def testGetUnrevokedEntries(self):
"""Test that getting unrevoked entries returns all unrevoked users."""
user_1 = models.User()
user_1.is_key_revoked = False
user_1.email = '*****@*****.**'
user_1.save()
user_2 = models.User()
user_2.is_key_revoked = True
user_1.email = '*****@*****.**'
user_2.save()
unrevoked_users = models.User.get_unrevoked_users()
self.assertEqual(1, len(unrevoked_users))
self.assertIn(user_1, unrevoked_users)
self.assertNotIn(user_2, unrevoked_users)
def add_user():
"""Gets the requested users on get and stores new user(s) on post.
This one handler does get and post for add user. The get method is handled
by _render_user_add with the parameters for get_all, group_key, and user_key
each passed along. The post method is handled here by inserting the new user
or users into the database and redirecting to the user_list page.
Returns:
A list of the requested users for a get or redirects to the user_list page
after inserting users for a post.
"""
if flask.request.method == 'GET':
get_all = flask.request.args.get('get_all')
group_key = flask.request.args.get('group_key')
user_key = flask.request.args.get('user_key')
return _get_users_to_add(get_all, group_key, user_key)
manual = flask.request.form.get('manual')
users_list = json.loads(flask.request.form.get('users'))
config = ufo.get_user_config()
for submitted_user in users_list:
db_user = models.User()
db_user.name = submitted_user['name']
db_user.email = submitted_user['email']
db_user.domain = config.domain if manual is None else None
# Save on each user so that we can let the database check if the
# uniqueness constraint is fulfilled. i.e don't batch this because
# if one user is added more than once then the whole session will fail.
try:
db_user.save()
except custom_exceptions.UnableToSaveToDB as e:
flask.abort(e.code, e.message)
return user_list()
def testRegenerateKeyPair(self):
"""Whether a new key pair is generated that does not match the old one."""
user = models.User()
original_public_key = user.public_key
original_private_key = user.private_key
user.regenerate_key_pair()
self.assertNotEqual(original_public_key, user.public_key)
self.assertNotEqual(original_private_key, user.private_key)
def testGenerateKeyPair(self):
"""Whether the generated key_pair is valid, and with correct size."""
user = models.User()
rsa_public_key = RSA.importKey(user.public_key)
rsa_private_key = RSA.importKey(user.private_key)
self.assertEqual(2048, rsa_public_key.size() + 1)
self.assertEqual(2048, rsa_private_key.size() + 1)
message = os.urandom(8)
encrypted_message = rsa_public_key.encrypt(message, 12345)
self.assertEqual(message, rsa_private_key.decrypt(encrypted_message))
def testRevokedUsersAreNotInKeyString(self):
"""Test revoked users are not in key string.."""
fake_users = []
for fake_email_and_name in base_test.FAKE_EMAILS_AND_NAMES:
fake_user = models.User(email=fake_email_and_name['email'],
name=fake_email_and_name['name'],
is_key_revoked=True)
fake_user.save()
fake_users.append(fake_user)
key_string = key_distributor.KeyDistributor().make_key_string()
self.assertFalse(key_string)
def testUserToDict(self):
"""Whether the necessary fields match in a dictionary representation."""
user = models.User()
user.is_key_revoked = False
user_dict = user.to_dict()
self.assertEqual(user_dict['id'], user.id)
self.assertEqual(user_dict['email'], user.email)
self.assertEqual(user_dict['name'], user.name)
self.assertEqual(user_dict['private_key'], user.private_key)
self.assertEqual(user_dict['public_key'], user.public_key)
self.assertEqual(user_dict['access'], models.NOT_REVOKED_TEXT)
self.assertEqual(user_dict['accessChange'], models.DISABLE_TEXT)
user.is_key_revoked = True
user_dict = user.to_dict()
self.assertEqual(user_dict['access'], models.REVOKED_TEXT)
self.assertEqual(user_dict['accessChange'], models.ENABLE_TEXT)
def testListUsersHandler(self):
"""Test the list user handler gets users from the database."""
users = []
for fake_email_and_name in base_test.FAKE_EMAILS_AND_NAMES:
user = models.User(email=fake_email_and_name['email'],
name=fake_email_and_name['name'],
private_key=fake_email_and_name['pri'],
public_key=fake_email_and_name['pub'])
user.save()
users.append(user)
resp = self.client.get(flask.url_for('user_list'))
user_list_output = json.loads(resp.data[len(ufo.XSSI_PREFIX):])['items']
self.assertEquals(len(user_list_output),
len(base_test.FAKE_EMAILS_AND_NAMES))
for user in users:
self.assertIn(user.to_dict(), user_list_output)
def testUnrevokedUsersAreInKeyString(self):
"""Test unrevoked users are in key string.."""
fake_users = []
for fake_email_and_name in base_test.FAKE_EMAILS_AND_NAMES:
fake_user = models.User(email=fake_email_and_name['email'],
name=fake_email_and_name['name'],
is_key_revoked=False)
fake_user.save()
fake_users.append(fake_user)
key_string = key_distributor.KeyDistributor().make_key_string()
# There should be no PEM-format keys in an authorized_keys file
self.assertEquals(0, key_string.count('END PUBLIC KEY'))
for fake_user in fake_users:
self.assertIn(
RSA.importKey(fake_user.public_key).exportKey('OpenSSH'),
key_string)
def _CreateAndSaveFakeUser(self):
"""Create a fake user object, and save it into db."""
user = models.User(email=base_test.FAKE_EMAILS_AND_NAMES[0]['email'],
name=base_test.FAKE_EMAILS_AND_NAMES[0]['name'])
return user.save()