def test_delete_does_not_remove_user_from_account_holder_group(session, monkeypatch, auth_mock): # pylint:disable=unused-argument """Assert that if the user has multiple Orgs, and deleting one doesn't remove account holders group.""" # Create a user in keycloak keycloak_service = KeycloakService() request = KeycloakScenario.create_user_request() keycloak_service.add_user(request, return_if_exists=True) kc_user = keycloak_service.get_user_by_username(request.user_name) user = factory_user_model(TestUserInfo.get_user_with_kc_guid(kc_guid=kc_user.id)) # Patch token info def token_info(): # pylint: disable=unused-argument; mocks of library methods return { 'sub': str(kc_user.id), 'username': '******', 'realm_access': { 'roles': [ ] } } monkeypatch.setattr('auth_api.services.keycloak.KeycloakService._get_token_info', token_info) org1 = OrgService.create_org(TestOrgInfo.org1, user_id=user.id) OrgService.create_org(TestOrgInfo.org2, user_id=user.id) OrgService.delete_org(org1.as_dict().get('id'), token_info()) user_groups = keycloak_service.get_user_groups(user_id=kc_user.id) groups = [] for group in user_groups: groups.append(group.get('name')) assert GROUP_ACCOUNT_HOLDERS in groups
def test_create_org_adds_user_to_account_holders_group(session, monkeypatch): # pylint:disable=unused-argument """Assert that an Org creation adds the user to account holders group.""" # Create a user in keycloak keycloak_service = KeycloakService() request = KeycloakScenario.create_user_request() keycloak_service.add_user(request, return_if_exists=True) kc_user = keycloak_service.get_user_by_username(request.user_name) user = factory_user_model(TestUserInfo.get_user_with_kc_guid(kc_guid=kc_user.id)) # Patch token info def token_info(): # pylint: disable=unused-argument; mocks of library methods return { 'sub': str(kc_user.id), 'username': '******', 'realm_access': { 'roles': [ ] } } monkeypatch.setattr('auth_api.services.keycloak.KeycloakService._get_token_info', token_info) OrgService.create_org(TestOrgInfo.org1, user_id=user.id) user_groups = keycloak_service.get_user_groups(user_id=kc_user.id) groups = [] for group in user_groups: groups.append(group.get('name')) assert GROUP_ACCOUNT_HOLDERS in groups
def test_remove_member_removes_group_to_the_user(session, monkeypatch): # pylint:disable=unused-argument """Assert that accepting an invite adds group to the user.""" # Create a user in keycloak keycloak_service = KeycloakService() request = KeycloakScenario.create_user_request() keycloak_service.add_user(request, return_if_exists=True) kc_user = keycloak_service.get_user_by_username(request.user_name) user = factory_user_model(TestUserInfo.get_user_with_kc_guid(kc_guid=kc_user.id)) # Patch token info def token_info(): # pylint: disable=unused-argument; mocks of library methods return { 'sub': str(kc_user.id), 'username': '******', 'realm_access': { 'roles': [ 'edit' ] }, 'product_code': ProductCode.BUSINESS.value } monkeypatch.setattr('auth_api.services.keycloak.KeycloakService._get_token_info', token_info) org = OrgService.create_org(TestOrgInfo.org1, user_id=user.id) # Create another user request = KeycloakScenario.create_user_request() keycloak_service.add_user(request, return_if_exists=True) kc_user2 = keycloak_service.get_user_by_username(request.user_name) user2 = factory_user_model(TestUserInfo.get_user_with_kc_guid(kc_guid=kc_user2.id)) # Add a membership to the user for the org created factory_membership_model(user2.id, org.as_dict().get('id'), member_type='COORDINATOR', member_status=4) # Add a product to org factory_product_model(org.as_dict().get('id'), product_code=ProductCode.BUSINESS.value) # Find the membership and update to ACTIVE membership = MembershipService.get_membership_for_org_and_user(org.as_dict().get('id'), user2.id) active_membership_status = MembershipStatusCodeModel.get_membership_status_by_code(Status.ACTIVE.name) updated_fields = {'membership_status': active_membership_status} MembershipService(membership).update_membership(updated_fields=updated_fields, token_info=token_info()) user_groups = keycloak_service.get_user_groups(user_id=kc_user2.id) groups = [] for group in user_groups: groups.append(group.get('name')) assert GROUP_ACCOUNT_HOLDERS in groups # Find the membership and update to INACTIVE active_membership_status = MembershipStatusCodeModel.get_membership_status_by_code(Status.INACTIVE.name) updated_fields = {'membership_status': active_membership_status} MembershipService(membership).update_membership(updated_fields=updated_fields, token_info=token_info()) user_groups = keycloak_service.get_user_groups(user_id=kc_user2.id) groups = [] for group in user_groups: groups.append(group.get('name')) assert GROUP_ACCOUNT_HOLDERS not in groups
def test_create_user_and_add_same_user_name_error_in_kc(session, auth_mock, keycloak_mock): # pylint:disable=unused-argument """Assert that same user name cannot be added twice.""" org = factory_org_model(org_info=TestOrgInfo.org_anonymous) membership = [TestAnonymousMembership.generate_random_user(ADMIN)] keycloak_service = KeycloakService() request = KeycloakScenario.create_user_request() request.user_name = membership[0]['username'] keycloak_service.add_user(request) users = UserService.create_user_and_add_membership(membership, org.id, single_mode=True) assert users['users'][0]['http_status'] == 409 assert users['users'][0]['error'] == 'The username is already taken'
def test_create_org_adds_user_to_account_holders_group(session, monkeypatch): # pylint:disable=unused-argument """Assert that an Org creation adds the user to account holders group.""" # Create a user in keycloak keycloak_service = KeycloakService() request = KeycloakScenario.create_user_request() keycloak_service.add_user(request, return_if_exists=True) kc_user = keycloak_service.get_user_by_username(request.user_name) user = factory_user_model(TestUserInfo.get_user_with_kc_guid(kc_guid=kc_user.id)) patch_token_info({'sub': user.keycloak_guid}, monkeypatch) OrgService.create_org(TestOrgInfo.org1, user_id=user.id) user_groups = keycloak_service.get_user_groups(user_id=kc_user.id) groups = [] for group in user_groups: groups.append(group.get('name')) assert GROUP_ACCOUNT_HOLDERS in groups
def test_delete_otp_for_user(session, auth_mock, keycloak_mock): """Assert that the otp cant be reset.""" kc_service = KeycloakService() org = factory_org_model(org_info=TestOrgInfo.org_anonymous) admin_user = factory_user_model() factory_membership_model(admin_user.id, org.id) admin_claims = TestJwtClaims.get_test_real_user(admin_user.keycloak_guid) membership = [TestAnonymousMembership.generate_random_user(USER)] keycloak_service = KeycloakService() request = KeycloakScenario.create_user_request() request.user_name = membership[0]['username'] keycloak_service.add_user(request) user = kc_service.get_user_by_username(request.user_name) user = factory_user_model(TestUserInfo.get_bceid_user_with_kc_guid(user.id)) factory_membership_model(user.id, org.id) UserService.delete_otp_for_user(user.username, admin_claims) user1 = kc_service.get_user_by_username(request.user_name) assert 'CONFIGURE_TOTP' in json.loads(user1.value()).get('requiredActions')
def test_reset_bceid_user(session, auth_mock): # pylint: disable=unused-argument """Assert that reset data from a bceid user.""" keycloak_service = KeycloakService() request = KeycloakScenario.create_user_by_user_info( TestJwtClaims.tester_bceid_role) keycloak_service.add_user(request, return_if_exists=True) user = keycloak_service.get_user_by_username(request.user_name) assert user is not None user_id = user.id user_with_token = TestUserInfo.user_bceid_tester user_with_token['keycloak_guid'] = user_id user = factory_user_model(user_info=user_with_token) org = factory_org_model(user_id=user.id) response = ResetDataService.reset( TestJwtClaims.get_test_user(user_id, 'BCEID')) assert response is None found_org = OrgService.find_by_org_id(org.id) assert found_org is None
def test_delete_does_not_remove_user_from_account_holder_group(session, monkeypatch, auth_mock): # pylint:disable=unused-argument """Assert that if the user has multiple Orgs, and deleting one doesn't remove account holders group.""" # Create a user in keycloak keycloak_service = KeycloakService() request = KeycloakScenario.create_user_request() keycloak_service.add_user(request, return_if_exists=True) kc_user = keycloak_service.get_user_by_username(request.user_name) user = factory_user_model(TestUserInfo.get_user_with_kc_guid(kc_guid=kc_user.id)) patch_token_info({'sub': user.keycloak_guid}, monkeypatch) patch_pay_account_delete(monkeypatch) org1 = OrgService.create_org(TestOrgInfo.org1, user_id=user.id) OrgService.create_org(TestOrgInfo.org2, user_id=user.id) OrgService.delete_org(org1.as_dict().get('id')) user_groups = keycloak_service.get_user_groups(user_id=kc_user.id) groups = [] for group in user_groups: groups.append(group.get('name')) assert GROUP_ACCOUNT_HOLDERS in groups