_addr"])
assert hans == None
hans = User.get_existing_user_by_email(PGDB_TEST, hans_data["new_email_addr"])
assert hans == None