def current_user_setup(user):
session["user_id"] = user.id
session["last_login"] = user.last_login
app.session_limiter.on_login(user)
app.logger.info(
f"authentication succeeded for user with EDIPI {user.dod_id}")
Users.update_last_login(user)
def login_dev():
dod_id = request.args.get("dod_id", None)
if dod_id is not None:
user = Users.get_by_dod_id(dod_id)
else:
role = request.args.get("username", "amanda")
user_data = _DEV_USERS[role]
user = Users.get_or_create_by_dod_id(
user_data["dod_id"],
**pick(
[
"permission_sets",
"first_name",
"last_name",
"email",
"service_branch",
"phone_number",
"citizenship",
"designation",
"date_latest_training",
],
user_data,
),
)
current_user_setup(user)
return redirect(redirect_after_login_url())
def on_login(self, user):
if not self.limit_logins:
return
session_id = self.session.sid
self._delete_session(user.last_session_id)
Users.update_last_session_id(user, session_id)
def test_get_all_includes_ccpo_user_changes():
user = UserFactory.create()
initial_audit_log = AuditLog.get_all_events()
Users.give_ccpo_perms(user)
Users.revoke_ccpo_perms(user)
assert len(AuditLog.get_all_events()) == len(initial_audit_log) + 2
def get_user(self):
try:
return Users.get_by_dod_id(self.parsed_sdn["dod_id"])
except NotFoundError:
email = self._get_user_email()
return Users.create(permission_sets=[],
email=email,
**self.parsed_sdn)
def get_users():
users = []
for dev_user in DEV_USERS.values():
try:
user = Users.create(**dev_user)
except AlreadyExistsError:
user = Users.get_by_dod_id(dev_user["dod_id"])
users.append(user)
return users
def login_redirect():
auth_context = _make_authentication_context()
auth_context.authenticate()
user = auth_context.get_user()
if user.provisional:
Users.finalize(user)
current_user_setup(user)
return redirect(redirect_after_login_url())
def test_creates_user():
# check user does not exist
with pytest.raises(NotFoundError):
Users.get_by_dod_id(DOD_SDN_INFO["dod_id"])
auth_context = AuthenticationContext(MockCRLCache(), "SUCCESS", DOD_SDN,
CERT)
user = auth_context.get_user()
assert user.dod_id == DOD_SDN_INFO["dod_id"]
assert user.email == FIXTURE_EMAIL_ADDRESS
def grant_ccpo_perms(dod_id):
try:
user = Users.get_by_dod_id(dod_id)
if user.permission_sets:
print("%s (DoD ID: %s) already CCPO user." %
(user.full_name, user.dod_id))
else:
Users.give_ccpo_perms(user)
print("CCPO permissions successfully granted to %s (DoD ID: %s)." %
(user.full_name, user.dod_id))
except NotFoundError:
print("User not found.")
def test_logging_audit_event_on_update(mock_logger):
user = UserFactory.create()
assert "Audit Event create" in mock_logger.messages
Users.update(user, {"first_name": "Greedo"})
assert "Audit Event update" in mock_logger.messages
assert len(mock_logger.messages) == 2
event_log = mock_logger.extras[1]["audit_event"]
assert event_log["resource_type"] == "user"
assert event_log["resource_id"] == str(user.id)
assert event_log["display_name"] == user.full_name
assert event_log["action"] == "update"
assert "update" in mock_logger.extras[1]["tags"]
def test_creates_new_user_without_email_on_login(client, ca_key, rsa_key,
make_x509, swap_crl_cache):
cert = make_x509(rsa_key(), signer_key=ca_key, cn=DOD_SDN)
swap_crl_cache()
# ensure user does not exist
with pytest.raises(NotFoundError):
Users.get_by_dod_id(DOD_SDN_INFO["dod_id"])
resp = _login(client, cert=cert.public_bytes(Encoding.PEM).decode())
user = Users.get_by_dod_id(DOD_SDN_INFO["dod_id"])
assert user.first_name == DOD_SDN_INFO["first_name"]
assert user.last_name == DOD_SDN_INFO["last_name"]
assert user.email == None
def test_remove_access(user_session, client):
ccpo = UserFactory.create_ccpo()
user = UserFactory.create_ccpo()
user_session(ccpo)
response = client.post(url_for("ccpo.remove_access", user_id=user.id))
assert user not in Users.get_ccpo_users()
def test_get_or_create_existing_user():
fact_user = UserFactory.create()
user = Users.get_or_create_by_dod_id(
fact_user.dod_id,
**pick(["first_name", "last_name"], fact_user.to_dictionary()),
)
assert user == fact_user
def create_demo_portfolio(name, data):
try:
portfolio_owner = Users.get_or_create_by_dod_id("2345678901") # Amanda
# auditor = Users.get_by_dod_id("3453453453") # Sally
except NotFoundError:
print("Could not find demo users; will not create demo portfolio {}".
format(name))
return
portfolio = Portfolios.create(
user=portfolio_owner,
portfolio_attrs={
"name": name,
"defense_component": random_service_branch()
},
)
add_task_orders_to_portfolio(portfolio)
add_members_to_portfolio(portfolio)
for mock_application in data["applications"]:
application = Application(portfolio=portfolio,
name=mock_application.name,
description="")
env_names = [env.name for env in mock_application.environments]
envs = Environments.create_many(portfolio.owner, application,
env_names)
db.session.add(application)
db.session.commit()
def test_creates_new_user_on_login(monkeypatch, client, ca_key):
monkeypatch.setattr(
"atst.domain.authnid.AuthenticationContext.authenticate", lambda *args: True
)
cert_file = open("tests/fixtures/{}.crt".format(FIXTURE_EMAIL_ADDRESS)).read()
# ensure user does not exist
with pytest.raises(NotFoundError):
Users.get_by_dod_id(DOD_SDN_INFO["dod_id"])
resp = _login(client, cert=cert_file)
user = Users.get_by_dod_id(DOD_SDN_INFO["dod_id"])
assert user.first_name == DOD_SDN_INFO["first_name"]
assert user.last_name == DOD_SDN_INFO["last_name"]
assert user.email == FIXTURE_EMAIL_ADDRESS
def update_user():
user = g.current_user
form = EditUserForm(http_request.form)
next_url = http_request.args.get("next")
if form.validate():
Users.update(user, form.data)
flash("user_updated")
if next_url:
return redirect(next_url)
return render_template(
"user/edit.html",
form=form,
user=user,
next=next_url,
mindate=(dt.datetime.now() - dt.timedelta(days=365)),
maxdate=dt.datetime.now(),
)
def test_get_ccpo_users():
ccpo_1 = UserFactory.create_ccpo()
ccpo_2 = UserFactory.create_ccpo()
rando = UserFactory.create()
ccpo_users = Users.get_ccpo_users()
assert ccpo_1 in ccpo_users
assert ccpo_2 in ccpo_users
assert rando not in ccpo_users
def add_applications_to_portfolio(portfolio):
applications = random_applications()
for application_data in applications:
application = Applications.create(
portfolio.owner,
portfolio=portfolio,
name=application_data["name"],
description=application_data["description"],
environment_names=application_data["environments"],
)
users = random.sample(APPLICATION_USERS, k=random.randint(1, 5))
for user_data in users:
try:
user = Users.get_by_dod_id(user_data["dod_id"])
except NotFoundError:
user = Users.create(
user_data["dod_id"],
None,
first_name=user_data["first_name"],
last_name=user_data["last_name"],
email=user_data["email"],
)
app_role = ApplicationRoles.create(
user=user,
application=application,
permission_set_names=[PermissionSets.EDIT_APPLICATION_TEAM],
)
ApplicationInvitations.create(portfolio.owner,
app_role,
user_data,
commit=True)
user_environments = random.sample(
application.environments,
k=random.randint(1, len(application.environments)),
)
for env in user_environments:
role = random.choice([e.value for e in CSPRole])
EnvironmentRoles.create(application_role=app_role,
environment=env,
role=role)
def add_members_to_portfolio(portfolio):
for user_data in PORTFOLIO_USERS:
invite = Portfolios.invite(portfolio, portfolio.owner, {"user_data": user_data})
profile = {
k: user_data[k] for k in user_data if k not in ["dod_id", "permission_sets"]
}
user = Users.get_or_create_by_dod_id(user_data["dod_id"], **profile)
PortfolioRoles.enable(invite.role, user)
db.session.commit()
def test_user_can_update_profile(user_session, client):
user = UserFactory.create()
user_session(user)
new_data = {**user.to_dictionary(), "first_name": "chad", "last_name": "vader"}
new_data["date_latest_training"] = new_data["date_latest_training"].strftime(
"%m/%d/%Y"
)
client.post(url_for("users.update_user"), data=new_data)
updated_user = Users.get_by_dod_id(user.dod_id)
assert updated_user.first_name == "chad"
assert updated_user.last_name == "vader"
def dev_new_user():
first_name = request.args.get("first_name", None)
last_name = request.args.get("last_name", None)
dod_id = request.args.get("dod_id", None)
if None in [first_name, last_name, dod_id]:
raise IncompleteInfoError()
try:
Users.get_by_dod_id(dod_id)
raise AlreadyExistsError("User with dod_id {}".format(dod_id))
except NotFoundError:
pass
new_user = {"first_name": first_name, "last_name": last_name}
created_user = Users.create(dod_id, **new_user)
current_user_setup(created_user)
return redirect(redirect_after_login_url())
def submit_new_user():
try:
new_user = Users.get_by_dod_id(request.form["dod_id"])
form = CCPOUserForm(obj=new_user)
except NotFoundError:
flash("ccpo_user_not_found")
return redirect(url_for("ccpo.users"))
return render_template("ccpo/confirm_user.html",
new_user=new_user,
form=form)
def seed_db():
get_users()
amanda = Users.get_by_dod_id("2345678901")
# Create Portfolios for Amanda with mocked reporting data
create_demo_portfolio("A-Wing",
MockReportingProvider.FIXTURE_SPEND_DATA["A-Wing"])
create_demo_portfolio("B-Wing",
MockReportingProvider.FIXTURE_SPEND_DATA["B-Wing"])
tie_interceptor = Portfolios.create(
user=amanda,
portfolio_attrs={
"name": "TIE Interceptor",
"defense_component": random_service_branch(),
},
)
add_task_orders_to_portfolio(tie_interceptor)
add_members_to_portfolio(tie_interceptor)
add_applications_to_portfolio(tie_interceptor)
tie_fighter = Portfolios.create(
user=amanda,
portfolio_attrs={
"name": "TIE Fighter",
"defense_component": random_service_branch(),
},
)
add_task_orders_to_portfolio(tie_fighter)
add_members_to_portfolio(tie_fighter)
add_applications_to_portfolio(tie_fighter)
# create a portfolio for each user
ships = SHIP_NAMES.copy()
for user in get_users():
ship = random.choice(ships)
ships.remove(ship)
portfolio = Portfolios.create(
user=user,
portfolio_attrs={
"name": ship,
"defense_component": random_service_branch(),
},
)
add_task_orders_to_portfolio(portfolio)
add_members_to_portfolio(portfolio)
add_applications_to_portfolio(portfolio)
def create_demo_portfolio(name, data):
try:
portfolio_owner = Users.get_or_create_by_dod_id(
"2345678901",
**pick(
[
"permission_sets",
"first_name",
"last_name",
"email",
"service_branch",
"phone_number",
"citizenship",
"designation",
"date_latest_training",
],
DEV_USERS["amanda"],
),
) # Amanda
# auditor = Users.get_by_dod_id("3453453453") # Sally
except NotFoundError:
print("Could not find demo users; will not create demo portfolio {}".
format(name))
return
portfolio = Portfolios.create(
user=portfolio_owner,
portfolio_attrs={
"name": name,
"defense_component": random_service_branch()
},
)
add_task_orders_to_portfolio(portfolio)
add_members_to_portfolio(portfolio)
for mock_application in data["applications"]:
application = Application(portfolio=portfolio,
name=mock_application["name"],
description="")
env_names = [env["name"] for env in mock_application["environments"]]
envs = Environments.create_many(portfolio.owner, application,
env_names)
db.session.add(application)
db.session.commit()
def confirm_new_user():
user = Users.get_by_dod_id(request.form["dod_id"])
Users.give_ccpo_perms(user)
flash("ccpo_user_added", user_name=user.full_name)
return redirect(url_for("ccpo.users"))
def get_current_user():
user_id = session.get("user_id")
if user_id:
return Users.get(user_id)
else:
return False
def test_give_ccpo_perms():
rando = UserFactory.create()
Users.give_ccpo_perms(rando)
ccpo_users = Users.get_ccpo_users()
assert rando in ccpo_users
def test_revoke_ccpo_perms():
ccpo = UserFactory.create_ccpo()
Users.revoke_ccpo_perms(ccpo)
ccpo_users = Users.get_ccpo_users()
assert ccpo not in ccpo_users
def remove_access(user_id):
user = Users.get(user_id)
Users.revoke_ccpo_perms(user)
flash("ccpo_user_removed", user_name=user.full_name)
return redirect(url_for("ccpo.users"))
def users():
users = Users.get_ccpo_users()
users_info = [(user, CCPOUserForm(obj=user)) for user in users]
return render_template("ccpo/users.html", users_info=users_info)
