def current_user_setup(user): session["user_id"] = user.id session["last_login"] = user.last_login app.session_limiter.on_login(user) app.logger.info( f"authentication succeeded for user with EDIPI {user.dod_id}") Users.update_last_login(user)
def login_dev(): dod_id = request.args.get("dod_id", None) if dod_id is not None: user = Users.get_by_dod_id(dod_id) else: role = request.args.get("username", "amanda") user_data = _DEV_USERS[role] user = Users.get_or_create_by_dod_id( user_data["dod_id"], **pick( [ "permission_sets", "first_name", "last_name", "email", "service_branch", "phone_number", "citizenship", "designation", "date_latest_training", ], user_data, ), ) current_user_setup(user) return redirect(redirect_after_login_url())
def on_login(self, user): if not self.limit_logins: return session_id = self.session.sid self._delete_session(user.last_session_id) Users.update_last_session_id(user, session_id)
def test_get_all_includes_ccpo_user_changes(): user = UserFactory.create() initial_audit_log = AuditLog.get_all_events() Users.give_ccpo_perms(user) Users.revoke_ccpo_perms(user) assert len(AuditLog.get_all_events()) == len(initial_audit_log) + 2
def get_user(self): try: return Users.get_by_dod_id(self.parsed_sdn["dod_id"]) except NotFoundError: email = self._get_user_email() return Users.create(permission_sets=[], email=email, **self.parsed_sdn)
def get_users(): users = [] for dev_user in DEV_USERS.values(): try: user = Users.create(**dev_user) except AlreadyExistsError: user = Users.get_by_dod_id(dev_user["dod_id"]) users.append(user) return users
def login_redirect(): auth_context = _make_authentication_context() auth_context.authenticate() user = auth_context.get_user() if user.provisional: Users.finalize(user) current_user_setup(user) return redirect(redirect_after_login_url())
def test_creates_user(): # check user does not exist with pytest.raises(NotFoundError): Users.get_by_dod_id(DOD_SDN_INFO["dod_id"]) auth_context = AuthenticationContext(MockCRLCache(), "SUCCESS", DOD_SDN, CERT) user = auth_context.get_user() assert user.dod_id == DOD_SDN_INFO["dod_id"] assert user.email == FIXTURE_EMAIL_ADDRESS
def grant_ccpo_perms(dod_id): try: user = Users.get_by_dod_id(dod_id) if user.permission_sets: print("%s (DoD ID: %s) already CCPO user." % (user.full_name, user.dod_id)) else: Users.give_ccpo_perms(user) print("CCPO permissions successfully granted to %s (DoD ID: %s)." % (user.full_name, user.dod_id)) except NotFoundError: print("User not found.")
def test_logging_audit_event_on_update(mock_logger): user = UserFactory.create() assert "Audit Event create" in mock_logger.messages Users.update(user, {"first_name": "Greedo"}) assert "Audit Event update" in mock_logger.messages assert len(mock_logger.messages) == 2 event_log = mock_logger.extras[1]["audit_event"] assert event_log["resource_type"] == "user" assert event_log["resource_id"] == str(user.id) assert event_log["display_name"] == user.full_name assert event_log["action"] == "update" assert "update" in mock_logger.extras[1]["tags"]
def test_creates_new_user_without_email_on_login(client, ca_key, rsa_key, make_x509, swap_crl_cache): cert = make_x509(rsa_key(), signer_key=ca_key, cn=DOD_SDN) swap_crl_cache() # ensure user does not exist with pytest.raises(NotFoundError): Users.get_by_dod_id(DOD_SDN_INFO["dod_id"]) resp = _login(client, cert=cert.public_bytes(Encoding.PEM).decode()) user = Users.get_by_dod_id(DOD_SDN_INFO["dod_id"]) assert user.first_name == DOD_SDN_INFO["first_name"] assert user.last_name == DOD_SDN_INFO["last_name"] assert user.email == None
def test_remove_access(user_session, client): ccpo = UserFactory.create_ccpo() user = UserFactory.create_ccpo() user_session(ccpo) response = client.post(url_for("ccpo.remove_access", user_id=user.id)) assert user not in Users.get_ccpo_users()
def test_get_or_create_existing_user(): fact_user = UserFactory.create() user = Users.get_or_create_by_dod_id( fact_user.dod_id, **pick(["first_name", "last_name"], fact_user.to_dictionary()), ) assert user == fact_user
def create_demo_portfolio(name, data): try: portfolio_owner = Users.get_or_create_by_dod_id("2345678901") # Amanda # auditor = Users.get_by_dod_id("3453453453") # Sally except NotFoundError: print("Could not find demo users; will not create demo portfolio {}". format(name)) return portfolio = Portfolios.create( user=portfolio_owner, portfolio_attrs={ "name": name, "defense_component": random_service_branch() }, ) add_task_orders_to_portfolio(portfolio) add_members_to_portfolio(portfolio) for mock_application in data["applications"]: application = Application(portfolio=portfolio, name=mock_application.name, description="") env_names = [env.name for env in mock_application.environments] envs = Environments.create_many(portfolio.owner, application, env_names) db.session.add(application) db.session.commit()
def test_creates_new_user_on_login(monkeypatch, client, ca_key): monkeypatch.setattr( "atst.domain.authnid.AuthenticationContext.authenticate", lambda *args: True ) cert_file = open("tests/fixtures/{}.crt".format(FIXTURE_EMAIL_ADDRESS)).read() # ensure user does not exist with pytest.raises(NotFoundError): Users.get_by_dod_id(DOD_SDN_INFO["dod_id"]) resp = _login(client, cert=cert_file) user = Users.get_by_dod_id(DOD_SDN_INFO["dod_id"]) assert user.first_name == DOD_SDN_INFO["first_name"] assert user.last_name == DOD_SDN_INFO["last_name"] assert user.email == FIXTURE_EMAIL_ADDRESS
def update_user(): user = g.current_user form = EditUserForm(http_request.form) next_url = http_request.args.get("next") if form.validate(): Users.update(user, form.data) flash("user_updated") if next_url: return redirect(next_url) return render_template( "user/edit.html", form=form, user=user, next=next_url, mindate=(dt.datetime.now() - dt.timedelta(days=365)), maxdate=dt.datetime.now(), )
def test_get_ccpo_users(): ccpo_1 = UserFactory.create_ccpo() ccpo_2 = UserFactory.create_ccpo() rando = UserFactory.create() ccpo_users = Users.get_ccpo_users() assert ccpo_1 in ccpo_users assert ccpo_2 in ccpo_users assert rando not in ccpo_users
def add_applications_to_portfolio(portfolio): applications = random_applications() for application_data in applications: application = Applications.create( portfolio.owner, portfolio=portfolio, name=application_data["name"], description=application_data["description"], environment_names=application_data["environments"], ) users = random.sample(APPLICATION_USERS, k=random.randint(1, 5)) for user_data in users: try: user = Users.get_by_dod_id(user_data["dod_id"]) except NotFoundError: user = Users.create( user_data["dod_id"], None, first_name=user_data["first_name"], last_name=user_data["last_name"], email=user_data["email"], ) app_role = ApplicationRoles.create( user=user, application=application, permission_set_names=[PermissionSets.EDIT_APPLICATION_TEAM], ) ApplicationInvitations.create(portfolio.owner, app_role, user_data, commit=True) user_environments = random.sample( application.environments, k=random.randint(1, len(application.environments)), ) for env in user_environments: role = random.choice([e.value for e in CSPRole]) EnvironmentRoles.create(application_role=app_role, environment=env, role=role)
def add_members_to_portfolio(portfolio): for user_data in PORTFOLIO_USERS: invite = Portfolios.invite(portfolio, portfolio.owner, {"user_data": user_data}) profile = { k: user_data[k] for k in user_data if k not in ["dod_id", "permission_sets"] } user = Users.get_or_create_by_dod_id(user_data["dod_id"], **profile) PortfolioRoles.enable(invite.role, user) db.session.commit()
def test_user_can_update_profile(user_session, client): user = UserFactory.create() user_session(user) new_data = {**user.to_dictionary(), "first_name": "chad", "last_name": "vader"} new_data["date_latest_training"] = new_data["date_latest_training"].strftime( "%m/%d/%Y" ) client.post(url_for("users.update_user"), data=new_data) updated_user = Users.get_by_dod_id(user.dod_id) assert updated_user.first_name == "chad" assert updated_user.last_name == "vader"
def dev_new_user(): first_name = request.args.get("first_name", None) last_name = request.args.get("last_name", None) dod_id = request.args.get("dod_id", None) if None in [first_name, last_name, dod_id]: raise IncompleteInfoError() try: Users.get_by_dod_id(dod_id) raise AlreadyExistsError("User with dod_id {}".format(dod_id)) except NotFoundError: pass new_user = {"first_name": first_name, "last_name": last_name} created_user = Users.create(dod_id, **new_user) current_user_setup(created_user) return redirect(redirect_after_login_url())
def submit_new_user(): try: new_user = Users.get_by_dod_id(request.form["dod_id"]) form = CCPOUserForm(obj=new_user) except NotFoundError: flash("ccpo_user_not_found") return redirect(url_for("ccpo.users")) return render_template("ccpo/confirm_user.html", new_user=new_user, form=form)
def seed_db(): get_users() amanda = Users.get_by_dod_id("2345678901") # Create Portfolios for Amanda with mocked reporting data create_demo_portfolio("A-Wing", MockReportingProvider.FIXTURE_SPEND_DATA["A-Wing"]) create_demo_portfolio("B-Wing", MockReportingProvider.FIXTURE_SPEND_DATA["B-Wing"]) tie_interceptor = Portfolios.create( user=amanda, portfolio_attrs={ "name": "TIE Interceptor", "defense_component": random_service_branch(), }, ) add_task_orders_to_portfolio(tie_interceptor) add_members_to_portfolio(tie_interceptor) add_applications_to_portfolio(tie_interceptor) tie_fighter = Portfolios.create( user=amanda, portfolio_attrs={ "name": "TIE Fighter", "defense_component": random_service_branch(), }, ) add_task_orders_to_portfolio(tie_fighter) add_members_to_portfolio(tie_fighter) add_applications_to_portfolio(tie_fighter) # create a portfolio for each user ships = SHIP_NAMES.copy() for user in get_users(): ship = random.choice(ships) ships.remove(ship) portfolio = Portfolios.create( user=user, portfolio_attrs={ "name": ship, "defense_component": random_service_branch(), }, ) add_task_orders_to_portfolio(portfolio) add_members_to_portfolio(portfolio) add_applications_to_portfolio(portfolio)
def create_demo_portfolio(name, data): try: portfolio_owner = Users.get_or_create_by_dod_id( "2345678901", **pick( [ "permission_sets", "first_name", "last_name", "email", "service_branch", "phone_number", "citizenship", "designation", "date_latest_training", ], DEV_USERS["amanda"], ), ) # Amanda # auditor = Users.get_by_dod_id("3453453453") # Sally except NotFoundError: print("Could not find demo users; will not create demo portfolio {}". format(name)) return portfolio = Portfolios.create( user=portfolio_owner, portfolio_attrs={ "name": name, "defense_component": random_service_branch() }, ) add_task_orders_to_portfolio(portfolio) add_members_to_portfolio(portfolio) for mock_application in data["applications"]: application = Application(portfolio=portfolio, name=mock_application["name"], description="") env_names = [env["name"] for env in mock_application["environments"]] envs = Environments.create_many(portfolio.owner, application, env_names) db.session.add(application) db.session.commit()
def confirm_new_user(): user = Users.get_by_dod_id(request.form["dod_id"]) Users.give_ccpo_perms(user) flash("ccpo_user_added", user_name=user.full_name) return redirect(url_for("ccpo.users"))
def get_current_user(): user_id = session.get("user_id") if user_id: return Users.get(user_id) else: return False
def test_give_ccpo_perms(): rando = UserFactory.create() Users.give_ccpo_perms(rando) ccpo_users = Users.get_ccpo_users() assert rando in ccpo_users
def test_revoke_ccpo_perms(): ccpo = UserFactory.create_ccpo() Users.revoke_ccpo_perms(ccpo) ccpo_users = Users.get_ccpo_users() assert ccpo not in ccpo_users
def remove_access(user_id): user = Users.get(user_id) Users.revoke_ccpo_perms(user) flash("ccpo_user_removed", user_name=user.full_name) return redirect(url_for("ccpo.users"))
def users(): users = Users.get_ccpo_users() users_info = [(user, CCPOUserForm(obj=user)) for user in users] return render_template("ccpo/users.html", users_info=users_info)