Exemple #1
0
    def on_get(self,
               req: falcon.Request,
               resp: falcon.Response,
               username: str = None):
        if username is None:
            if not req.context["user"].is_admin:
                raise falcon.HTTPForbidden(
                    "Forbidden", "Insufficient privileges for operation.")

            user = User.select(
                User.username,
                User.is_active,
                User.is_admin,
                User.is_manager,
                User.created_on,
            )

            resp.media = {"users": list(user.dicts())}

        else:
            user = User.get_or_404(User.username == username)
            if not req.context[
                    "user"].is_admin and req.context["user"].id != user.id:
                raise falcon.HTTPForbidden(
                    "Forbidden", "Insufficient privileges for operation.")

            resp.media = {
                "user":
                user.to_dict([
                    "username", "is_active", "is_admin", "is_manager",
                    "created_on"
                ])
            }
def test_user_get_by_basic_auth_none(client):
    username = "******"
    password = "******"
    u = User(username=username)
    u.token = "test-token"
    u.is_active = False
    u.set_password(password)
    u.save()
    assert User.get_by_basic_auth(username=username, password=password) is None
def test_user_get_by_basic_auth_not_none(client):
    username = "******"
    password = "******"
    u = User(username=username)
    u.token = "test-token"
    u.is_active = True
    u.set_password(password)
    u.save()
    u2 = User.get_by_basic_auth(username=username, password=password)
    assert u2 is not None
    assert u.id == u2.id
Exemple #4
0
    def on_put(self,
               req: falcon.Request,
               resp: falcon.Response,
               username: str = None):
        user = User.get_or_404(User.username == username)
        if not req.context[
                "user"].is_admin and req.context["user"].id != user.id:
            raise falcon.HTTPForbidden(
                "Forbidden", "Insufficient privileges for operation.")

        is_admin = req.media.get("is_admin", None)
        is_manager = req.media.get("is_manager", None)
        is_active = req.media.get("is_active", None)

        if req.context["user"].id == user.id and (is_admin is not None
                                                  or is_manager is not None
                                                  or is_active is not None):
            raise falcon.HTTPForbidden("Forbidden",
                                       "Can not modifiy own attributes.")

        password = req.media.get("password", None)
        if password is not None:
            user.set_password(password)
        if is_admin is not None:
            user.is_admin = is_admin
        if is_manager is not None:
            user.is_manager = is_manager
        if is_active is not None:
            user.is_active = is_active

        user.save()
        resp.media = {"status": "Success", "message": "User updated."}
def test_iplistitemresource_on_get_found(client, superuser):
    ip_list = IPList(name="test-list", created_by=User.get_by_token(superuser))
    ip_list.save()
    resp = client.simulate_get(
        "/api/test/iplists/test-list/items",
        headers={"Authorization": f"Token {superuser}"},
    )
    assert resp.status_code == 200
def test_iplistresource_on_delete_ok(client, superuser):
    ip_list = IPList(name="test-list", created_by=User.get_by_token(superuser))
    ip_list.save()
    resp = client.simulate_delete(
        "/api/test/iplists/test-list", headers={"Authorization": f"Token {superuser}"}
    )
    assert resp.status_code == 200
    assert resp.json["status"] == "Success"
def test_iplistresource_on_post_bad(client, superuser):
    ip_list = IPList(name="test-list", created_by=User.get_by_token(superuser))
    ip_list.save()
    json = {"name": "test-list"}
    resp = client.simulate_post(
        "/api/test/iplists", headers={"Authorization": f"Token {superuser}"}, json=json
    )
    assert resp.status_code == 400
def test_user_get_by_token_not_none(client):
    u = User(username="******")
    u.token = "test-token"
    u.is_active = True
    u.save()
    u2 = User.get_by_token("test-token")
    assert u2 is not None
    assert u2.id == u.id
Exemple #9
0
    def on_delete(self,
                  req: falcon.Request,
                  resp: falcon.Response,
                  username: str = None):
        user = User.get_or_404(User.username == username)

        if req.context["user"].id == user.id:
            raise falcon.HTTPBadRequest("Bad Request", "Can not delete self.")

        user.delete_instance()
        resp.media = {"status": "Success", "message": "User deleted."}
def test_iplistitemresource_on_post_all_new(client, superuser):
    ip_list = IPList(name="test-list", created_by=User.get_by_token(superuser))
    ip_list.save()
    json = {"ips": ["1.1.1.1", "9.9.9.9"], "note": "test note"}
    resp = client.simulate_post(
        "/api/test/iplists/test-list/items",
        headers={"Authorization": f"Token {superuser}"},
        json=json,
    )
    assert resp.status_code == 201
    assert ListItem.select().count() == 2
    assert IPListItem.select().where((IPListItem.ip_list == ip_list)).count() == 2
def test_iplistitemresource_on_post_notes(client, superuser):
    ip_list = IPList(name="test-list", created_by=User.get_by_token(superuser))
    ip_list.save()
    json = {"ips": ["1.1.1.1"], "note": "test note "}
    resp = client.simulate_post(
        "/api/test/iplists/test-list/items",
        headers={"Authorization": f"Token {superuser}"},
        json=json,
    )
    assert resp.status_code == 201
    ip = ListItem.get(ip="1.1.1.1")
    list_item = IPListItem.get(id=1)
    assert list_item.note == "test note"
Exemple #12
0
    def on_get(self, req: falcon.Request, resp: falcon.Response,
               username: str):
        try:
            user = User.get(username=username)

            if not req.context[
                    "user"].is_admin and req.context["user"].id != user.id:
                raise falcon.HTTPForbidden(
                    "Forbidden", "Insufficient privileges for operation.")

            resp.media = {"token": user.token}

        except DoesNotExist:
            raise falcon.HTTPNotFound()
Exemple #13
0
    def on_post(self, req: falcon.Request, resp: falcon.Response):

        if User.select().where(User.is_admin).count() > 0:
            raise falcon.HTTPBadRequest("Bad Request",
                                        "App already initialized.")

        token = create_user(
            username=req.media.get("username"),
            password=req.media.get("password"),
            is_admin=True,
        )

        resp.status = falcon.HTTP_201
        resp.media = {
            "status": "Success",
            "token": token,
            "message": "First admin user created.",
        }
def test_iplistitemresource_on_delete_remove_some(client, superuser):
    ip_list = IPList(name="test-list", created_by=User.get_by_token(superuser))
    ip_list.save()
    json = {"ips": ["1.1.1.1", "2.2.2.2"], "note": "test note"}
    resp = client.simulate_post(
        "/api/test/iplists/test-list/items",
        headers={"Authorization": f"Token {superuser}"},
        json=json,
    )
    assert IPListItem.select().where((IPListItem.ip_list == ip_list)).count() == 2
    json = {"ips": ["2.2.2.2"]}
    resp = client.simulate_delete(
        "/api/test/iplists/test-list/items",
        headers={"Authorization": f"Token {superuser}"},
        json=json,
    )
    assert resp.status_code == 200
    assert resp.json["count_removed"] == 1
    assert IPListItem.select().where((IPListItem.ip_list == ip_list)).count() == 1
def test_user_str():
    u = User(username="******")
    assert str(u) == "tester"
def test_user_get_by_token_none(client):
    u = User(username="******")
    u.token = "test-token"
    u.is_active = False
    u.save()
    assert User.get_by_token("test-token") is None