def test_get_for_admin(self): user = factory.make_User() admin = factory.make_admin() handler = UserHandler(admin, {}, None) self.assertEqual( self.dehydrate_user(user), handler.get({"id": user.id}))
def test_update_as_admin_event_log(self): admin_user = factory.make_admin() handler = UserHandler(admin_user, {}, None) user = factory.make_User() params = make_user_attribute_params(user) params.update({ "id": user.id, "last_name": factory.make_name("Newname"), "email": "new-{}@example.com".format(factory.make_string()), "is_superuser": True, "username": factory.make_name("newname"), }) handler.update(params) event = Event.objects.get(type__level=AUDIT) self.assertIsNotNone(event) self.assertEqual( event.description, ("Updated user profile (username: {username}, " "full name: {last_name}, " "email: {email}, administrator: True)").format(**params), )
def test_delete_as_unprivileged(self): unpriv_user = factory.make_User() handler = UserHandler(unpriv_user, {}, None) user = factory.make_User() with self.assertRaises(HandlerPermissionError): handler.delete({"id": user.id})
def test_get_for_user_getting_self(self): user = factory.make_User() handler = UserHandler(user, {}, None) self.assertEqual( self.dehydrate_user(user, for_self=True), handler.get({"id": user.id}), )
def test_list_for_standard_user(self): user = factory.make_User() handler = UserHandler(user, {}) # Other users for _ in range(3): factory.make_User() self.assertItemsEqual([self.dehydrate_user(user)], handler.list({}))
def test_delete_as_admin(self): admin_user = factory.make_admin() handler = UserHandler(admin_user, {}, None) user = factory.make_User() handler.delete({"id": user.id}) self.assertItemsEqual([], User.objects.filter(id=user.id))
def test_last_login(self): user = factory.make_User() now = datetime.datetime.utcnow() user.last_login = now user.save() handler = UserHandler(user, {}, None) last_login_serialised = handler.get({"id": user.id})["last_login"] self.assertEqual(last_login_serialised, now.strftime(DATETIME_FORMAT))
def test_create_authorisation_token(self): user = factory.make_User() handler = UserHandler(user, {}, None) observed = handler.create_authorisation_token({}) self.assertItemsEqual(["key", "secret", "consumer"], observed.keys()) self.assertItemsEqual(["key", "name"], observed["consumer"].keys()) event = Event.objects.get(type__level=AUDIT) self.assertIsNotNone(event) self.assertEqual(event.description, "Created token.")
def test_list_for_admin(self): admin = factory.make_admin() handler = UserHandler(admin, {}, None) factory.make_User() expected_users = [ self.dehydrate_user(user, for_self=(user == admin)) for user in User.objects.exclude(username__in=SYSTEM_USERS) ] self.assertItemsEqual(expected_users, handler.list({}))
def test_delete_authorisation_token(self): user = factory.make_User() handler = UserHandler(user, {}, None) observed = handler.create_authorisation_token({}) handler.delete_authorisation_token({"key": observed["key"]}) self.assertIsNone(Token.objects.filter(key=observed["key"]).first()) event = Event.objects.filter(type__level=AUDIT).last() self.assertIsNotNone(event) self.assertEqual(event.description, "Deleted token.")
def test_delete_as_admin_event_log(self): admin_user = factory.make_admin() handler = UserHandler(admin_user, {}, None) user = factory.make_User() handler.delete({"id": user.id}) event = Event.objects.get(type__level=AUDIT) self.assertIsNotNone(event) self.assertEqual(event.description, "Deleted user '{}'.".format(user.username))
def test_change_password(self): user = factory.make_User() user.set_password("oldpassword") handler = UserHandler(user, {}, None) observed = handler.change_password({ "new_password1": "newpassword", "new_password2": "newpassword", "old_password": "******", }) self.assertEqual(self.dehydrate_user(user, for_self=True), observed) self.assertTrue(user.check_password("newpassword"))
def test_list_with_sshkeys_and_machines(self): user, keys = factory.make_user_with_keys() num_machines = 3 for _ in range(num_machines): node = factory.make_Node(status=NODE_STATUS.READY) node.acquire(user) handler = UserHandler(user, {}, None) users_from_ws = handler.list({}) self.assertEqual([self.dehydrate_user(user, for_self=True)], users_from_ws) user_from_ws = users_from_ws[0] self.assertEqual(user_from_ws["sshkeys_count"], len(keys)) self.assertEqual(user_from_ws["machines_count"], num_machines)
def test_create_as_unprivileged(self): unpriv_user = factory.make_User() handler = UserHandler(unpriv_user, {}, None) params = { "username": factory.make_string(), "last_name": factory.make_string(30), "email": factory.make_email_address(), "is_superuser": factory.pick_bool(), } password = factory.make_string() params.update(make_password_params(password)) with self.assertRaises(HandlerPermissionError): handler.create(params)
def test_update_token_name(self): user = factory.make_User() handler = UserHandler(user, {}, None) new_token_name = factory.make_string() observed = handler.create_authorisation_token({}) handler.update_token_name({ "key": observed["key"], "name": new_token_name }) auth_token = user.userprofile.get_authorisation_tokens().get( key=observed["key"]) self.assertEqual(auth_token.consumer.name, new_token_name) event = (Event.objects.filter( type__level=AUDIT).order_by("-created").first()) self.assertIsNotNone(event) self.assertEqual(event.description, "Modified consumer name of token.")
def test_list_num_queries_is_the_expected_number(self): # Prevent RBAC from making a query. self.useFixture(RBACForceOffFixture()) admin = factory.make_admin() handler = UserHandler(admin, {}, None) for _ in range(3): factory.make_User() queries_one, _ = count_queries(handler.list, {"limit": 1}) queries_total, _ = count_queries(handler.list, {}) # This check is to notify the developer that a change was made that # affects the number of queries performed when doing a user listing. # It is important to keep this number as low as possible. A larger # number means regiond has to do more work slowing down its process # and slowing down the client waiting for the response. self.assertEqual( queries_one, 1, "Number of queries has changed; make sure this is expected.", ) self.assertEqual( queries_total, 1, "Number of queries has changed; make sure this is expected.", )
def test_get_for_user_not_getting_self(self): user = factory.make_User() other_user = factory.make_User() handler = UserHandler(user, {}, None) self.assertRaises( HandlerDoesNotExistError, handler.get, {"id": other_user.id} )
def test_change_other_users_password_as_admin(self): admin_user = factory.make_admin() handler = UserHandler(admin_user, {}, None) user = factory.make_User() response = handler.admin_change_password({ "id": user.id, "password1": "newpassword", "password2": "newpassword", }) user = reload_object(user) self.assertIsNone(response) self.assertTrue( user.check_password("newpassword"), "Password not correctly changed", )
def test_update_other_as_unprivileged(self): unpriv_user = factory.make_User() handler = UserHandler(unpriv_user, {}, None) user = factory.make_User() params = make_user_attribute_params(user) params.update( { "id": user.id, "last_name": factory.make_name("Newname"), "email": "new-{}@example.com".format(factory.make_string()), "is_superuser": True, "username": factory.make_name("newname"), } ) with self.assertRaises(HandlerPermissionError): handler.update(params)
def test_create_as_admin_event_log(self): admin_user = factory.make_admin() handler = UserHandler(admin_user, {}, None) params = { "username": factory.make_string(), "last_name": factory.make_string(30), "email": factory.make_email_address(), "is_superuser": False, } password = factory.make_string() params.update(make_password_params(password)) handler.create(params) event = Event.objects.get(type__level=AUDIT) self.assertIsNotNone(event) self.assertEqual(event.description, "Created user '{username}'.".format(**params))
def test_update_self_as_unprivileged(self): user = factory.make_User() handler = UserHandler(user, {}, None) params = make_user_attribute_params(user) params.update( { "id": user.id, "last_name": factory.make_name("Newname"), "email": "new-{}@example.com".format(factory.make_string()), "is_superuser": True, "username": factory.make_name("newname"), } ) handler.update(params) self.assertAttributes( reload_object(user), subset_dict(params, user_attributes) )
def test_create_as_admin(self): admin_user = factory.make_admin() handler = UserHandler(admin_user, {}, None) params = { "username": factory.make_string(), "last_name": factory.make_string(30), "email": factory.make_email_address(), "is_superuser": factory.pick_bool(), } password = factory.make_string() params.update(make_password_params(password)) handler.create(params) user = User.objects.get(username=params["username"]) self.assertAttributes(user, subset_dict(params, user_attributes)) self.assertTrue(user.check_password(password)) self.assertTrue(user.userprofile.is_local)
def test_update_other_as_unprivileged(self): unpriv_user = factory.make_User() handler = UserHandler(unpriv_user, {}, None) user = factory.make_User() params = make_user_attribute_params(user) params.update({ 'id': user.id, 'last_name': factory.make_name('Newname'), 'email': 'new-{}@example.com'.format(factory.make_string()), 'is_superuser': True, 'username': factory.make_name('newname'), }) with self.assertRaises(HandlerPermissionError): handler.update(params)
def test_update_self_as_unprivileged(self): user = factory.make_User() handler = UserHandler(user, {}, None) params = make_user_attribute_params(user) params.update({ 'id': user.id, 'last_name': factory.make_name('Newname'), 'email': 'new-{}@example.com'.format(factory.make_string()), 'is_superuser': True, 'username': factory.make_name('newname'), }) handler.update(params) self.assertAttributes(reload_object(user), subset_dict(params, user_attributes))
def test_change_password_invalid(self): user = factory.make_User() user.set_password("oldpassword") handler = UserHandler(user, {}, None) self.assertRaises( HandlerValidationError, handler.change_password, { "new_password1": "newpassword", "new_password2": "mismatchpassword", "old_password": "******", }, )
def test_cannot_change_own_password_as_unprivileged_using_admin(self): unprivileged_user = factory.make_User() handler = UserHandler(unprivileged_user, {}, None) self.assertRaises( HandlerPermissionError, handler.admin_change_password, { "id": unprivileged_user.id, "password1": "newpassword", "password2": "newpassword", }, )
def test_cannot_change_other_users_password_as_admin_bad_password(self): admin_user = factory.make_admin() handler = UserHandler(admin_user, {}, None) user = factory.make_User() self.assertRaises( HandlerValidationError, handler.admin_change_password, { "id": user.id, "password1": "foo", "password2": "bar", }, )
def test_delete_authorisation_token(self): user = factory.make_User() handler = UserHandler(user, {}) observed = handler.create_authorisation_token({}) handler.delete_authorisation_token({'key': observed['key']}) self.assertIsNone(Token.objects.filter(key=observed['key']).first())
def test_auth_user(self): user = factory.make_User() handler = UserHandler(user, {}, None) self.assertEqual(self.dehydrate_user(user, for_self=True), handler.auth_user({}))
def test_create_authorisation_token(self): user = factory.make_User() handler = UserHandler(user, {}) observed = handler.create_authorisation_token({}) self.assertItemsEqual(['key', 'secret', 'consumer'], observed.keys()) self.assertItemsEqual(['key', 'name'], observed['consumer'].keys())