def test_ok(self, clean_mongo):
uuidv4 = str(uuid.uuid4())
name = "test.mender.io-" + uuidv4
email = "user@{}.com".format(name)
res = create_org_v1(name, email, "asdfqwer1234", "tok_visa")
# wait for create org workflow
utok = try_login(api_uadm, email, "asdfqwer1234")
# what's the tenant id?
res = api_tadm_v1.with_auth(utok).call(
"GET", tenantadm_v1.URL_MGMT_THIS_TENANT)
assert res.status_code == 200
tid = res.json()["id"]
res = api_tadm_v2.with_auth(utok).call("POST",
tenantadm_v2.URL_TENANT_SECRET)
assert res.status_code == 200
secret = res.json()["secret"]
# UI uses the secret to collect card and confirm the setup intent
# let's use a different card
seti = stripeutils.find_setup_intent(secret)
stripeutils.confirm("pm_card_mastercard", seti["id"])
res = api_tadm_v2.call(
"PUT",
tenantadm_v2.URL_TENANT_STATUS,
path_params={"id": tid},
body={"status": "active"},
)
assert res.status_code == 202
# verify the old source is detached and new one attached
cust = stripeutils.customer_for_tenant(email)
assert cust["default_source"] is None
assert len(cust["sources"]) == 0
stripeutils.customer_has_pm(cust)
# cleanup
# setup intents can't be cleaned up apparently, cancel doesn't work
stripeutils.delete_cust(cust["id"])
def test_ok_non_sca_cards(self, clean_mongo, card):
""" Basic test card numbers.
These cards won't trigger extra auth flows, but still have to work with the SCA-ready workflow.
They are actually the only cards we can use to test the whole flow on the backend side.
See https://stripe.com/docs/testing#cards.
Some of these are omitted - they are in fact being rejected with:
'Please use a Visa, MasterCard, or American Express card'
"""
uuidv4 = str(uuid.uuid4())
tenant = "test.mender.io-" + uuidv4
uname, upass = "******".format(tenant), "asdfqwer1234"
payload = {
"request_id": "123456",
"organization": tenant,
"email": uname,
"password": upass,
"g-recaptcha-response": "foobar",
}
res = api_tadm_v2.call(
"POST",
tenantadm_v2.URL_CREATE_ORG_TENANT,
headers={"Content-Type": "application/x-www-form-urlencoded"},
data=payload,
)
assert res.status_code == 200
secret = res.json()["secret"]
assert len(secret) > 0
tid = res.json()["id"]
# user can't log in until the org is activated
r = api_uadm.call("POST", useradm.URL_LOGIN, auth=(uname, upass))
assert r.status_code == 401
# we're emulating CC collection (and setup intent confirmation)
# setup intent cofirm is the last step normally done by the stripe ui components
seti = stripeutils.find_setup_intent(secret)
stripeutils.confirm(card, seti["id"])
# tenant can be activated now
res = api_tadm_v2.call(
"PUT",
tenantadm_v2.URL_TENANT_STATUS,
path_params={"id": tid},
body={"status": "active"},
)
assert res.status_code == 202
# wait for create org workflow, try login
try_login(api_uadm, uname, upass)
# verify that tenant's customer has an attached
# payment method/default payment method
cust = stripeutils.customer_for_tenant(uname)
stripeutils.customer_has_pm(cust)
# cleanup
# setup intents can't be cleaned up apparently, cancel doesn't work
stripeutils.delete_cust(cust["id"])
def test_ok_sca_cards(self, clean_mongo, card):
""" Regulatory test card numbers.
These regulatory cards that will trigger the 3D Secure SCA checks.
The UI check here is mandatory, and can't be cheated around -
so just verify that without it, tenant can't be activated at all.
Actually, it's just a couple cards from the test set. Others allow
confirming the card without extra steps. They were selected by trial and error.
See https://stripe.com/docs/testing#three-ds-cards.
"""
uuidv4 = str(uuid.uuid4())
tenant = "test.mender.io-" + uuidv4
uname, upass = "******".format(tenant), "asdfqwer1234"
payload = {
"request_id": "123456",
"organization": tenant,
"email": uname,
"password": upass,
"g-recaptcha-response": "foobar",
}
res = api_tadm_v2.call(
"POST",
tenantadm_v2.URL_CREATE_ORG_TENANT,
headers={"Content-Type": "application/x-www-form-urlencoded"},
data=payload,
)
assert res.status_code == 200
secret = res.json()["secret"]
assert len(secret) > 0
tid = res.json()["id"]
# user can't log in until the org is activated
r = api_uadm.call("POST", useradm.URL_LOGIN, auth=(uname, upass))
assert r.status_code == 401
# we're emulating CC collection (and setup intent confirmation)
# setup intent cofirm is the last step normally done by the stripe ui components
seti = stripeutils.find_setup_intent(secret)
# this will pass, because it's a test mode - but still the card will be unconfirmed/unusable
stripeutils.confirm(card, seti["id"])
# tenant *cannot* be activated
# because the auth was not completed
res = api_tadm_v2.call(
"PUT",
tenantadm_v2.URL_TENANT_STATUS,
path_params={"id": tid},
body={"status": "active"},
)
# looks weird be we *do* expect this
# we don't propagate this stripe error to users, nobody has
# any business calling this EP on an unverfied card
# internal error: Credit card not verified yet
assert res.status_code == 500
# verify that the user can't log in (ever, actually)
r = api_uadm.call("POST", useradm.URL_LOGIN, auth=(uname, upass))
assert r.status_code == 401
def test_upgrades(self, docker_env):
"""Test that plan/addon upgrades take effect on feature availability.
Special case is the trial tenant upgrade to a paid plan.
"""
tenant = docker_env.tenants["os"]
# add troubleshoot
update_tenant(
tenant.id,
addons=["troubleshoot"],
container_manager=get_container_manager(),
)
tenant.auth.reset_auth_token()
wait_for_connect(tenant.auth, tenant.device_id)
self.check_access_remote_term(tenant.auth, tenant.device_id)
self.check_access_file_transfer(tenant.auth, tenant.device_id)
self.check_access_auditlogs(tenant.auth, forbid=True)
self.check_access_sessionlogs(tenant.auth, forbid=True)
self.check_access_deviceconfig(
tenant.auth, tenant.device_id, forbid=True,
)
# self.check_access_rbac(tenant.auth, forbid=True)
# add configure
update_tenant(
tenant.id,
addons=["troubleshoot", "configure"],
container_manager=get_container_manager(),
)
tenant.auth.reset_auth_token()
wait_for_connect(tenant.auth, tenant.device_id)
self.check_access_remote_term(tenant.auth, tenant.device_id)
self.check_access_file_transfer(tenant.auth, tenant.device_id)
self.check_access_deviceconfig(tenant.auth, tenant.device_id)
self.check_access_auditlogs(tenant.auth, forbid=True)
self.check_access_sessionlogs(tenant.auth, forbid=True)
# self.check_access_rbac(tenant.auth, forbid=True)
# upgrade to "enterprise" - makes audit, session logs and rbac available
update_tenant(
tenant.id, plan="enterprise", container_manager=get_container_manager(),
)
tenant.auth.reset_auth_token()
wait_for_connect(tenant.auth, tenant.device_id)
self.check_access_remote_term(tenant.auth, tenant.device_id)
self.check_access_file_transfer(tenant.auth, tenant.device_id)
self.check_access_deviceconfig(tenant.auth, tenant.device_id)
self.check_access_auditlogs(tenant.auth)
self.check_access_sessionlogs(tenant.auth)
self.check_access_rbac(tenant.auth)
# upgrade trial tenant - straight to enterprise
tenant = docker_env.tenants["trial"]
tadmm = ApiClient(
host=get_container_manager().get_mender_gateway(),
base_url=tenantadm_v2.URL_MGMT,
)
res = tadmm.call(
"POST",
tenantadm_v2.URL_TENANT_UPGRADE_START,
path_params={"id": tenant.id},
headers=tenant.auth.get_auth_token(),
)
assert res.status_code == 200
res = res.json()
stripeutils.confirm("pm_card_visa", res["intent_id"])
body = {
"plan": "enterprise",
}
res = tadmm.call(
"POST",
tenantadm_v2.URL_TENANT_UPGRADE_COMPLETE,
path_params={"id": tenant.id},
body=body,
headers=tenant.auth.get_auth_token(),
)
assert res.status_code == 202
update_tenant(
tenant.id,
addons=["troubleshoot", "configure"],
container_manager=get_container_manager(),
)
tenant.auth.reset_auth_token()
wait_for_connect(tenant.auth, tenant.device_id)
self.check_access_remote_term(tenant.auth, tenant.device_id)
self.check_access_file_transfer(tenant.auth, tenant.device_id)
self.check_access_deviceconfig(tenant.auth, tenant.device_id)
self.check_access_auditlogs(tenant.auth)
self.check_access_sessionlogs(tenant.auth)
self.check_access_rbac(tenant.auth)