def test_add_back_a_delete_bcros(client, jwt, session, keycloak_mock):
"""Assert different conditions of user deletion."""
org = factory_org_model(org_info=TestOrgInfo.org_anonymous)
user = factory_user_model(user_info=TestUserInfo.user_bcros_active)
factory_membership_model(user.id, org.id)
factory_product_model(org.id, product_code=ProductCode.DIR_SEARCH.value)
owner_claims = TestJwtClaims.get_test_real_user(user.keycloak_guid)
member = TestAnonymousMembership.generate_random_user(USER)
membership = [
member,
TestAnonymousMembership.generate_random_user(COORDINATOR)
]
UserService.create_user_and_add_membership(membership,
org.id,
token_info=owner_claims)
headers = factory_auth_header(jwt=jwt, claims=owner_claims)
member_user_id = IdpHint.BCROS.value + '/' + member.get('username')
rv = client.delete(f'/api/v1/users/{member_user_id}',
headers=headers,
content_type='application/json')
assert rv.status_code == http_status.HTTP_204_NO_CONTENT
kc_user = KeycloakService.get_user_by_username(member.get('username'))
assert kc_user.enabled is False
user_model = UserService.find_by_username(member_user_id)
assert user_model.as_dict().get('user_status') == UserStatus.INACTIVE.value
membership = MembershipModel.find_membership_by_userid(
user_model.identifier)
assert membership.status == Status.INACTIVE.value
def test_authorizations_with_multiple_accounts_returns_200(client, jwt, session): # pylint:disable=unused-argument
"""Assert authorizations for product returns 200."""
product_code = 'PPR'
user = factory_user_model()
org = factory_org_model()
factory_membership_model(user.id, org.id)
factory_product_model(org.id)
org2 = factory_org_model(org_info=TestOrgInfo.org2, org_type_info=TestOrgTypeInfo.implicit, org_status_info=None,
payment_type_info=None)
factory_membership_model(user.id, org.id)
claims = copy.deepcopy(TestJwtClaims.public_user_role.value)
claims['sub'] = str(user.keycloak_guid)
headers = factory_auth_header(jwt=jwt, claims=claims)
rv = client.get(f'/api/v1/accounts/{org2.id}/products/{product_code}/authorizations',
headers=headers, content_type='application/json')
assert rv.status_code == http_status.HTTP_200_OK
assert schema_utils.validate(rv.json, 'account_response')[0]
assert len(rv.json.get('roles')) == 0
headers = factory_auth_header(jwt=jwt, claims=claims)
rv = client.get(f'/api/v1/accounts/{org.id}/products/{product_code}/authorizations',
headers=headers, content_type='application/json')
assert rv.status_code == http_status.HTTP_200_OK
assert schema_utils.validate(rv.json, 'account_response')[0]
len(rv.json.get('roles')) > 0
def test_create_user_and_add_membership_admin_bulk_mode_multiple(
session, auth_mock, keycloak_mock, monkeypatch): # pylint:disable=unused-argument
"""Assert that an admin can add a group of members."""
org = factory_org_model(org_info=TestOrgInfo.org_anonymous)
user = factory_user_model()
factory_membership_model(user.id, org.id)
factory_product_model(org.id, product_code=ProductCode.DIR_SEARCH.value)
claims = TestJwtClaims.get_test_real_user(user.keycloak_guid)
membership = [
TestAnonymousMembership.generate_random_user(USER),
TestAnonymousMembership.generate_random_user(COORDINATOR)
]
patch_token_info(claims, monkeypatch)
users = UserService.create_user_and_add_membership(membership, org.id)
assert len(users['users']) == 2
assert users['users'][0][
'username'] == IdpHint.BCROS.value + '/' + membership[0]['username']
assert users['users'][0]['type'] == Role.ANONYMOUS_USER.name
assert users['users'][1][
'username'] == IdpHint.BCROS.value + '/' + membership[1]['username']
assert users['users'][1]['type'] == Role.ANONYMOUS_USER.name
members = MembershipModel.find_members_by_org_id(org.id)
# staff didnt create members..so count is count of owner+other 2 members
assert len(members) == 3
def test_get_user_authorizations_for_entity_service_account(session, monkeypatch):
"""Assert that user authorizations for entity is working."""
user = factory_user_model()
org = factory_org_model()
factory_membership_model(user.id, org.id)
factory_product_model(org.id, product_code=ProductCode.BUSINESS.value)
entity = factory_entity_model()
factory_affiliation_model(entity.id, org.id)
# Test for service accounts with correct product code
patch_token_info(
{'loginSource': '', 'realm_access': {'roles': ['system']}, 'product_code': ProductCode.BUSINESS.value},
monkeypatch)
authorization = Authorization.get_user_authorizations_for_entity(entity.business_identifier)
assert bool(authorization) is True
assert authorization.get('orgMembership', None) == 'ADMIN'
# Test for service accounts with wrong product code
patch_token_info({'loginSource': '', 'realm_access': {'roles': ['system']}, 'product_code': 'INVALIDCP'},
monkeypatch)
authorization = Authorization.get_user_authorizations_for_entity(entity.business_identifier)
assert bool(authorization) is False
assert authorization.get('orgMembership', None) is None
# Test for service accounts with no product code
patch_token_info({'loginSource': '', 'realm_access': {'roles': ['system']}}, monkeypatch)
authorization = Authorization.get_user_authorizations_for_entity(entity.business_identifier)
assert bool(authorization) is False
assert authorization.get('orgMembership', None) is None
def test_get_account_authorizations_for_product(session, monkeypatch): # pylint:disable=unused-argument
"""Assert that user authorizations for product is working."""
user = factory_user_model()
org = factory_org_model()
factory_membership_model(user.id, org.id)
patch_token_info(TestJwtClaims.get_test_real_user(user.keycloak_guid), monkeypatch)
authorization = Authorization.get_account_authorizations_for_product(org.id, 'PPR')
assert authorization is not None
assert len(authorization.get('roles')) == 0
# Now add some product subscription for the org
patch_token_info(TestJwtClaims.get_test_real_user(user.keycloak_guid), monkeypatch)
factory_product_model(org.id)
authorization = Authorization.get_account_authorizations_for_product(org.id, 'PPR')
assert authorization is not None
assert len(authorization.get('roles')) > 0
# Create another org and assert that the roles are empty
org = factory_org_model(org_info=TestOrgInfo.org2, org_type_info=TestOrgTypeInfo.implicit, org_status_info=None,
payment_type_info=None)
factory_membership_model(user.id, org.id)
patch_token_info(TestJwtClaims.get_test_real_user(user.keycloak_guid), monkeypatch)
authorization = Authorization.get_account_authorizations_for_product(org.id, 'PPR')
assert authorization is not None
assert len(authorization.get('roles')) == 0
factory_product_model(org.id)
patch_token_info(TestJwtClaims.get_test_real_user(user.keycloak_guid), monkeypatch)
authorization = Authorization.get_account_authorizations_for_product(org.id, 'PPR')
assert authorization is not None
assert len(authorization.get('roles')) > 0
def test_check_auth(session): # pylint:disable=unused-argument
"""Assert that check_auth is working as expected."""
user = factory_user_model()
org = factory_org_model()
factory_membership_model(user.id, org.id)
factory_product_model(org.id, product_code=ProductCode.BUSINESS.value)
entity = factory_entity_model()
factory_affiliation_model(entity.id, org.id)
# Test if staff admin can access to STAFF only method
check_auth({'realm_access': {'roles': ['staff', 'create_accounts']}, 'sub': str(user.keycloak_guid)},
one_of_roles=[STAFF])
# Test for staff admin role to only STAFF
check_auth({'realm_access': {'roles': ['staff', 'create_accounts']}, 'sub': str(user.keycloak_guid)},
equals_role=STAFF)
# Test for staff role
check_auth({'realm_access': {'roles': ['staff']}, 'sub': str(user.keycloak_guid),
'product_code': ProductCode.BUSINESS.value}, one_of_roles=[STAFF])
# Test for owner role
check_auth({'realm_access': {'roles': ['public']}, 'sub': str(user.keycloak_guid),
'product_code': ProductCode.BUSINESS.value}, one_of_roles=[ADMIN],
business_identifier=entity.business_identifier)
# Test for owner role with org id
check_auth({'realm_access': {'roles': ['public']}, 'sub': str(user.keycloak_guid),
'product_code': ProductCode.BUSINESS.value}, one_of_roles=[ADMIN],
org_id=org.id)
# Test for exception, check for auth if resource is available for STAFF users
with pytest.raises(HTTPException) as excinfo:
check_auth({'realm_access': {'roles': ['public']}, 'sub': str(user.keycloak_guid)}, one_of_roles=[STAFF],
business_identifier=entity.business_identifier)
assert excinfo.exception.code == 403
# Test auth where STAFF role is in disabled role list
with pytest.raises(HTTPException) as excinfo:
check_auth({'realm_access': {'roles': ['staff']}, 'sub': str(user.keycloak_guid)}, disabled_roles=[STAFF],
business_identifier=entity.business_identifier)
assert excinfo.exception.code == 403
# Test auth where STAFF role is exact match
with pytest.raises(HTTPException) as excinfo:
check_auth({'realm_access': {'roles': ['public']}, 'sub': str(user.keycloak_guid)}, equals_role=USER,
business_identifier=entity.business_identifier)
assert excinfo.exception.code == 403
# Test auth where STAFF role is exact match
with pytest.raises(HTTPException) as excinfo:
check_auth({'realm_access': {'roles': ['public']}, 'sub': str(user.keycloak_guid)}, equals_role=USER,
org_id=org.id)
assert excinfo.exception.code == 403
# Test auth where STAFF role is exact match
with pytest.raises(HTTPException) as excinfo:
check_auth({'realm_access': {'roles': ['staff', 'create_accounts']}, 'sub': str(user.keycloak_guid)},
equals_role=USER,
org_id=org.id)
assert excinfo.exception.code == 403
def test_remove_member_removes_group_to_the_user(session, monkeypatch): # pylint:disable=unused-argument
"""Assert that accepting an invite adds group to the user."""
# Create a user in keycloak
keycloak_service = KeycloakService()
request = KeycloakScenario.create_user_request()
keycloak_service.add_user(request, return_if_exists=True)
kc_user = keycloak_service.get_user_by_username(request.user_name)
user = factory_user_model(TestUserInfo.get_user_with_kc_guid(kc_guid=kc_user.id))
# Patch token info
def token_info(): # pylint: disable=unused-argument; mocks of library methods
return {
'sub': str(kc_user.id),
'username': '******',
'realm_access': {
'roles': [
'edit'
]
},
'product_code': ProductCode.BUSINESS.value
}
monkeypatch.setattr('auth_api.services.keycloak.KeycloakService._get_token_info', token_info)
org = OrgService.create_org(TestOrgInfo.org1, user_id=user.id)
# Create another user
request = KeycloakScenario.create_user_request()
keycloak_service.add_user(request, return_if_exists=True)
kc_user2 = keycloak_service.get_user_by_username(request.user_name)
user2 = factory_user_model(TestUserInfo.get_user_with_kc_guid(kc_guid=kc_user2.id))
# Add a membership to the user for the org created
factory_membership_model(user2.id, org.as_dict().get('id'), member_type='COORDINATOR', member_status=4)
# Add a product to org
factory_product_model(org.as_dict().get('id'), product_code=ProductCode.BUSINESS.value)
# Find the membership and update to ACTIVE
membership = MembershipService.get_membership_for_org_and_user(org.as_dict().get('id'), user2.id)
active_membership_status = MembershipStatusCodeModel.get_membership_status_by_code(Status.ACTIVE.name)
updated_fields = {'membership_status': active_membership_status}
MembershipService(membership).update_membership(updated_fields=updated_fields, token_info=token_info())
user_groups = keycloak_service.get_user_groups(user_id=kc_user2.id)
groups = []
for group in user_groups:
groups.append(group.get('name'))
assert GROUP_ACCOUNT_HOLDERS in groups
# Find the membership and update to INACTIVE
active_membership_status = MembershipStatusCodeModel.get_membership_status_by_code(Status.INACTIVE.name)
updated_fields = {'membership_status': active_membership_status}
MembershipService(membership).update_membership(updated_fields=updated_fields, token_info=token_info())
user_groups = keycloak_service.get_user_groups(user_id=kc_user2.id)
groups = []
for group in user_groups:
groups.append(group.get('name'))
assert GROUP_ACCOUNT_HOLDERS not in groups
def test_create_user_add_membership_reenable(session, auth_mock, keycloak_mock,
monkeypatch): # pylint:disable=unused-argument
"""Assert that an admin can add a member."""
org = factory_org_model(org_info=TestOrgInfo.org_anonymous)
user = factory_user_model()
factory_membership_model(user.id, org.id)
factory_product_model(org.id, product_code=ProductCode.DIR_SEARCH.value)
claims = TestJwtClaims.get_test_real_user(user.keycloak_guid)
patch_token_info(claims, monkeypatch)
anon_member = TestAnonymousMembership.generate_random_user(USER)
membership = [anon_member]
users = UserService.create_user_and_add_membership(membership, org.id)
user_name = IdpHint.BCROS.value + '/' + membership[0]['username']
assert len(users['users']) == 1
assert users['users'][0]['username'] == user_name
assert users['users'][0]['type'] == Role.ANONYMOUS_USER.name
members = MembershipModel.find_members_by_org_id(org.id)
# staff didnt create members..so count is count of owner+other 1 member
assert len(members) == 2
# assert cant be readded
users = UserService.create_user_and_add_membership(membership, org.id)
assert users['users'][0]['http_status'] == 409
assert users['users'][0]['error'] == 'The username is already taken'
# deactivate everything and try again
anon_user = UserModel.find_by_username(user_name)
anon_user.status = Status.INACTIVE.value
anon_user.save()
membership_model = MembershipModel.find_membership_by_userid(anon_user.id)
membership_model.status = Status.INACTIVE.value
update_user_request = KeycloakUser()
update_user_request.user_name = membership[0]['username']
update_user_request.enabled = False
KeycloakService.update_user(update_user_request)
org2 = factory_org_model(org_info=TestOrgInfo.org_anonymous_2,
org_type_info={'code': 'BASIC'},
org_status_info=None,
payment_type_info=None)
factory_membership_model(user.id, org2.id)
factory_product_model(org2.id, product_code=ProductCode.DIR_SEARCH.value)
users = UserService.create_user_and_add_membership(membership, org2.id)
assert users['users'][0]['http_status'] == 409
assert users['users'][0]['error'] == 'The username is already taken'
# add to same org.Should work
users = UserService.create_user_and_add_membership(membership, org.id)
assert len(users['users']) == 1
assert users['users'][0][
'username'] == IdpHint.BCROS.value + '/' + membership[0]['username']
assert users['users'][0]['type'] == Role.ANONYMOUS_USER.name
def test_reset_password(client, jwt, session, keycloak_mock): # pylint:disable=unused-argument
"""Assert that an anonymous admin can be Patched."""
org = factory_org_model(org_info=TestOrgInfo.org_anonymous)
user = factory_user_model(user_info=TestUserInfo.user_bcros_active)
factory_membership_model(user.id, org.id)
factory_product_model(org.id, product_code=ProductCode.DIR_SEARCH.value)
owner_claims = TestJwtClaims.get_test_real_user(user.keycloak_guid)
member = TestAnonymousMembership.generate_random_user(USER)
admin = TestAnonymousMembership.generate_random_user(COORDINATOR)
membership = [member, admin]
UserService.create_user_and_add_membership(membership,
org.id,
token_info=owner_claims)
owner_headers = factory_auth_header(jwt=jwt, claims=owner_claims)
member_username = IdpHint.BCROS.value + '/' + member['username']
admin_username = IdpHint.BCROS.value + '/' + admin['username']
admin_claims = TestJwtClaims.get_test_real_user(
uuid.uuid4(), admin_username, access_ype=AccessType.ANONYMOUS.value)
admin_headers = factory_auth_header(jwt=jwt, claims=admin_claims)
member_claims = TestJwtClaims.get_test_real_user(
uuid.uuid4(), member_username, access_ype=AccessType.ANONYMOUS.value)
member_headers = factory_auth_header(jwt=jwt, claims=member_claims)
# set up JWTS for member and admin
client.post('/api/v1/users',
headers=admin_headers,
content_type='application/json')
client.post('/api/v1/users',
headers=member_headers,
content_type='application/json')
# reset password of admin by owner
input_data = json.dumps({
'username': admin_username,
'password': '******'
})
rv = client.patch(f'/api/v1/users/{admin_username}',
headers=owner_headers,
data=input_data,
content_type='application/json')
assert rv.status_code == http_status.HTTP_204_NO_CONTENT
# member cant reset password
rv = client.patch(f'/api/v1/users/{admin_username}',
headers=member_headers,
data=input_data,
content_type='application/json')
assert rv.status_code == http_status.HTTP_403_FORBIDDEN
# admin cant reset password
rv = client.patch(f'/api/v1/users/{admin_username}',
headers=admin_headers,
data=input_data,
content_type='application/json')
assert rv.status_code == http_status.HTTP_403_FORBIDDEN
def test_check_auth_for_service_account_valid_with_org_id(session): # pylint:disable=unused-argument
"""Assert that check_auth is working as expected."""
user = factory_user_model()
org = factory_org_model()
factory_membership_model(user.id, org.id)
factory_product_model(org.id, product_code=ProductCode.BUSINESS.value)
entity = factory_entity_model()
factory_affiliation_model(entity.id, org.id)
# Test for service account with CP corp type
check_auth({'realm_access': {'roles': ['system']}, 'product_code': ProductCode.BUSINESS.value}, org_id=org.id)
def test_find_user_authorization_by_business_number_product(session): # pylint:disable=unused-argument
"""Assert that authorization view is returning result."""
user = factory_user_model()
org = factory_org_model()
factory_membership_model(user.id, org.id)
factory_product_model(org.id, product_code=ProductCode.DIR_SEARCH.value)
entity = factory_entity_model()
factory_affiliation_model(entity.id, org.id)
authorization = Authorization.find_user_authorization_by_business_number_and_product(
entity.business_identifier, ProductCode.DIR_SEARCH.value)
assert authorization is not None
assert authorization.product_code == ProductCode.DIR_SEARCH.value
def test_reset_password_by_member(session, auth_mock, keycloak_mock): # pylint:disable=unused-argument
"""Assert that the password cant be changed by member."""
org = factory_org_model(org_info=TestOrgInfo.org_anonymous)
user = factory_user_model()
factory_membership_model(user.id, org.id)
factory_product_model(org.id, product_code=ProductCode.DIR_SEARCH.value)
admin_claims = TestJwtClaims.get_test_real_user(user.keycloak_guid)
membership = [TestAnonymousMembership.generate_random_user(USER)]
users = UserService.create_user_and_add_membership(membership, org.id, token_info=admin_claims)
user_name = users['users'][0]['username']
user_info = {'username': user_name, 'password': '******'}
with pytest.raises(HTTPException) as excinfo:
UserService.reset_password_for_anon_user(user_info, user_name, token_info=TestJwtClaims.public_user_role)
assert excinfo.exception.code == 403
def test_reset_password(session, auth_mock, keycloak_mock): # pylint:disable=unused-argument
"""Assert that the password can be changed."""
org = factory_org_model(org_info=TestOrgInfo.org_anonymous)
user = factory_user_model()
factory_membership_model(user.id, org.id)
factory_product_model(org.id, product_code=ProductCode.DIR_SEARCH.value)
claims = TestJwtClaims.get_test_real_user(user.keycloak_guid)
membership = [TestAnonymousMembership.generate_random_user(USER)]
users = UserService.create_user_and_add_membership(membership, org.id, token_info=claims)
user_name = users['users'][0]['username']
user_info = {'username': user_name, 'password': '******'}
kc_user = UserService.reset_password_for_anon_user(user_info, user_name, claims)
# cant assert anything else since password wont be gotten back
assert kc_user.user_name == user_name.replace(f'{IdpHint.BCROS.value}/', '').lower()
def test_create_task_product(session, keycloak_mock): # pylint:disable=unused-argument
"""Assert that a task can be created."""
user = factory_user_model()
test_org = factory_org_model()
test_product = factory_product_model(org_id=test_org.id)
product: ProductCodeModel = ProductCodeModel.find_by_code(
test_product.product_code)
test_task_info = {
'name': test_org.name,
'relationshipId': test_product.id,
'relatedTo': user.id,
'dateSubmitted': datetime.today(),
'relationshipType': TaskRelationshipType.PRODUCT.value,
'type': product.description,
'status': [TaskStatus.OPEN.value],
'accountId': test_org.id,
'relationship_status':
TaskRelationshipStatus.PENDING_STAFF_REVIEW.value
}
task = TaskService.create_task(test_task_info)
assert task
dictionary = task.as_dict()
assert dictionary['name'] == test_task_info['name']
assert dictionary['account_id'] == test_org.id
assert dictionary[
'relationship_type'] == TaskRelationshipType.PRODUCT.value
def test_authorizations_for_account_with_search_returns_200(client, jwt, session): # pylint:disable=unused-argument
"""Assert authorizations for product returns 200."""
product_code = 'PPR'
user = factory_user_model()
org = factory_org_model()
factory_membership_model(user.id, org.id)
factory_product_model(org.id)
claims = copy.deepcopy(TestJwtClaims.public_user_role.value)
claims['sub'] = str(user.keycloak_guid)
headers = factory_auth_header(jwt=jwt, claims=claims)
rv = client.get(f'/api/v1/accounts/{org.id}/products/{product_code}/authorizations',
headers=headers, content_type='application/json')
assert rv.status_code == http_status.HTTP_200_OK
assert rv.json.get('roles') == ['search']
def test_authorizations_for_extended_returns_200(app, client, jwt, session): # pylint:disable=unused-argument
"""Assert authorizations for product returns 200."""
product_code = 'PPR'
user = factory_user_model()
org = factory_org_model()
factory_membership_model(user.id, org.id)
factory_product_model(org.id)
claims = copy.deepcopy(TestJwtClaims.public_user_role.value)
claims['sub'] = str(user.keycloak_guid)
headers = factory_auth_header(jwt=jwt, claims=claims)
rv = client.get(f'/api/v1/accounts/{org.id}/products/{product_code}/authorizations?expanded=true',
headers=headers, content_type='application/json')
assert rv.status_code == http_status.HTTP_200_OK
assert schema_utils.validate(rv.json, 'account_response')[0]
assert len(rv.json.get('roles')) > 0
assert rv.json.get('account').get('name') == org.name
def test_get_account_authorizations_for_product(session): # pylint:disable=unused-argument
"""Assert that user authorizations for product is working."""
user = factory_user_model()
org = factory_org_model()
factory_membership_model(user.id, org.id)
authorization = Authorization.get_account_authorizations_for_product(
str(user.keycloak_guid), org.id, 'PPR')
assert authorization is not None
assert len(authorization.get('roles')) == 0
# Now add some product subscription for the org
factory_product_model(org.id)
authorization = Authorization.get_account_authorizations_for_product(
str(user.keycloak_guid), org.id, 'PPR')
assert authorization is not None
assert len(authorization.get('roles')) == 1
assert authorization.get('roles')[0] == 'search'
# Create another org and assert that the roles are empty
org = factory_org_model(org_info=TestOrgInfo.org2,
org_type_info=TestOrgTypeInfo.implicit,
org_status_info=None,
payment_type_info=None)
factory_membership_model(user.id, org.id)
authorization = Authorization.get_account_authorizations_for_product(
str(user.keycloak_guid), org.id, 'PPR')
assert authorization is not None
assert len(authorization.get('roles')) == 0
factory_product_model(org.id, product_role_codes=['search', 'register'])
authorization = Authorization.get_account_authorizations_for_product(
str(user.keycloak_guid), org.id, 'PPR')
assert authorization is not None
assert len(authorization.get('roles')) == 2
assert 'search' in authorization.get('roles')
assert 'register' in authorization.get('roles')
def test_delete_bcros_valdiations(client, jwt, session, keycloak_mock, monkeypatch):
"""Assert different conditions of user deletion."""
admin_user = TestUserInfo.user_bcros_active
org = factory_org_model(org_info=TestOrgInfo.org_anonymous)
user = factory_user_model(user_info=TestUserInfo.user_bcros_active)
factory_membership_model(user.id, org.id)
factory_product_model(org.id, product_code=ProductCode.DIR_SEARCH.value)
owner_claims = TestJwtClaims.get_test_real_user(user.keycloak_guid)
patch_token_info(owner_claims, monkeypatch)
member = TestAnonymousMembership.generate_random_user(USER)
admin = TestAnonymousMembership.generate_random_user(COORDINATOR)
membership = [member, admin]
UserService.create_user_and_add_membership(membership, org.id)
owner_headers = factory_auth_header(jwt=jwt, claims=owner_claims)
member_username = IdpHint.BCROS.value + '/' + member['username']
admin_username = IdpHint.BCROS.value + '/' + admin['username']
admin_claims = TestJwtClaims.get_test_real_user(uuid.uuid4(), admin_username, access_ype=AccessType.ANONYMOUS.value,
roles=[Role.ANONYMOUS_USER.value])
admin_headers = factory_auth_header(jwt=jwt, claims=admin_claims)
member_claims = TestJwtClaims.get_test_real_user(uuid.uuid4(), member_username,
access_ype=AccessType.ANONYMOUS.value,
roles=[Role.ANONYMOUS_USER.value])
member_headers = factory_auth_header(jwt=jwt, claims=member_claims)
# set up JWTS for member and admin
patch_token_info(admin_claims, monkeypatch)
client.post('/api/v1/users', headers=admin_headers, content_type='application/json',
data=json.dumps({'isLogin': True}))
patch_token_info(member_claims, monkeypatch)
client.post('/api/v1/users', headers=member_headers, content_type='application/json',
data=json.dumps({'isLogin': True}))
patch_token_info(owner_claims, monkeypatch)
# delete only owner ;failure
rv = client.delete(f"/api/v1/users/{admin_user['username']}", headers=owner_headers,
content_type='application/json')
assert rv.status_code == http_status.HTTP_401_UNAUTHORIZED
# admin trying to delete member: Failure
patch_token_info(admin_claims, monkeypatch)
rv = client.delete(f'/api/v1/users/{member_username}', headers=admin_headers, content_type='application/json')
assert rv.status_code == http_status.HTTP_401_UNAUTHORIZED
# member delete admin: failure
patch_token_info(member_claims, monkeypatch)
rv = client.delete(f'/api/v1/users/{admin_username}', headers=member_headers, content_type='application/json')
assert rv.status_code == http_status.HTTP_401_UNAUTHORIZED
# a self delete ;should work ;mimics leave team for anonymous user
patch_token_info(member_claims, monkeypatch)
rv = client.delete(f'/api/v1/users/{member_username}', headers=member_headers, content_type='application/json')
assert rv.status_code == http_status.HTTP_204_NO_CONTENT
patch_token_info(admin_claims, monkeypatch)
rv = client.delete(f'/api/v1/users/{admin_username}', headers=admin_headers, content_type='application/json')
assert rv.status_code == http_status.HTTP_204_NO_CONTENT
# add one more admin
patch_token_info(owner_claims, monkeypatch)
new_owner = TestAnonymousMembership.generate_random_user(ADMIN)
membership = [new_owner]
UserService.create_user_and_add_membership(membership, org.id)
patch_token_info(owner_claims, monkeypatch)
rv = client.delete(f"/api/v1/users/{IdpHint.BCROS.value + '/' + new_owner['username']}", headers=owner_headers,
content_type='application/json')
assert rv.status_code == http_status.HTTP_204_NO_CONTENT
