def test_search_empty_pattern(self): """User searching with an empty pattern returns all users in database succeeds """ name = "*****@*****.**" sshkey = "railway" comment = "speedy" name2 = "*****@*****.**" sshkey2 = "coffeshop" comment2 = "slow" res_list = [] u = user.User(name=name, sshkey=sshkey, comment=comment) u2 = user.User(name=name2, sshkey=sshkey2, comment=comment2) db.session.add(u) db.session.add(u2) db.session.commit() query = db.session.query(user.User.name).filter( user.User.name.like('%' + "" + '%')).order_by( user.User.name).all() for row in query: res_list.append(str(row[0])) res_list = "\n".join(res_list) assert_equal(res_list, "[email protected]\[email protected]")
def user_create(): """Add a user in the database""" # Check if fields are OK to be imported # Some fields are mandatory res = check_user_form(["name", "sshkey"], request) if res is not True: return res hashkey = utils.sshkey_good_format(request.form["sshkey"]) if request.form.get("logfilesize"): u = user.User(name=request.form["name"], sshkey=request.form["sshkey"], sshkeyhash=utils.sshkey_good_format( request.form["sshkey"]), comment=request.form["comment"], logfilesize=request.form.get("logfilesize")) else: u = user.User(name=request.form["name"], sshkey=request.form["sshkey"], sshkeyhash=hashkey, comment=request.form["comment"]) res = utils.db_add_commit(u) if res is not True: return res # Add the SSH key in the file authorized_keys res = utils.write_authorized_keys(request.form["name"], request.form["sshkey"]) if res is not True: return res return utils.response('OK: "' + request.form["name"] + '" -> created', 200)
def test_create_existing_sshkey(self): """User creation in database with an already used sshkey fails """ name = "*****@*****.**" sshkey = """ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAdH3Dwen9fNgBxZ+QrR3wt9TSQt1+kizp9uz6heudbZ9J6+xghvDnTmwhcm7MROLXG9FMHPtDXNviVmwa/Pj/EQp/2390XT8BLy9/yYpfMrbYSSJEcnchd7EA1U1txjc5mQbWTxiXFcM6UifwF1cjJrOda0OZpR+BdoEkpLrkyuTOWgdV5zoVu0pLrSJNdHAFEtPZ0yaTuX3ufk3ScSeIdXyj4qaX/T0mIuXmfP89yy0ipFMiimXvi/D2Q+MMDAjbDQuW1YlX730hgKJTZD+X5RkNHFHpggTLpvvRDffhqxuBvQNNgUk0hPQ6gFgQIgVIgjIiJkM/j0Ayig+k+4hT [email protected]""" comment = "An awesome comment man" u = user.User(name=name, sshkey=sshkey, comment=comment) db.session.add(u) db.session.commit() u = user.User(name="*****@*****.**", sshkey=sshkey, comment=comment) db.session.add(u) db.session.commit()
def test_edit(self): """User edition in database succeeds""" name = "*****@*****.**" sshkey = """ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAdH3Dwen9fNgBxZ+QrR3wt9TSQt1+kizp9uz6heudbZ9J6+xghvDnTmwhcm7MROLXG9FMHPtDXNviVmwa/Pj/EQp/2390XT8BLy9/yYpfMrbYSSJEcnchd7EA1U1txjc5mQbWTxiXFcM6UifwF1cjJrOda0OZpR+BdoEkpLrkyuTOWgdV5zoVu0pLrSJNdHAFEtPZ0yaTuX3ufk3ScSeIdXyj4qaX/T0mIuXmfP89yy0ipFMiimXvi/D2Q+MMDAjbDQuW1YlX730hgKJTZD+X5RkNHFHpggTLpvvRDffhqxuBvQNNgUk0hPQ6gFgQIgVIgjIiJkM/j0Ayig+k+4hT [email protected]""" comment = "That comment" new_name = "*****@*****.**" new_sshkey = """A short key""" new_comment = "A new comment" u = user.User(name=name, sshkey=sshkey, comment=comment) db.session.add(u) db.session.commit() user_to_edit = db.session.query( user.User).filter_by(name="*****@*****.**") updated_rows = user_to_edit.update({ "name": new_name, "sshkey": new_sshkey, "comment": new_comment }) db.session.commit() u_edit = db.session.query(user.User).filter_by(name=new_name).first() assert_equal(updated_rows, 1) assert_equal(u.id, u_edit.id) assert_equal(u_edit.name, new_name) assert_equal(u_edit.sshkey, new_sshkey) assert_equal(u_edit.comment, new_comment)
def test_add_user_already_in_target(self): """Target adding a user already in target does nothing (but doesn't raise error) """ name = "clever_server" hostname = "127.0.0.1" port = 54 sshoptions = "--zap" comment = "Magnificent target" name = "*****@*****.**" sshkey = "something" comment = "seldom" t = target.Target(name=name, hostname=hostname, port=port, sshoptions=sshoptions, comment=comment) u = user.User(name=name, sshkey=sshkey, comment=comment) db.session.add(t) db.session.commit() t.adduser(u) db.session.commit() t.adduser(u) db.session.commit() t_db = db.session.query(target.Target).filter_by(name=name).first() assert_equal(t_db.members, [u])
def test_remove_user(self): """Target removing a user succeeds""" name = "clever_server" hostname = "127.0.0.1" port = 54 sshoptions = "--zap" comment = "Magnificent target" name = "*****@*****.**" sshkey = "something" comment = "seldom" t = target.Target(name=name, hostname=hostname, port=port, sshoptions=sshoptions, comment=comment) u = user.User(name=name, sshkey=sshkey, comment=comment) db.session.add(t) db.session.commit() t.adduser(u) db.session.commit() t.rmuser(u) db.session.commit() t_db = db.session.query(target.Target).filter_by(name=name).first() assert_equal(t_db.members, [])
def test_delete_non_existing_user(self): """User deletion with a non existing user fails""" name = "*****@*****.**" sshkey = """A great keyblade""" comment = "Nice comment" u = user.User(name=name, sshkey=sshkey, comment=comment) db.session.delete(u) db.session.commit()
def test_remove_user_not_in_target(self): """Target removing a user not in target does nothing (but doesn't raise error) """ name = "clever_server" hostname = "127.0.0.1" port = 54 sshoptions = "--zap" comment = "Magnificent target" name = "*****@*****.**" sshkey = "something" comment = "seldom" name2 = "*****@*****.**" sshkey2 = "queue" comment2 = "yellow" t = target.Target(name=name, hostname=hostname, port=port, sshoptions=sshoptions, comment=comment) u = user.User(name=name, sshkey=sshkey, comment=comment) u2 = user.User(name=name2, sshkey=sshkey2, comment=comment2) db.session.add(t) db.session.commit() t.adduser(u) t.adduser(u2) db.session.commit() t.rmuser(u) db.session.commit() t.rmuser(u) db.session.commit() t_db = db.session.query(target.Target).filter_by(name=name).first() assert_equal(t_db.members, [u2])
def test_edit_existing_name(self): """User edition with a new name already used in database fails """ name = "*****@*****.**" sshkey = "railway" comment = "speedy" name2 = "*****@*****.**" sshkey2 = "coffeshop" comment2 = "slow" u = user.User(name=name, sshkey=sshkey, comment=comment) u2 = user.User(name=name2, sshkey=sshkey2, comment=comment2) db.session.add(u) db.session.commit() db.session.add(u2) db.session.commit() u2 = db.session.query(user.User).filter_by(name=name2) updated_rows = u2.update({"name": name}) db.session.commit()
def test_show(self): """User show in database succeeds""" name = "*****@*****.**" sshkey = "redkey" comment = "unusual comment" u = user.User(name=name, sshkey=sshkey, comment=comment) db.session.add(u) db.session.commit() user_data = user.User.query.filter_by(name=name).first() assert_equal(name, user_data.name) assert_equal(sshkey, user_data.sshkey) assert_equal(comment, user_data.comment)
def test_delete(self): """User deletion in database succeeds""" name = "*****@*****.**" sshkey = """ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAdH3Dwen9fNgBxZ+QrR3wt9TSQt1+kizp9uz6heudbZ9J6+xghvDnTmwhcm7MROLXG9FMHPtDXNviVmwa/Pj/EQp/2390XT8BLy9/yYpfMrbYSSJEcnchd7EA1U1txjc5mQbWTxiXFcM6UifwF1cjJrOda0OZpR+BdoEkpLrkyuTOWgdV5zoVu0pLrSJNdHAFEtPZ0yaTuX3ufk3ScSeIdXyj4qaX/T0mIuXmfP89yy0ipFMiimXvi/D2Q+MMDAjbDQuW1YlX730hgKJTZD+X5RkNHFHpggTLpvvRDffhqxuBvQNNgUk0hPQ6gFgQIgVIgjIiJkM/j0Ayig+k+4hT [email protected]""" comment = "This is a great comment" u = user.User(name=name, sshkey=sshkey, comment=comment) db.session.add(u) db.session.commit() db.session.delete(u) db.session.commit() u_db = db.session.query( user.User).filter_by(name="*****@*****.**").first() assert_is_none(u_db)
def test_list_existing_users(self): """User listing with existing users in database succeeds""" name = "*****@*****.**" sshkey = """ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAdH3Dwen9fNgBxZ+QrR3wt9TSQt1+kizp9uz6heudbZ9J6+xghvDnTmwhcm7MROLXG9FMHPtDXNviVmwa/Pj/EQp/2390XT8BLy9/yYpfMrbYSSJEcnchd7EA1U1txjc5mQbWTxiXFcM6UifwF1cjJrOda0OZpR+BdoEkpLrkyuTOWgdV5zoVu0pLrSJNdHAFEtPZ0yaTuX3ufk3ScSeIdXyj4qaX/T0mIuXmfP89yy0ipFMiimXvi/D2Q+MMDAjbDQuW1YlX730hgKJTZD+X5RkNHFHpggTLpvvRDffhqxuBvQNNgUk0hPQ6gFgQIgVIgjIiJkM/j0Ayig+k+4hT [email protected]""" comment = "This is a great comment" user_list = [] u = user.User(name=name, sshkey=sshkey, comment=comment) db.session.add(u) db.session.commit() query = db.session.query(user.User.name).order_by(user.User.name).all() for row in query: user_list.append(str(row[0])) user_list = "".join(user_list) assert_equal(user_list, "*****@*****.**")
def test_create_existing_name(self): """Target creation in database with an already used name fails """ name = "clever_server" hostname = "127.0.0.1" port = 54 sshoptions = "--zap" comment = "Magnificent target" name = "*****@*****.**" sshkey = "railway" comment_user = "******" user_list = [] usergroupname = "Chevaliers_du_zodiaque" comment_usergroup = "Energie_du_cosmos" usergroup_list = [] u = user.User(name=name, sshkey=sshkey, comment=comment_user) user_list.append(u) ug = usergroup.Usergroup(name=usergroupname, comment=comment_usergroup) usergroup_list.append(ug) t = target.Target(name=name, hostname=hostname, port=port, sshoptions=sshoptions, comment=comment, members=user_list, gmembers=usergroup_list) db.session.add(t) db.session.commit() t = target.Target(name=name, hostname="a great host", port=port, sshoptions=sshoptions, comment=comment, members=user_list, gmembers=usergroup_list) db.session.add(t) db.session.commit()
def test_create(self): """Target creation in database succeeds""" targetname = "clever_server" hostname = "127.0.0.1" port = 54 sshoptions = "--zap" comment = "Magnificent target" output = """Name: clever_server\nHostname: 127.0.0.1\nPort: 54\nSSH options: --zap\nComment: Magnificent target\nAttached users: [email protected]\nUsergroup list: Chevaliers_du_zodiaque\nUsers who can access this target: [email protected]\nAll usergroups: Chevaliers_du_zodiaque\nMember of the following targetgroups: """ username = "******" sshkey = "railway" comment_user = "******" user_list = [] usergroupname = "Chevaliers_du_zodiaque" comment_usergroup = "Energie_du_cosmos" usergroup_list = [] u = user.User(name=username, sshkey=sshkey, comment=comment_user) user_list.append(u) ug = usergroup.Usergroup(name=usergroupname, comment=comment_usergroup) usergroup_list.append(ug) t = target.Target(name=targetname, hostname=hostname, port=port, sshoptions=sshoptions, comment=comment, members=user_list, gmembers=usergroup_list) db.session.add(t) db.session.commit() t_db = db.session.query( target.Target).filter_by(name="clever_server").first() assert_equal(t_db.name, targetname) assert_equal(t_db.hostname, hostname) assert_equal(t_db.port, port) assert_equal(t_db.sshoptions, sshoptions) assert_equal(t_db.comment, comment) assert_equal(repr(t_db), output)
def test_create(self): """User creation in database succeeds""" name = "*****@*****.**" sshkey = """ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAdH3Dwen9fNgBxZ+QrR3wt9TSQt1+kizp9uz6heudbZ9J6+xghvDnTmwhcm7MROLXG9FMHPtDXNviVmwa/Pj/EQp/2390XT8BLy9/yYpfMrbYSSJEcnchd7EA1U1txjc5mQbWTxiXFcM6UifwF1cjJrOda0OZpR+BdoEkpLrkyuTOWgdV5zoVu0pLrSJNdHAFEtPZ0yaTuX3ufk3ScSeIdXyj4qaX/T0mIuXmfP89yy0ipFMiimXvi/D2Q+MMDAjbDQuW1YlX730hgKJTZD+X5RkNHFHpggTLpvvRDffhqxuBvQNNgUk0hPQ6gFgQIgVIgjIiJkM/j0Ayig+k+4hT [email protected]""" comment = "This is a great comment" output = """Email: [email protected]\nSSH key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAdH3Dwen9fNgBxZ+QrR3wt9TSQt1+kizp9uz6heudbZ9J6+xghvDnTmwhcm7MROLXG9FMHPtDXNviVmwa/Pj/EQp/2390XT8BLy9/yYpfMrbYSSJEcnchd7EA1U1txjc5mQbWTxiXFcM6UifwF1cjJrOda0OZpR+BdoEkpLrkyuTOWgdV5zoVu0pLrSJNdHAFEtPZ0yaTuX3ufk3ScSeIdXyj4qaX/T0mIuXmfP89yy0ipFMiimXvi/D2Q+MMDAjbDQuW1YlX730hgKJTZD+X5RkNHFHpggTLpvvRDffhqxuBvQNNgUk0hPQ6gFgQIgVIgjIiJkM/j0Ayig+k+4hT [email protected]\nComment: This is a great comment\nAccessible target list: \n\nDetails in access:\nAccessible directly: \nAccessible through usergroups: \nAccessible through targetgroups: """ u = user.User(name=name, sshkey=sshkey, comment=comment) db.session.add(u) db.session.commit() u_db = db.session.query( user.User).filter_by(name="*****@*****.**").first() assert_equal(u_db.name, name) assert_equal(u_db.sshkey, sshkey) assert_equal(u_db.comment, comment) assert_equal(repr(u_db), output)
def test_search_no_users_match_pattern(self): """User searching with a pattern that no user match with in database returns nothing succeeds """ name = "*****@*****.**" sshkey = "railway" comment = "speedy" res_list = [] u = user.User(name=name, sshkey=sshkey, comment=comment) db.session.add(u) db.session.commit() query = db.session.query(user.User.name).filter( user.User.name.like('%' + "zu" + '%')).order_by( user.User.name).all() for row in query: res_list.append(str(row[0])) res_list = "\n".join(res_list) assert_equal(res_list, "")
def test_edit(self): """Target edition in database succeeds""" targetname = "clever_server" hostname = "127.0.0.1" port = 54 sshoptions = "--zap" comment = "Magnificent target" new_targetname = "cleverer_super_server" new_hostname = "192.135.23.54" new_port = 80 new_sshoptions = "--plop" new_comment = "Marvellous target" username = "******" sshkey = "railway" comment_user = "******" username2 = "*****@*****.**" sshkey2 = "rough tell" comment_user2 = "slow" user_list = [] usergroupname = "Chevaliers_du_zodiaque" comment_usergroup = "Energie_du_cosmos" usergroupname2 = "Chevaliers d'or" comment_usergroup2 = "COSMOOOOS" usergroup_list = [] u = user.User(name=username, sshkey=sshkey, comment=comment_user) user_list.append(u) ug = usergroup.Usergroup(name=usergroupname, comment=comment_usergroup) usergroup_list.append(ug) t = target.Target(name=targetname, hostname=hostname, port=port, sshoptions=sshoptions, comment=comment, members=user_list, gmembers=usergroup_list) db.session.add(t) db.session.commit() u = user.User(name=username2, sshkey=sshkey2, comment=comment_user2) user_list.append(u) ug = usergroup.Usergroup(name=usergroupname2, comment=comment_usergroup2) usergroup_list.append(ug) target_to_edit = db.session.query( target.Target).filter_by(name="clever_server") updated_rows = target_to_edit.update({ "name": new_targetname, "hostname": new_hostname, "port": new_port, "sshoptions": new_sshoptions, "comment": new_comment }) db.session.commit() t_edit = db.session.query( target.Target).filter_by(name=new_targetname).first() assert_equal(updated_rows, 1) assert_equal(t.id, t_edit.id) assert_equal(t_edit.name, new_targetname) assert_equal(t_edit.hostname, new_hostname) assert_equal(t_edit.port, new_port) assert_equal(t_edit.sshoptions, new_sshoptions) assert_equal(t_edit.comment, new_comment)
def user_create(): """Add a user in the database""" # Only POST data are handled if request.method != "POST": return utils.response("ERROR: POST method is required ", 405) # Simplification for the reading name = request.form["name"] sshkey = request.form["sshkey"] comment = request.form["comment"] if request.form.get("logfilesize"): logfilesize = request.form["logfilesize"] # Check for required fields if not name or not sshkey: return utils.response("ERROR: The name and SSH key are required ", 417) # Check unicity for name query = db.session.query(user.User.name)\ .filter_by(name=name).first() if query is not None: return utils.response('ERROR: The name "' + name + \ '" is already used by another user ', 417) # Check unicity for SSH key # First determine the real sshkey string sshkeystring = sshkey.split()[1] # And we look into user sshkeys if the key already exist query = db.session.query(user.User).filter( user.User.sshkey.contains(sshkeystring)).first() if query is not None: return utils.response('ERROR: The SSH key "' + sshkeystring + \ '" is already used by ' + query.name, 417) # Add the SSH key in the file authorized_keys try: with open(config.SSH_KEY_FILE, "a", encoding="utf8") as \ authorized_keys_file: authorized_keys_file.write('command="' + \ config.PYTHON_PATH + \ " " + config.PASSHPORT_PATH + \ " " + name + '" ' + sshkey + "\n") except IOError: return utils.response('ERROR: cannot write in the file ' + \ '"authorized_keys"', 500) # set correct read/write permissions os.chmod(config.SSH_KEY_FILE, stat.S_IRUSR | stat.S_IWUSR) if request.form.get("logfilesize"): u = user.User(name=name, sshkey=sshkey, sshkeyhash=user.User.hash(sshkey), comment=comment, logfilesize=logfilesize) else: u = user.User(name=name, sshkey=sshkey, sshkeyhash=user.User.hash(sshkey), comment=comment) db.session.add(u) # Try to add the user on the database try: db.session.commit() except exc.SQLAlchemyError as e: return utils.response('ERROR: "' + name + '" -> ' + e.message, 409) return utils.response('OK: "' + name + '" -> created', 200)
def user_create(): """Add a user in the database""" # Only POST data are handled if request.method != "POST": return "ERROR: POST method is required ", 405, \ {"content-type": "text/plain; charset=utf-8"} # Simplification for the reading name = request.form["name"] sshkey = request.form["sshkey"] comment = request.form["comment"] # Check for required fields if not name or not sshkey: return "ERROR: The name and SSH key are required ", 417, \ {"content-type": "text/plain; charset=utf-8"} # Check unicity for name query = db.session.query(user.User.name)\ .filter_by(name=name).first() if query is not None: return 'ERROR: The name "' + name + \ '" is already used by another user ', 417, \ {"content-type": "text/plain; charset=utf-8"} # Check unicity for SSH key query = db.session.query(user.User.sshkey)\ .filter_by(sshkey=sshkey).first() if query is not None: return 'ERROR: The SSH key "' + sshkey + \ '" is already used by another user ', 417, \ {"content-type": "text/plain; charset=utf-8"} # Add the SSH key in the file authorized_keys try: with open(config.SSH_KEY_FILE, "a", encoding="utf8") as \ authorized_keys_file: authorized_keys_file.write('command="' + \ config.PYTHON_PATH + \ " " + config.PASSHPORT_PATH + \ " " + name + '" ' + sshkey + "\n") except IOError: return 'ERROR: cannot write in the file "authorized_keys"', 500, \ {"content-type": "text/plain; charset=utf-8"} # set correct read/write permissions os.chmod(config.SSH_KEY_FILE, stat.S_IRUSR | stat.S_IWUSR) u = user.User( name=name, sshkey=sshkey, comment=comment) db.session.add(u) # Try to add the user on the database try: db.session.commit() except exc.SQLAlchemyError as e: return 'ERROR: "' + name + '" -> ' + e.message , 409, \ {"content-type": "text/plain; charset=utf-8"} return 'OK: "' + name + '" -> created', 200, \ {"content-type": "text/plain; charset=utf-8"}