def user_groups(username):
admin, message = check_user_is_admin(get_remote_user(request))
if not admin:
# User is not admin or admin group does exist. Ciao
return render_template("message.html", message=message)
with htpasswd.Basic(CONF["PWD_FILE"], mode="md5") as userdb:
with htpasswd.Group(CONF["GROUP_FILE"]) as groupdb:
if request.method == "GET":
groups = dict()
for group in groupdb.groups:
if groupdb.is_user_in(username, group):
groups[group] = True
else:
groups[group] = False
return render_template("groups.html", groups=groups)
else:
# POST Request
checked_groups = [
g.split("_", 1)[1] for g in list(request.form.keys())
if g.startswith("group_")
]
for group in groupdb.groups:
if group in checked_groups:
if not groupdb.is_user_in(username, group):
groupdb.add_user(username, group)
else:
if groupdb.is_user_in(username, group):
groupdb.delete_user(username, group)
return render_template("message.html",
message="User groups changed",
success=True)
def test_user_not_in_a_group(self):
with htpasswd.Group(t_groupdb) as groupdb:
result = False
try:
groupdb.delete_user("alice", "admins")
except htpasswd.UserNotInAGroup:
result = True
self.assertEqual(result, True)
def test_delete_user(self):
with htpasswd.Group(t_groupdb) as groupdb:
groupdb.delete_user("bob", "admins")
self.assertFalse(groupdb.is_user_in("bob", "admins"))
self.assertRaises(htpasswd.GroupNotExists,
lambda: groupdb.delete_user("bob", "nogroup"))
groupdb.add_user("alice", "admins")
self.assertRaises(htpasswd.UserNotInAGroup,
lambda: groupdb.delete_user("bob", "admins"))
def batch_user_creation():
admin, message = check_user_is_admin(get_remote_user(request))
if not admin:
# User is not admin or admin group does exist. Ciao
return render_template("message.html", message=message)
with htpasswd.Basic(CONF["PWD_FILE"], mode="md5") as userdb:
with htpasswd.Group(CONF["GROUP_FILE"]) as groupdb:
if request.method == "GET":
groups = []
for group in groupdb.groups:
groups.append(group)
return render_template(
"batch_user_creation.html",
groups=groups,
mail_capabilities=CONF["ENABLE_MAIL_CAPABILITIES"])
else:
# POST Request
users = request.form["users_login"].split("\r\n")
checked_groups = [
g.split("_", 1)[1] for g in list(request.form.keys())
if g.startswith("group_")
]
result = []
for username in users:
new_password = generate_random_password()
new_user = username not in userdb
if new_user:
userdb.add(username, new_password)
action = "create"
else:
userdb.change_password(username, new_password)
action = "update"
result.append((username, new_password, action))
for group in groupdb.groups:
if group in checked_groups:
if not groupdb.is_user_in(username, group):
groupdb.add_user(username, group)
else:
if groupdb.is_user_in(username, group):
groupdb.delete_user(username, group)
message = "Batch of user created with generated passwords"
# If the "send_mail" checkbox is enabled
if request.form.get("send_mail") is not None:
message = "Batch of user created with generated passwords, a mail has been sent to all of them"
send_mail(result, request.form["mail_suffix"],
request.form["instance"])
return render_template("message.html",
message=message,
success=True,
result=render_template(
"result_template.html",
result=result))
def test_add_group(self):
r = self.client.get("/user_groups/user1",
environ_base={"REMOTE_USER": "******"})
self.assertEqual(r.status_code, 200)
for group in ("users", "admin"):
self.assertIn(
'''name="group_%s" type="checkbox" checked''' % group, r.data)
with htpasswd.Group(self.group) as groupdb:
self.assertTrue(groupdb.is_user_in("user1", "users"))
r = self.client.post("/user_groups/user1",
data={"group_admin": "on"},
environ_base={"REMOTE_USER": "******"})
with htpasswd.Group(self.group) as groupdb:
self.assertEqual(r.status_code, 200)
self.assertFalse(groupdb.is_user_in("user1", "users"))
self.assertTrue(groupdb.is_user_in("user1", "admin"))
def setUp(self):
self.passwd = join(dirname(__name__), "test_password")
self.group = join(dirname(__name__), "test_group")
open(self.passwd, "w").close()
open(self.group, "w").close()
with htpasswd.Basic(self.passwd, mode="md5") as userdb:
userdb.add("user1", "user1")
userdb.add("user2", "user2")
with htpasswd.Group(self.group) as groupdb:
groupdb.add_user("user1", "admin")
groupdb.add_user("user1", "users")
groupdb.add_user("user2", "users")
app.config["TESTING"] = True
CONF["PWD_FILE"] = self.passwd
CONF["GROUP_FILE"] = self.group
self.client = app.test_client()
def check_user_is_admin(user):
"""Ensure username is in admin group and that admin group exists
@:return: tuple (result, message), result is True if user is admin, else False. message indicate reason if False"""
with htpasswd.Group(CONF["GROUP_FILE"]) as groupsdb:
if CONF["ADMIN_GROUP"] not in groupsdb:
return (
False,
"Sorry admin group '%s' is not defined. You cannot change someone else password or create new user"
% CONF["ADMIN_GROUP"])
if not groupsdb.is_user_in(user, CONF["ADMIN_GROUP"]):
return (
False,
"Sorry, you must belongs to group '%s' to change someone else password or create new users"
% CONF["ADMIN_GROUP"])
# Everything is fine
return (True, "")
def test_batch_user_creation(self):
r = self.client.get(CONF["URL_PREFIX"] + "/batch_user_creation",
environ_base={"REMOTE_USER": "******"})
self.assertEqual(r.status_code, 200)
r = self.client.post(CONF["URL_PREFIX"] + "/batch_user_creation",
data={
"users_login": "******",
"group_users": "on"
},
environ_base={"REMOTE_USER": "******"})
data = r.data.decode()
self.assertEqual(r.status_code, 200)
self.assertIn("Batch of user created with generated passwords", data)
with htpasswd.Basic(self.passwd, mode="md5") as userdb:
self.assertIn("user13", userdb)
self.assertIn("user14", userdb)
with htpasswd.Group(self.group) as groupdb:
self.assertTrue(groupdb.is_user_in("user13", "users"))
self.assertFalse(groupdb.is_user_in("user13", "admin"))
self.assertTrue(groupdb.is_user_in("user14", "users"))
self.assertFalse(groupdb.is_user_in("user14", "admin"))
def user_groups(username):
admin, message = check_user_is_admin(request.environ.get('REMOTE_USER'))
if not admin:
# User is not admin or admin group does exist. Ciao
return render_template("message.html", message=message)
with htpasswd.Basic(CONF["PWD_FILE"], mode="md5") as userdb:
with htpasswd.Group(CONF["GROUP_FILE"]) as groupdb:
if request.method == "GET":
groups = dict()
for group in groupdb.groups:
if groupdb.is_user_in(username, group):
groups[group] = True
else:
groups[group] = False
return render_template("groups.html", groups=groups)
else:
# POST Request
print request.form.items()
checked_groups = [
g.split("_", 1)[1] for g in request.form.keys()
if g.startswith("group_")
]
print checked_groups
for group in groupdb.groups:
if group in checked_groups:
if not groupdb.is_user_in(username, group):
print "add user to group %s" % group
groupdb.add_user(username, group)
else:
if groupdb.is_user_in(username, group):
print "remove user from group %s" % group
groupdb.delete_user(username, group)
return render_template("message.html",
message="User groups changed",
success=True)
def test_add_user(self):
with htpasswd.Group(t_groupdb) as groupdb:
groupdb.add_user("alice", "admins")
self.assertTrue(groupdb.is_user_in("alice", "admins"))
self.assertRaises(htpasswd.UserAlreadyInAGroup,
lambda: groupdb.add_user("alice", "admins"))
def test_is_user_in(self):
with htpasswd.Group(t_groupdb) as groupdb:
self.assertTrue(groupdb.is_user_in("bob", "admins"))
self.assertFalse(groupdb.is_user_in("bob", "managers"))
def test___contains__(self):
with htpasswd.Group(t_groupdb) as groupdb:
self.assertTrue(groupdb.__contains__("admins"))
self.assertFalse(groupdb.__contains__("admins1"))
def test_groups(self):
with htpasswd.Group(t_groupdb) as groupdb:
self.assertEqual(groupdb.groups, ["admins", "managers"])
def test_delete_user(self):
with htpasswd.Group(t_groupdb) as groupdb:
groupdb.delete_user("bob", "admins")
self.assertFalse(groupdb.is_user_in("bob", "admins"))
def test_add_user(self):
with htpasswd.Group(t_groupdb) as groupdb:
groupdb.add_user("alice", "admins")
self.assertTrue(groupdb.is_user_in("alice", "admins"))
