def test_ipa_client_batch_no_raise_errors(client, logged_in_dummy_user,
dummy_group):
"""Check the IPAClient batch method"""
with client.session_transaction() as sess:
ipa = maybe_ipa_session(current_app, sess)
result = ipa.batch(
methods=[
{
"method": "user_find",
"params": [[], {
"uid": "dummy",
'all': True
}]
},
{
"method": "this_method_wont_work",
"params": [["dummy-group"], {}]
},
],
raise_errors=False,
)
assert result['count'] == 2
assert result['results'][0]['result'][0]['displayname'][
0] == 'Dummy User'
assert isinstance(result['results'][1], BadRequest)
def test_ipa_client_batch_unknown_method(client, logged_in_dummy_user):
"""Check the IPAClient batch method returns unknown command errors"""
with client.session_transaction() as sess:
ipa = maybe_ipa_session(current_app, sess)
with pytest.raises(BadRequest) as e:
ipa.batch(methods=[{"method": "user_findy", "params": [[], {}]}])
assert "unknown command 'user_findy'" in e
def test_ipa_session_unauthorized(client, logged_in_dummy_user):
"""The user should be unauthorized when the session isn't valid for FreeIPA."""
with client.session_transaction() as sess:
sess["noggin_session"] = Fernet(
current_app.config['FERNET_SECRET']).encrypt(b'something-invalid')
ipa = maybe_ipa_session(current_app, sess)
assert ipa is None
def root():
ipa = maybe_ipa_session(current_app, session)
username = session.get('noggin_username')
if ipa and username:
return redirect(url_for('.user', username=username))
# Kick any non-authed user back to the login form.
activetab = request.args.get("tab", "login")
register_form = RegisterUserForm(prefix="register")
login_form = LoginUserForm(prefix="login")
if login_form.validate_on_submit():
with handle_form_errors(login_form):
return handle_login_form(login_form)
if register_form.validate_on_submit():
with handle_form_errors(register_form):
return handle_register_form(register_form)
return render_template(
'index.html',
register_form=register_form,
login_form=login_form,
activetab=activetab,
)
def root():
ipa = maybe_ipa_session(current_app, session)
username = session.get('noggin_username')
if ipa and username:
return redirect(url_for('.user', username=username))
# Kick any non-authed user back to the login form.
activetab = request.args.get("tab", "login")
register_form = RegisterUserForm(prefix="register")
login_form = LoginUserForm(prefix="login")
if login_form.validate_on_submit():
with handle_form_errors(login_form):
return handle_login_form(login_form)
if register_form.validate_on_submit():
if not current_app.config["REGISTRATION_OPEN"]:
flash(_("Registration is closed at the moment."), "warning")
return redirect(url_for('.root'))
with handle_form_errors(register_form):
return handle_register_form(register_form)
return render_template(
'index.html',
register_form=register_form,
login_form=login_form,
activetab=activetab,
)
def test_ipa_client_fasagreement_find(client, logged_in_dummy_user,
dummy_agreement):
"""Check the IPAClient fasagreement_find"""
with client.session_transaction() as sess:
ipa = maybe_ipa_session(current_app, sess)
result = ipa.fasagreement_find(all=True)
assert len(result) == 1
assert result[0]['cn'] == ['dummy agreement']
def fn(*args, **kwargs):
ipa = maybe_ipa_session(app, session)
if ipa:
g.ipa = ipa
g.current_user = User(g.ipa.user_find(whoami=True)['result'][0])
return f(*args, **kwargs, ipa=ipa)
flash('Please log in to continue.', 'warning')
return redirect(url_for('root'))
def fn(*args, **kwargs):
ipa = maybe_ipa_session(current_app, session)
if ipa:
g.ipa = ipa
g.current_user = User(g.ipa.user_find(whoami=True)['result'][0])
return f(*args, **kwargs, ipa=ipa)
coming_from = quote(request.full_path)
flash('Please log in to continue.', 'warning')
return redirect(f"{url_for('.root')}?next={coming_from}")
def logout():
"""Log the user out."""
# Don't use the with_ipa() decorator, otherwise anonymous users visiting this endpoint will be
# asked to login to then be logged out.
ipa = maybe_ipa_session(app, session)
if ipa:
ipa.logout()
session.clear()
return redirect(url_for('root'))
def test_ipa_client_batch_unknown_option(client, logged_in_dummy_user):
"""Check the IPAClient batch method returns invalid params errors"""
with client.session_transaction() as sess:
ipa = maybe_ipa_session(current_app, sess)
with pytest.raises(BadRequest) as e:
ipa.batch(
methods=[{"method": "user_find", "params": [[], {"pants": "pants"}]}]
)
assert "invalid 'params': Unknown option: pants" in e
def test_ipa_client_fasagreement_add_user(client, logged_in_dummy_user,
dummy_agreement):
"""Check the IPAClient fasagreement_add_user"""
with client.session_transaction() as sess:
ipa = maybe_ipa_session(current_app, sess)
# add a user to the agreement
ipa.fasagreement_add_user("dummy agreement", user="******")
# check it worked
result = ipa.fasagreement_find(all=True)
assert "dummy" in result[0]["memberuser_user"]
def logout():
"""Log the user out."""
# Don't use the with_ipa() decorator, otherwise anonymous users visiting this endpoint will be
# asked to login to then be logged out.
try:
ipa = maybe_ipa_session(current_app, session)
except python_freeipa.exceptions.FreeIPAError:
# Not much we can do here, proceed to logout and it may help solve the issue.
ipa = None
if ipa:
ipa.logout()
session.clear()
return redirect(url_for('.root'))
def test_ipa_client_batch(client, logged_in_dummy_user, dummy_group):
"""Check the IPAClient batch method"""
with client.session_transaction() as sess:
ipa = maybe_ipa_session(current_app, sess)
result = ipa.batch(
methods=[
{"method": "user_find", "params": [[], {"uid": "dummy", 'all': True}]},
{"method": "group_find", "params": [["dummy-group"], {}]},
]
)
assert result['count'] == 2
assert result['results'][0]['result'][0]['displayname'][0] == 'Dummy User'
assert result['results'][1]['result'][0]['description'][0] == 'A dummy group'
def test_ipa_client_fasagreement_add(client, logged_in_dummy_user,
dummy_agreement):
"""Check the IPAClient fasagreement_add"""
with client.session_transaction() as sess:
ipa = maybe_ipa_session(current_app, sess)
# add a new agreement and check it is there
ipa_admin.fasagreement_add("pants agreement")
result = ipa.fasagreement_find(all=True)
assert len(result) == 2
assert result[0]['cn'] == ['dummy agreement']
assert result[1]['cn'] == ['pants agreement']
# cleanup
ipa_admin.fasagreement_del("pants agreement")
def test_ipa_client_batch_no_raise_errors(client, logged_in_dummy_user,
dummy_group):
"""Check the IPAClient batch method"""
with client.session_transaction() as sess:
ipa = maybe_ipa_session(current_app, sess)
result = ipa.batch(a_methods=[
{
"method": "user_find",
"params": [["dummy"], {}]
},
{
"method": "this_method_wont_work",
"params": [["dummy-group"], {}]
},
], )
assert result['count'] == 2
assert result['results'][0]['result'][0]['uid'][0] == 'dummy'
assert result['results'][1]['error_name'] == 'CommandError'
def test_ipa_client_fasagreement_add_group(client, logged_in_dummy_user,
dummy_group, dummy_agreement):
"""Check the IPAClient fasagreement_add_group"""
with client.session_transaction() as sess:
ipa = maybe_ipa_session(current_app, sess)
# add a user to the agreement
ipa_admin.fasagreement_add_group("dummy agreement",
group="dummy-group")
# check it worked
result = ipa.fasagreement_find(all=True, cn="dummy agreement")
assert len(result) == 1
assert result[0]["member_group"] == ["dummy-group"]
# cleanup
ipa_admin.fasagreement_remove_group("dummy agreement",
group="dummy-group")
def password_reset():
# If already logged in, redirect to the logged in reset form
ipa = maybe_ipa_session(app, session)
username = session.get('noggin_username')
if ipa and username:
return redirect(url_for('user_settings_password', username=username))
username = request.args.get('username')
if not username:
abort(404)
form = PasswordResetForm()
if form.validate_on_submit():
res = _validate_change_pw_form(form, username)
if res and res.ok:
return redirect(url_for('root'))
return render_template('password-reset.html',
password_reset_form=form,
username=username)
def test_ipa_session_invalid(client, logged_in_dummy_user):
"""We should raise an exception when the session can't be decrypted."""
with client.session_transaction() as sess:
sess["noggin_session"] = "invalid"
with pytest.raises(TypeError):
maybe_ipa_session(current_app, sess)
def test_ipa_session_anonymous(client):
"""Check maybe_ipa_session() when no user is logged in"""
with client.session_transaction() as sess:
assert maybe_ipa_session(current_app, sess) is None
def test_ipa_session_authed(client, logged_in_dummy_user):
"""Check maybe_ipa_session() when a user is logged in"""
with client.session_transaction() as sess:
assert maybe_ipa_session(current_app, sess) is not None
