def test_token_time_limits_reflect_server_limits(app):
"""Test that if a user's token time limits are bounded to those current on the server."""
with app.app_context():
user = User(username="******", password="******")
user_group = Group(name="TEST_USER", user_group=True)
user.groups.append(user_group)
server = Server(
name="TEST_SERVER",
longest_token_life=2880,
latest_token_expiry=datetime.datetime(2020, 1, 1),
)
token_limits = GroupServerTokenLimits(
group=user_group,
longest_life=2880,
latest_end=datetime.datetime(2020, 1, 1),
server=server,
)
limits = user.token_limits(server)
assert 2880 == limits["longest_life"]
assert datetime.datetime(2020, 1, 1) == limits["latest_end"]
server.longest_token_life = 10
limits = user.token_limits(server)
assert 10 == limits["longest_life"]
server.latest_token_expiry = datetime.datetime(2019, 1, 1)
limits = user.token_limits(server)
assert datetime.datetime(2019, 1, 1) == limits["latest_end"]
def test_disallow_right_on_server_disallows_for_group(app):
"""Test that if a claim is disallowed on a server, it will be disallowed even if previously granted to groups."""
with app.app_context():
user = User(username="******", password="******")
user_group = Group(name="TEST_USER", user_group=True)
user.groups.append(user_group)
server = Server(
name="TEST_SERVER",
longest_token_life=2880,
latest_token_expiry=datetime.datetime(2020, 1, 1),
)
capability = Capability(name="TEST_ROUTE")
server_capability = ServerCapability(server=server,
capability=capability,
poll=True)
gsp = GroupServerPermission(group=user_group,
server_capability=server_capability,
poll=True)
token_limits = GroupServerTokenLimits(
group=user_group,
longest_life=1440,
latest_end=datetime.datetime(2019, 1, 1),
server=server,
)
claims = user.allowed_claims(server)
assert claims["TEST_ROUTE"]["permissions"]["poll"]
server_capability.poll = False
claims = user.allowed_claims(server)
assert {} == claims
def test_user(app):
with app.app_context():
user = User(username="******", password="******")
ug = Group(name="TEST_USER", user_group=True, members=[user])
db.session.add(user)
db.session.add(ug)
db.session.commit()
return TestUser(user.id, user.username, "TEST_USER_PASSWORD")
def test_admin(app):
with app.app_context():
user = User(username="******",
password="******",
is_admin=True)
ug = Group(name="TEST_ADMIN", user_group=True, members=[user])
db.session.add(user)
db.session.add(ug)
db.session.commit()
return user.id, user.username, "TEST_ADMIN_PASSWORD"
def test_two_factor_auth_user(app):
with app.app_context():
user = User(username="******", password="******")
ug = Group(name="TEST_FACTOR_USER", user_group=True, members=[user])
secret = pyotp.random_base32()
auth = TwoFactorAuth(user=user, enabled=True)
auth.secret_key = secret
otp_generator = partial(get_two_factor_code, secret)
db.session.add(user)
db.session.add(auth)
db.session.add(ug)
db.session.commit()
backup_codes = generate_backup_codes()
for code in backup_codes:
backup = TwoFactorBackup(auth_id=auth.user_id)
backup.backup_code = code
db.session.add(backup)
db.session.commit()
return TestTwoFactorUser(user.id, user.username, "TEST_USER_PASSWORD",
otp_generator, backup_codes)
def test_data(app):
with app.app_context():
agg_units = [
SpatialAggregationUnit(name=f"admin{x}") for x in range(4)
]
db.session.add_all(agg_units)
users = [
User(username="******", password="******"),
User(username="******", is_admin=True),
]
for user in users:
user.password = "******"
# Each user is also a group
groups = [
Group(name="TEST_USER", user_group=True),
Group(name="TEST_ADMIN", user_group=True),
Group(name="TEST_GROUP"),
]
groups[0].members.append(users[0])
groups[1].members.append(users[1])
for user in users:
groups[2].members.append(user)
for x in users + groups:
db.session.add(x)
# Add some things that you can do
caps = []
for c in ("DUMMY_ROUTE_A", "DUMMY_ROUTE_B"):
c = Capability(name=c)
db.session.add(c)
caps.append(c)
# Add some servers
dummy_server_a = Server(
name="DUMMY_SERVER_A",
longest_token_life=2,
latest_token_expiry=datetime.datetime(2020, 1, 1),
secret_key="DUMMY_SERVER_A_KEY",
)
dummy_server_b = Server(
name="DUMMY_SERVER_B",
longest_token_life=2,
latest_token_expiry=datetime.datetime(2021, 1, 1),
secret_key="DUMMY_SERVER_B_KEY",
)
db.session.add(dummy_server_a)
db.session.add(dummy_server_b)
# Add some things that you can do on the servers
scs = []
for cap in caps:
scs.append(
ServerCapability(
capability=cap,
server=dummy_server_a,
get_result=True,
run=True,
poll=False,
))
scs.append(ServerCapability(capability=cap, server=dummy_server_b))
for sc in scs:
sc.spatial_aggregation = agg_units
db.session.add(sc)
# Give test user group permissions on Haiti
for sc in dummy_server_a.capabilities:
gsp = GroupServerPermission(group=groups[0], server_capability=sc)
db.session.add(gsp)
db.session.add(
GroupServerTokenLimits(
group=groups[0],
longest_life=2,
latest_end=datetime.datetime(2019, 1, 1),
server=dummy_server_a,
))
# Give test admin a token on server b
t = Token(
name="DUMMY_TOKEN",
token="DUMMY_TOKEN_STRING",
expires=datetime.datetime(2019, 1, 1),
owner=users[1],
server=dummy_server_b,
)
db.session.add(t)
db.session.commit()