def test_EditUserForm_fails_validation_if_email_taken(self):
another_email = '*****@*****.**' % factory.getRandomString()
factory.make_user(email=another_email)
email = '*****@*****.**' % factory.getRandomString()
user = factory.make_user(email=email)
form = EditUserForm(instance=user, data={'email': another_email})
self.assertFormFailsValidationBecauseEmailNotUnique(form)
def test_get_real_users(self):
get_legacy_user() # Ensure at least the legacy user exists.
users = [
factory.make_user(),
factory.make_user(),
]
self.assertSetEqual(set(users), set(get_real_users()))
def test_login_contains_input_tags_if_user(self):
factory.make_user()
response = self.client.get('/accounts/login/')
doc = fromstring(response.content)
self.assertFalse(response.context['no_users'])
self.assertEqual(1, len(doc.cssselect('input#id_username')))
self.assertEqual(1, len(doc.cssselect('input#id_password')))
def test_get_available_node_combines_constraint_with_availability(self):
user = factory.make_user()
node = self.make_node(factory.make_user())
self.assertEqual(
None,
Node.objects.get_available_node_for_acquisition(
user, {'hostname': node.system_id}))
def test_get_nodes_doesnt_return_other_owned_nodes(self):
user1 = factory.make_user()
user2 = factory.make_user()
node1 = factory.make_node(owner=user1)
tag = factory.make_tag()
node1.tags.add(tag)
self.assertItemsEqual([], Tag.objects.get_nodes(tag.name, user2))
def test_get_available_node_for_acquisition_ignores_invisible_nodes(self):
user = factory.make_user()
node = self.make_node()
node.owner = factory.make_user()
node.save()
self.assertEqual(
None, Node.objects.get_available_node_for_acquisition(user))
def test_login_contains_input_tags_if_user(self):
factory.make_user()
response = self.client.get('/accounts/login/')
doc = fromstring(response.content)
self.assertFalse(response.context['no_users'])
self.assertEqual(1, len(doc.cssselect('input#id_username')))
self.assertEqual(1, len(doc.cssselect('input#id_password')))
def test_get_available_node_ignores_invisible_nodes(self):
user = factory.make_user()
node = self.make_node()
node.owner = factory.make_user()
node.save()
self.assertEqual(
[], list(Node.objects.get_available_nodes_for_acquisition(user)))
def test_migrate_all_files_to_new_legacy_user_when_multiple_users(self):
stored = factory.make_file_storage(owner=None)
user1 = factory.make_user()
user2 = factory.make_user()
migrate()
stored = reload_object(stored)
self.assertNotIn(stored.owner, {user1, user2, None})
def test_sshkey_same_key_can_be_used_by_different_users(self):
key_string = get_data('data/test_rsa0.pub')
user = factory.make_user()
key = SSHKey(key=key_string, user=user)
key.save()
user2 = factory.make_user()
key2 = SSHKey(key=key_string, user=user2)
key2.full_clean()
def test_logout(self):
name = factory.getRandomString()
password = factory.getRandomString()
factory.make_user(name, password)
self.client.login(username=name, password=password)
self.client.post(reverse('logout'))
self.assertNotIn('_auth_user_id', self.client.session)
def test_copy(self):
user1 = factory.make_user()
key1 = factory.make_sshkey(user1)
user2 = factory.make_user()
copy_ssh_keys(user1, user2)
user2s_ssh_keys = SSHKey.objects.filter(user=user2)
self.assertSetEqual(
{key1.key}, {ssh_key.key for ssh_key in user2s_ssh_keys})
def test_get_owned_nodes_owners(self):
user1 = factory.make_user()
user2 = factory.make_user()
factory.make_user()
factory.make_node(owner=user1)
factory.make_node(owner=user2)
factory.make_node(owner=None)
self.assertSetEqual({user1, user2}, set(get_owned_nodes_owners()))
def test_get_visible_node_or_404_raises_PermissionDenied(self):
"""get_node_or_404 raises PermissionDenied if the provided
user has not the right permission on the returned node."""
user_node = self.make_node(factory.make_user())
self.assertRaises(
PermissionDenied,
Node.objects.get_node_or_404,
user_node.system_id, factory.make_user(), NODE_PERMISSION.VIEW)
def test_is_permitted_disallows_if_user_lacks_permission(self):
class MyAction(FakeNodeAction):
permission = NODE_PERMISSION.EDIT
node = factory.make_node(
status=NODE_STATUS.ALLOCATED, owner=factory.make_user())
self.assertFalse(MyAction(node, factory.make_user()).is_permitted())
def test_give(self):
user1 = factory.make_user()
user2 = factory.make_user()
profile = user1.get_profile()
consumer, token = profile.create_authorisation_token()
give_api_credentials_to_user(user1, user2)
self.assertEqual(user2, reload_object(consumer).user)
self.assertEqual(user2, reload_object(token).user)
def test_logout(self):
name = factory.getRandomString()
password = factory.getRandomString()
factory.make_user(name, password)
self.client.login(username=name, password=password)
self.client.post(reverse('logout'))
self.assertNotIn('_auth_user_id', self.client.session)
def test_sshkey_same_key_can_be_used_by_different_users(self):
key_string = get_data('data/test_rsa0.pub')
user = factory.make_user()
key = SSHKey(key=key_string, user=user)
key.save()
user2 = factory.make_user()
key2 = SSHKey(key=key_string, user=user2)
key2.full_clean()
def test_get_nodes_with_edit_perm_for_user_lists_owned_nodes(self):
user = factory.make_user()
visible_node = self.make_node(user)
self.make_node(None)
self.make_node(factory.make_user())
self.assertItemsEqual(
[visible_node],
Node.objects.get_nodes(user, NODE_PERMISSION.EDIT))
def test_get_nodes_with_edit_perm_for_user_lists_owned_nodes(self):
user = factory.make_user()
visible_node = self.make_node(user)
self.make_node(None)
self.make_node(factory.make_user())
self.assertItemsEqual(
[visible_node],
Node.objects.get_nodes(user, NODE_PERMISSION.EDIT))
def test_migrate_all_nodes_to_new_legacy_user_when_multiple_users(self):
factory.make_file_storage(owner=None)
user1 = factory.make_user()
node1 = factory.make_node(owner=user1)
user2 = factory.make_user()
node2 = factory.make_node(owner=user2)
migrate()
self.assertNotIn(reload_object(node1).owner, {user1, user2, None})
self.assertNotIn(reload_object(node2).owner, {user1, user2, None})
def test_get_fetches_the_most_recent_file(self):
filename = factory.make_name('file')
factory.make_file_storage(filename=filename, owner=factory.make_user())
storage = factory.make_file_storage(
filename=filename, owner=factory.make_user())
response = self.make_API_GET_request("get", filename)
self.assertEqual(httplib.OK, response.status_code)
self.assertEqual(storage.content, response.content)
def test_start_nodes_does_not_store_user_data_for_uneditable_nodes(self):
node = factory.make_node(owner=factory.make_user())
original_user_data = self.make_user_data()
NodeUserData.objects.set_user_data(node, original_user_data)
Node.objects.start_nodes(
[node.system_id], factory.make_user(),
user_data=self.make_user_data())
self.assertEqual(
original_user_data, NodeUserData.objects.get_user_data(node))
def test_start_nodes_does_not_store_user_data_for_uneditable_nodes(self):
node = factory.make_node(owner=factory.make_user())
original_user_data = self.make_user_data()
NodeUserData.objects.set_user_data(node, original_user_data)
Node.objects.start_nodes(
[node.system_id], factory.make_user(),
user_data=self.make_user_data())
self.assertEqual(
original_user_data, NodeUserData.objects.get_user_data(node))
def test_copy_is_idempotent(self):
# When the destination user already has a key, copy_ssh_keys() is a
# noop for that key.
user1 = factory.make_user()
key1 = factory.make_sshkey(user1)
user2 = factory.make_user()
key2 = factory.make_sshkey(user2, key1.key)
copy_ssh_keys(user1, user2)
user2s_ssh_keys = SSHKey.objects.filter(user=user2)
self.assertSetEqual(
{key2.key}, {ssh_key.key for ssh_key in user2s_ssh_keys})
def test_migrate_all_nodes_to_bootstrap_owner_when_multiple_users(self):
user1 = factory.make_user()
node1 = factory.make_node(owner=user1)
user2 = factory.make_user()
node2 = factory.make_node(owner=user2)
make_provider_state_file(node1)
migrate()
self.assertEqual(
(user1, user1),
(reload_object(node1).owner,
reload_object(node2).owner))
def test_get_nodes_returns_everything_for_superuser(self):
user1 = factory.make_user()
user2 = factory.make_user()
user2.is_superuser = True
node1 = factory.make_node(owner=user1)
node2 = factory.make_node()
tag = factory.make_tag()
node1.tags.add(tag)
node2.tags.add(tag)
self.assertItemsEqual([node1, node2],
Tag.objects.get_nodes(tag.name, user2))
def test_get_nodes_for_user_lists_visible_nodes(self):
"""get_nodes with perm=NODE_PERMISSION.VIEW lists the nodes a user
has access to.
When run for a regular user it returns unowned nodes, and nodes
owned by that user.
"""
user = factory.make_user()
visible_nodes = [self.make_node(owner) for owner in [None, user]]
self.make_node(factory.make_user())
self.assertItemsEqual(
visible_nodes, Node.objects.get_nodes(user, NODE_PERMISSION.VIEW))
def test_copy_does_not_clobber(self):
# When the destination user already has some keys, copy_ssh_keys()
# adds to them; it does not remove them.
user1 = factory.make_user()
key1 = factory.make_sshkey(user1, get_ssh_key_string(1))
user2 = factory.make_user()
key2 = factory.make_sshkey(user2, get_ssh_key_string(2))
copy_ssh_keys(user1, user2)
user2s_ssh_keys = SSHKey.objects.filter(user=user2)
self.assertSetEqual(
{key1.key, key2.key},
{ssh_key.key for ssh_key in user2s_ssh_keys})
def test_get_nodes_for_user_lists_visible_nodes(self):
"""get_nodes with perm=NODE_PERMISSION.VIEW lists the nodes a user
has access to.
When run for a regular user it returns unowned nodes, and nodes
owned by that user.
"""
user = factory.make_user()
visible_nodes = [self.make_node(owner) for owner in [None, user]]
self.make_node(factory.make_user())
self.assertItemsEqual(
visible_nodes, Node.objects.get_nodes(user, NODE_PERMISSION.VIEW))
def test_NewUserCreationForm_fails_validation_if_email_taken(self):
email = '*****@*****.**' % factory.getRandomString()
username = factory.getRandomString()
password = factory.getRandomString()
factory.make_user(email=email)
form = NewUserCreationForm(
{
'email': email,
'username': username,
'password1': password,
'password2': password,
})
self.assertFormFailsValidationBecauseEmailNotUnique(form)
def test_acquire(self):
node = factory.make_node(status=NODE_STATUS.READY)
user = factory.make_user()
token = create_auth_token(user)
node.acquire(user, token)
self.assertEqual(user, node.owner)
self.assertEqual(NODE_STATUS.ALLOCATED, node.status)
def test_start_nodes_with_user_data_overwrites_existing_data(self):
node = factory.make_node(owner=factory.make_user())
NodeUserData.objects.set_user_data(node, self.make_user_data())
user_data = self.make_user_data()
Node.objects.start_nodes(
[node.system_id], node.owner, user_data=user_data)
self.assertEqual(user_data, NodeUserData.objects.get_user_data(node))
def test_create_authorisation_token(self):
# UserProfile.create_authorisation_token calls create_auth_token.
user = factory.make_user()
profile = user.get_profile()
consumer, token = profile.create_authorisation_token()
self.assertEqual(user, token.user)
self.assertEqual(user, consumer.user)
def test_GET_returns_owner_name_when_allocated_to_other_user(self):
node = factory.make_node(
status=NODE_STATUS.ALLOCATED, owner=factory.make_user())
response = self.client.get(self.get_node_uri(node))
self.assertEqual(httplib.OK, response.status_code)
parsed_result = json.loads(response.content)
self.assertEqual(node.owner.username, parsed_result["owner"])
def test_get_nodes_with_admin_perm_returns_all_nodes_for_admin(self):
user = factory.make_user()
nodes = [self.make_node(user) for counter in range(5)]
self.assertItemsEqual(
nodes,
Node.objects.get_nodes(
factory.make_admin(), NODE_PERMISSION.ADMIN))
def test_start_nodes_with_user_data_overwrites_existing_data(self):
node = factory.make_node(owner=factory.make_user())
NodeUserData.objects.set_user_data(node, self.make_user_data())
user_data = self.make_user_data()
Node.objects.start_nodes(
[node.system_id], node.owner, user_data=user_data)
self.assertEqual(user_data, NodeUserData.objects.get_user_data(node))
def test_accept_enlistment_rejects_bad_state_change(self):
# If a node is neither Declared nor in one of the "accepted"
# states where acceptance is a safe no-op, accept_enlistment
# raises a node state violation and leaves the node's state
# unchanged.
all_states = map_enum(NODE_STATUS).values()
acceptable_states = [
NODE_STATUS.DECLARED,
NODE_STATUS.COMMISSIONING,
NODE_STATUS.READY,
]
unacceptable_states = set(all_states) - set(acceptable_states)
nodes = {
status: factory.make_node(status=status)
for status in unacceptable_states}
exceptions = {status: False for status in unacceptable_states}
for status, node in nodes.items():
try:
node.accept_enlistment(factory.make_user())
except NodeStateViolation:
exceptions[status] = True
self.assertEqual(
{status: True for status in unacceptable_states}, exceptions)
self.assertEqual(
{status: status for status in unacceptable_states},
{status: node.status for status, node in nodes.items()})
def test_get_available_nodes_finds_available_nodes(self):
user = factory.make_user()
node1 = self.make_node(None)
node2 = self.make_node(None)
self.assertItemsEqual(
[node1, node2],
Node.objects.get_available_nodes_for_acquisition(user))
def test_stop_nodes_task_routed_to_nodegroup_worker(self):
user = factory.make_user()
node, mac = self.make_node_with_mac(user, power_type=POWER_TYPE.VIRSH)
task = self.patch(node_module, 'power_off')
Node.objects.stop_nodes([node.system_id], user)
args, kwargs = task.apply_async.call_args
self.assertEqual(node.work_queue, kwargs['queue'])
def test_GET_list_allocated_returns_only_allocated_with_user_token(self):
# If the user's allocated nodes have different session tokens,
# list_allocated should only return the nodes that have the
# current request's token on them.
node_1 = factory.make_node(
status=NODE_STATUS.ALLOCATED, owner=self.logged_in_user,
token=get_auth_tokens(self.logged_in_user)[0])
second_token = create_auth_token(self.logged_in_user)
factory.make_node(
owner=self.logged_in_user, status=NODE_STATUS.ALLOCATED,
token=second_token)
user_2 = factory.make_user()
create_auth_token(user_2)
factory.make_node(
owner=self.logged_in_user, status=NODE_STATUS.ALLOCATED,
token=second_token)
# At this point we have two nodes owned by the same user but
# allocated with different tokens, and a third node allocated to
# someone else entirely. We expect list_allocated to
# return the node with the same token as the one used in
# self.client, which is the one we set on node_1 above.
response = self.client.get(reverse('nodes_handler'), {
'op': 'list_allocated'})
self.assertEqual(httplib.OK, response.status_code)
parsed_result = json.loads(response.content)
self.assertItemsEqual(
[node_1.system_id], extract_system_ids(parsed_result))
def test_create_authorisation_token(self):
# UserProfile.create_authorisation_token calls create_auth_token.
user = factory.make_user()
profile = user.get_profile()
consumer, token = profile.create_authorisation_token()
self.assertEqual(user, token.user)
self.assertEqual(user, consumer.user)
def test_accept_enlistment_rejects_bad_state_change(self):
# If a node is neither Declared nor in one of the "accepted"
# states where acceptance is a safe no-op, accept_enlistment
# raises a node state violation and leaves the node's state
# unchanged.
all_states = map_enum(NODE_STATUS).values()
acceptable_states = [
NODE_STATUS.DECLARED,
NODE_STATUS.COMMISSIONING,
NODE_STATUS.READY,
]
unacceptable_states = set(all_states) - set(acceptable_states)
nodes = {
status: factory.make_node(status=status)
for status in unacceptable_states}
exceptions = {status: False for status in unacceptable_states}
for status, node in nodes.items():
try:
node.accept_enlistment(factory.make_user())
except NodeStateViolation:
exceptions[status] = True
self.assertEqual(
{status: True for status in unacceptable_states}, exceptions)
self.assertEqual(
{status: status for status in unacceptable_states},
{status: node.status for status, node in nodes.items()})
def test_other_user_than_node_cannot_signal_commissioning_result(self):
node = factory.make_node(status=NODE_STATUS.COMMISSIONING)
client = OAuthAuthenticatedClient(factory.make_user())
response = self.call_signal(client)
self.assertEqual(httplib.FORBIDDEN, response.status_code)
self.assertEqual(
NODE_STATUS.COMMISSIONING, reload_object(node).status)
def test_user_has_no_admin_permission_on_node(self):
# NODE_PERMISSION.ADMIN permission on nodes is granted to super users
# only.
backend = MAASAuthorizationBackend()
user = factory.make_user()
self.assertFalse(
backend.has_perm(user, NODE_PERMISSION.ADMIN, factory.make_node()))
def test_GET_list_allocated_returns_only_allocated_with_user_token(self):
# If the user's allocated nodes have different session tokens,
# list_allocated should only return the nodes that have the
# current request's token on them.
node_1 = factory.make_node(status=NODE_STATUS.ALLOCATED,
owner=self.logged_in_user,
token=get_auth_tokens(
self.logged_in_user)[0])
second_token = create_auth_token(self.logged_in_user)
factory.make_node(owner=self.logged_in_user,
status=NODE_STATUS.ALLOCATED,
token=second_token)
user_2 = factory.make_user()
create_auth_token(user_2)
factory.make_node(owner=self.logged_in_user,
status=NODE_STATUS.ALLOCATED,
token=second_token)
# At this point we have two nodes owned by the same user but
# allocated with different tokens, and a third node allocated to
# someone else entirely. We expect list_allocated to
# return the node with the same token as the one used in
# self.client, which is the one we set on node_1 above.
response = self.client.get(reverse('nodes_handler'),
{'op': 'list_allocated'})
self.assertEqual(httplib.OK, response.status_code)
parsed_result = json.loads(response.content)
self.assertItemsEqual([node_1.system_id],
extract_system_ids(parsed_result))
def test_get_nodes_with_admin_perm_returns_all_nodes_for_admin(self):
user = factory.make_user()
nodes = [self.make_node(user) for counter in range(5)]
self.assertItemsEqual(
nodes,
Node.objects.get_nodes(
factory.make_admin(), NODE_PERMISSION.ADMIN))
def test_POST_release_rejects_request_from_unauthorized_user(self):
node = factory.make_node(
status=NODE_STATUS.ALLOCATED, owner=factory.make_user())
response = self.client.post(
self.get_node_uri(node), {'op': 'release'})
self.assertEqual(httplib.FORBIDDEN, response.status_code)
self.assertEqual(NODE_STATUS.ALLOCATED, reload_object(node).status)
def test_apikey_rejects_deletion_of_bad_key(self):
user = factory.make_user()
error_text = assertCommandErrors(self,
'apikey',
username=user.username,
delete="foo")
self.assertIn("Malformed credentials string", error_text)
def test_delete_filters_by_owner(self):
storage = factory.make_file_storage(owner=factory.make_user())
response = self.client.delete(
reverse('file_handler', args=[storage.filename]))
self.assertEqual(httplib.NOT_FOUND, response.status_code)
files = FileStorage.objects.filter(filename=storage.filename)
self.assertEqual([storage], list(files))
def test_stop_nodes_task_routed_to_nodegroup_worker(self):
user = factory.make_user()
node, mac = self.make_node_with_mac(user, power_type=POWER_TYPE.VIRSH)
task = self.patch(node_module, 'power_off')
Node.objects.stop_nodes([node.system_id], user)
args, kwargs = task.apply_async.call_args
self.assertEqual(node.work_queue, kwargs['queue'])
def test_get_oauth_token_finds_token(self):
user = factory.make_user()
consumer, token = user.get_profile().create_authorisation_token()
self.assertEqual(
token,
get_oauth_token(
self.make_fake_request(
factory.make_oauth_header(oauth_token=token.key))))
def test_signaling_commissioning_failure_clears_owner(self):
node = factory.make_node(status=NODE_STATUS.COMMISSIONING)
node.owner = factory.make_user()
node.save()
client = make_node_client(node=node)
response = call_signal(client, status='FAILED')
self.assertEqual(httplib.OK, response.status_code)
self.assertEqual(None, reload_object(node).owner)
def test_start_nodes_wakeonlan_ignores_empty_mac_address_parameter(self):
user = factory.make_user()
node, mac = self.make_node_with_mac(
user, power_type=POWER_TYPE.WAKE_ON_LAN,
power_parameters=dict(mac_address=""))
output = Node.objects.start_nodes([node.system_id], user)
self.assertItemsEqual([], output)
self.assertEqual([], self.celery.tasks)
def test_get_available_node_with_name(self):
"""A single available node can be selected using its hostname"""
user = factory.make_user()
nodes = [self.make_node() for counter in range(3)]
self.assertEqual(
nodes[1],
Node.objects.get_available_node_for_acquisition(
user, {'hostname': nodes[1].hostname}))
def test_user_sees_own_nodes_and_unowned_nodes(self):
user = factory.make_user()
make_allocated_node()
own_node = make_allocated_node(owner=user)
unowned_node = make_unallocated_node()
self.assertItemsEqual([own_node, unowned_node],
Node.objects.get_nodes(own_node.owner,
NODE_PERMISSION.VIEW))
def test_create_auth_token(self):
user = factory.make_user()
token = create_auth_token(user)
self.assertEqual(user, token.user)
self.assertEqual(user, token.consumer.user)
self.assertTrue(token.is_approved)
self.assertConsumerValid(token.consumer)
self.assertTokenValid(token)