def testRemoveUser(self):
mock_user = Mock()
mock_user.is_admin = True
user.add("foo", email="[email protected]", password="******")
foo = user.User("foo")
foo.remove()
self.assert_("foo" not in [x for x in user.list(mock_user)])
def testListUsersNonAdmin(self):
mock_user = Mock()
mock_user.is_admin = False
mock_user.name = "foo"
user.add("foo", email="[email protected]", password="******")
users = sorted([x for x in user.list(mock_user)])
self.assertEquals(users, ["foo"])
def testAddMember(self):
from submin.models import user
user.add("testUser", email="[email protected]", password="******")
group.add("testGroup")
u = user.User("testUser")
g = group.Group("testGroup")
g.add_member(u)
self.assert_("testUser" in g.members())
def testAddMember(self):
from submin.models import user
user.add("testUser", email="[email protected]", password="******")
group.add("testGroup")
u = user.User("testUser")
g = group.Group("testGroup")
g.add_member(u)
self.assert_("testUser" in g.members())
def testRemoveMember(self):
from submin.models import user
user.add("testUser1", email="[email protected]", password="******")
user.add("testUser2", email="[email protected]", password="******")
group.add("testGroup")
u1 = user.User("testUser1")
u2 = user.User("testUser2")
g = group.Group("testGroup")
g.add_member(u1)
g.add_member(u2)
g.remove_member(u2)
self.assert_("testUser2" not in g.members())
def testRemoveMember(self):
from submin.models import user
user.add("testUser1", email="[email protected]", password="******")
user.add("testUser2", email="[email protected]", password="******")
group.add("testGroup")
u1 = user.User("testUser1")
u2 = user.User("testUser2")
g = group.Group("testGroup")
g.add_member(u1)
g.add_member(u2)
g.remove_member(u2)
self.assert_("testUser2" not in g.members())
def external_sync():
"""Synchronizes external users"""
from submin.models import user
errormsgs = []
if options.value('enabled_external', 'no') == 'no':
errormsgs.append('external is not enabled')
return {'errormsgs': errormsgs, 'success': False}
group = LDAPGroup(options.value('external_passwd'),
options.value('external_user'))
if not group:
errormsgs.append('cannot connect to LDAP server')
return {'errormsgs': errormsgs, 'success': False}
group_members = group.members
if not group_members:
errormsgs.append('cannot find LDAP group or its members')
return {'errormsgs': errormsgs, 'success': False}
user_list = user.list(user.FakeAdminUser())
for username in group_members:
email = group_members[username]['email']
fullname = group_members[username]['fullname']
if not validate_username(username):
errormsgs.append(InvalidUsername(username))
continue
if not validate_email(email):
errormsgs.append(InvalidEmail(email))
continue
if not validate_fullname(fullname):
errormsgs.append(InvalidFullname(fullname))
fullname = username
if username not in user_list: # A new user
user.add(username=username, email=email, send_mail=False)
user.User(username).fullname = fullname
else:
u = user.User(username) # Update fullname and email if necessary
if (u.email, u.fullname) != (email, fullname):
u.email = email
u.fullname = fullname
return {'errormsgs': errormsgs, 'success': True}
def setUp(self):
self.submin_env = Path(tempfile.mkdtemp(prefix="submin-unittest"))
conf_dir = self.submin_env + "conf"
svn_dir = self.submin_env + "svn"
os.mkdir(conf_dir)
os.mkdir(svn_dir)
mock_settings.base_dir = self.submin_env
storage.open(mock_settings)
storage.database_evolve()
options.set_value("svn_authz_file", conf_dir + "authz") # needed for export
options.set_value("svn_dir", svn_dir) # needed for export
options.set_value("git_dir", self.submin_env + "git")
options.set_value("vcs_plugins", "svn, git")
self.tmp_dirs = []
user.add("test", email="[email protected]", password="******")
self.u = user.User("test")
def write_users(self, config):
from submin.models import user
# get filename
htpasswd_file = config.get('svn', 'access_file')
userprop_file = config.get('svn', 'userprop_file')
# read files
htpasswd = open(htpasswd_file).readlines()
userprop = self.read_ini(userprop_file)
from submin.models.user import FakeAdminUser
# fake an admin user
fake_admin = FakeAdminUser()
# add users
for line in htpasswd:
(username, md5_password) = line.strip('\n').split(':')
try:
# This is a hack. We need to supply an email-address and
# if we don't supply a password, user.add() will try to send
# an email. Both email and password will be set later.
u = user.add(username,
email="[email protected]",
password=md5_password,
origin='submin2-admin')
except UserExistsError:
u = user.User(username)
u.set_md5_password(md5_password)
if userprop.has_section(username):
if userprop.has_option(username, 'email'):
u.email = userprop.get(username, 'email')
if userprop.has_option(username, 'notifications_allowed'):
allowed = userprop.get(username, 'notifications_allowed')
allowed = [x.strip() for x in allowed.split(',')]
enabled = []
if userprop.has_option(username, 'notifications_enabled'):
enabled = userprop.get(username,
'notifications_enabled')
enabled = [x.strip() for x in enabled.split(',')]
repositories = []
for repos in allowed:
repos_enabled = False
if repos in enabled:
repos_enabled = True
repositories.append({
'name': repos,
'vcs': 'svn', # since Submin 1.2 only support svn
'enabled': repos_enabled
})
u.set_notifications(repositories, fake_admin)
def write_users(self, config):
from submin.models import user
# get filename
htpasswd_file = config.get('svn', 'access_file')
userprop_file = config.get('svn', 'userprop_file')
# read files
htpasswd = file(htpasswd_file).readlines()
userprop = self.read_ini(userprop_file)
from submin.models.user import FakeAdminUser
# fake an admin user
fake_admin = FakeAdminUser()
# add users
for line in htpasswd:
(username, md5_password) = line.strip('\n').split(':')
try:
# This is a hack. We need to supply an email-address and
# if we don't supply a password, user.add() will try to send
# an email. Both email and password will be set later.
u = user.add(username, email="[email protected]", password=md5_password, origin='submin2-admin')
except UserExistsError:
u = user.User(username)
u.set_md5_password(md5_password)
if userprop.has_section(username):
if userprop.has_option(username, 'email'):
u.email = userprop.get(username, 'email')
if userprop.has_option(username, 'notifications_allowed'):
allowed = userprop.get(username, 'notifications_allowed')
allowed = [x.strip() for x in allowed.split(',')]
enabled = []
if userprop.has_option(username, 'notifications_enabled'):
enabled = userprop.get(username, 'notifications_enabled')
enabled = [x.strip() for x in enabled.split(',')]
repositories = {}
for repos in allowed:
repos_enabled = False
if repos in enabled:
repos_enabled = True
repositories[repos] = {'allowed': True, 'enabled': repos_enabled}
# add notifications
for repos, details in repositories.iteritems():
allowed = False
enabled = False
if details['allowed']:
allowed = True
if details['enabled']:
enabled = True
u.set_notification(repos, allowed, enabled, fake_admin)
def add(self, req, path, localvars):
import re
base_url = options.url_path('base_url_submin')
username = ''
email = ''
fullname = ''
if not req.post or not req.post['username'] \
or not req.post['email'] \
or not req.post['fullname']:
return self.showAddForm(req, username, email, fullname)
username = req.post.get('username').strip()
email = req.post.get('email').strip()
fullname = req.post.get('fullname').strip()
send_mail = 'send_password' in req.post
# check these before we add the user, the rest is checked when adding
try:
validators.validate_email(email)
validators.validate_fullname(fullname)
except validators.InvalidEmail:
return self.showAddForm(req, username, email, fullname,
'Email is not valid')
except validators.InvalidFullname:
return self.showAddForm(req, username, email, fullname,
'Invalid characters in full name')
if username == '':
return self.showAddForm(req, username, email, fullname,
'Username not supplied')
if email == '':
return self.showAddForm(req, username, email, fullname,
'Email must be supplied')
try:
u = user.add(username,
email,
send_mail=send_mail,
origin=req.remote_address)
u.fullname = fullname
except IOError:
return ErrorResponse('File permission denied', request=req)
except UserExistsError:
return self.showAddForm(req, username, email, fullname,
'User %s already exists' % username)
except validators.InvalidUsername:
return self.showAddForm(req, username, email, fullname,
'Invalid characters in username')
url = base_url + '/users/show/' + username
return Redirect(url, req)
def add(self, req, path, localvars):
import re
base_url = options.url_path('base_url_submin')
username = ''
email = ''
fullname = ''
if not req.post or not req.post['username'] \
or not req.post['email'] \
or not req.post['fullname']:
return self.showAddForm(req, username, email, fullname)
username = req.post.get('username').strip()
email = req.post.get('email').strip()
fullname = req.post.get('fullname').strip()
send_mail = 'send_password' in req.post
# check these before we add the user, the rest is checked when adding
try:
validators.validate_email(email)
validators.validate_fullname(fullname)
except validators.InvalidEmail:
return self.showAddForm(req, username, email, fullname,
'Email is not valid')
except validators.InvalidFullname:
return self.showAddForm(req, username, email, fullname,
'Invalid characters in full name')
if username == '':
return self.showAddForm(req, username, email, fullname,
'Username not supplied')
if email == '':
return self.showAddForm(req, username, email, fullname,
'Email must be supplied')
try:
u = user.add(username, email, send_mail=send_mail, origin=req.remote_address)
u.fullname = fullname
except IOError:
return ErrorResponse('File permission denied', request=req)
except UserExistsError:
return self.showAddForm(req, username, email, fullname,
'User %s already exists' % username)
except validators.InvalidUsername:
return self.showAddForm(req, username, email, fullname,
'Invalid characters in username')
url = base_url + '/users/show/' + username
return Redirect(url, req)
def testListRepositoriesAll(self):
"""Test listRepositories, which checks for valid permissions of repositories"""
self._createRepos([x['name'] for x in self.repositories])
mock_admin = Mock()
mock_admin.is_admin = True
u = user.add('bar', '[email protected]', send_mail=False)
g = group.add('baz') # no members in this group
g = group.add('quux')
g.add_member(u)
permissions.add('foo', 'svn', '/', 'bar', 'user', 'r')
permissions.add('subdirs', 'svn', '/trunk', 'quux', 'group', 'rw')
# 'bar' is not part of group 'baz', so 'example' should not be listed
permissions.add('example', 'svn', '/', 'baz', 'group', 'r')
result = repository.Repository.list(u)
copy = self.repositories[:]
copy = sorted([d for d in self.repositories if d.get('name') == 'foo' or d.get('name') == 'subdirs'])
self.assertEquals(result, copy)
def testListRepositoriesAll(self):
"""Test listRepositories, which checks for valid permissions of repositories"""
self._createRepos([x['name'] for x in self.repositories])
mock_admin = Mock()
mock_admin.is_admin = True
u = user.add('bar', '[email protected]', send_mail=False)
g = group.add('baz') # no members in this group
g = group.add('quux')
g.add_member(u)
permissions.add('foo', 'svn', '/', 'bar', 'user', 'r')
permissions.add('subdirs', 'svn', '/trunk', 'quux', 'group', 'rw')
# 'bar' is not part of group 'baz', so 'example' should not be listed
permissions.add('example', 'svn', '/', 'baz', 'group', 'r')
result = repository.Repository.list(u)
copy = self.repositories[:]
copy = sorted([
d for d in self.repositories
if d.get('name') == 'foo' or d.get('name') == 'subdirs'
])
self.assertEquals(result, copy)
def create_env(self):
"""This is called when all info is gathered"""
for key, value in self.defaults.iteritems():
if key not in self.init_vars:
self.init_vars[key] = value
try:
self.create_dir(self.env)
self.create_dir(self.init_vars['svn_dir'])
self.create_dir(self.init_vars['git_dir'])
self.create_dir(self.init_vars['conf_dir'])
self.create_dir(self.init_vars['trac_dir'])
self.create_dir(self.init_vars['hooks_dir'])
self.create_dir(Path('auth'))
except OSError:
return # already printed error message
self.sa.execute(['config', 'defaults'])
# check http_base
p = self.init_vars['http_base']
if str(p) == "":
self.init_vars['http_base'] = Path("/")
# write changes to config
from submin.models import options
default_options = {
'base_url_submin': self._get_url('submin_url'),
'base_url_svn': self._get_url('svn_url'),
'base_url_trac': self._get_url('trac_url'),
'http_vhost': self.init_vars['http_vhost'],
'auth_type': 'sql',
'svn_dir': str(self.init_vars['svn_dir']),
'git_dir': str(self.init_vars['git_dir']),
'trac_dir': str(self.init_vars['trac_dir']),
'svn_authz_file': str(self.init_vars['authz']),
'smtp_from': self.init_vars['smtp_from'],
'commit_email_from': self.init_vars['commit_email_from'],
}
for (key, value) in default_options.iteritems():
options.set_value(key, value)
# add a user
from submin.models import user
if self.init_vars['create_user'] == "yes":
# add an admin user
u = user.add('admin', self.email, send_mail=False)
u.is_admin = True
try:
u.prepare_password_reset('submin2-admin')
except SendEmailError as e:
print 'WARNING: Could not send an e-mail, please install a mail server'
print 'WARNING: You can request a password reset for "admin" on the login page'
self.sa.execute(['upgrade', 'hooks', 'no-fix-unixperms'])
self.sa.execute(['unixperms', 'fix'])
if 'apache' in self.init_vars['enable_features']:
self.sa.execute(['apacheconf', 'create', 'all'])
if 'nginx' in self.init_vars['enable_features']:
self.sa.execute(['nginxconf', 'create', 'all'])
if 'trac' in self.init_vars['enable_features']:
self.sa.execute(['trac', 'init'])
def create_env(self):
"""This is called when all info is gathered"""
for key, value in self.defaults.items():
if key not in self.init_vars:
self.init_vars[key] = value
try:
self.create_dir(self.env)
self.create_dir(self.init_vars['svn_dir'])
self.create_dir(self.init_vars['git_dir'])
self.create_dir(self.init_vars['conf_dir'])
self.create_dir(self.init_vars['trac_dir'])
self.create_dir(self.init_vars['hooks_dir'])
self.create_dir(Path('auth'))
except OSError:
return # already printed error message
self.sa.execute(['config', 'defaults'])
# check http_base
p = self.init_vars['http_base']
if str(p) == "":
self.init_vars['http_base'] = Path("/")
# write changes to config
from submin.models import options
default_options = {
'base_url_submin': self._get_url('submin_url'),
'base_url_svn': self._get_url('svn_url'),
'base_url_trac': self._get_url('trac_url'),
'http_vhost': self.init_vars['http_vhost'],
'auth_type': 'sql',
'svn_dir': str(self.init_vars['svn_dir']),
'git_dir': str(self.init_vars['git_dir']),
'trac_dir': str(self.init_vars['trac_dir']),
'svn_authz_file': str(self.init_vars['authz']),
'smtp_from': self.init_vars['smtp_from'],
'commit_email_from': self.init_vars['commit_email_from'],
}
for (key, value) in default_options.items():
options.set_value(key, value)
# add a user
from submin.models import user
if self.init_vars['create_user'] == "yes":
# add an admin user
u = user.add('admin', self.email, send_mail=False)
u.is_admin = True
try:
u.prepare_password_reset('submin2-admin')
except SendEmailError as e:
print(
'WARNING: Could not send an e-mail, please install a mail server'
)
print(
'WARNING: You can request a password reset for "admin" on the login page'
)
self.sa.execute(['upgrade', 'hooks', 'no-fix-unixperms'])
self.sa.execute(['unixperms', 'fix'])
if 'apache' in self.init_vars['enable_features']:
self.sa.execute(['apacheconf', 'create', 'all'])
if 'nginx' in self.init_vars['enable_features']:
self.sa.execute(['nginxconf', 'create', 'all'])
if 'trac' in self.init_vars['enable_features']:
self.sa.execute(['trac', 'init'])
def testListUsersAdmin(self):
mock_user = Mock()
mock_user.is_admin = True
user.add("foo", email="[email protected]", password="******")
users = sorted([x for x in user.list(mock_user)])
self.assertEquals(users, ["foo", "test"])