def add(ctx, username, password, role=[], **flags):
engine, _ = project_engine(ctx.obj["project"])
app = create_app({"SQLALCHEMY_DATABASE_URI": str(engine.url)})
from meltano.api.security import users
try:
with app.app_context():
# make sure our User doesn't already exist
if not flags["overwrite"] and users.get_user(username):
raise Exception(
f"User '{username}' already exists. Use --overwrite to update it."
)
# make sure all roles exists
roles = []
for role_name in role:
r = users.find_role(role_name)
if not r:
raise Exception(f"Role '{role_name}' does not exists.")
roles.append(r)
current_user = users.get_user(username) or users.create_user(
username=username
)
current_user.password = hash_password(password)
current_user.roles = roles
# for some reason the scoped_session doesn't trigger the commit
users.db.session.commit()
except Exception as err:
click.secho(f"Could not create user '{username}': {err}", fg="red")
click.Abort()
def test_upgrade_authenticated(self, app, api, impersonate):
with app.test_request_context():
with impersonate(users.get_user("alice")):
res = api.post(url_for("api_root.upgrade"))
assert res.status_code == 201
assert res.data == b"Meltano update in progress."
def test_bootstrap_authenticated(self, app, api, impersonate):
with app.test_request_context():
with impersonate(users.get_user("alice")):
res = api.get(url_for("root.bootstrap"))
assert res.status_code == 302
assert res.location == url_for("root.default", _external=True)
def test_plugins_authenticated(self, app, api, impersonate):
with app.test_request_context():
with impersonate(users.get_user("alice")):
res = api.get(url_for("plugins.all"))
assert res.status_code == 200
assert "extractors" in res.json
def test_upgrade_authenticated(self, app, api, impersonate):
with app.test_request_context():
with impersonate(users.get_user("alice")):
res = api.post(url_for("api_root.upgrade"))
assert res.status_code == 499
assert b"read-only mode" in res.data
def test_delete_admin_role(self, user, status_code, api, app, impersonate):
with app.test_request_context():
with impersonate(users.get_user(user)):
res = api.delete(
url_for("settings.roles"), json={"role": {"name": "admin"}}
)
assert res.status_code == status_code, res.data
def test_identity_authenticated(self, app, api, impersonate):
with app.test_request_context():
with impersonate(users.get_user("alice")):
res = api.get(url_for("api_root.identity"))
assert res.status_code == 200
assert res.json["username"] == "alice"
assert res.json["anonymous"] == False
assert res.json["can_sign_in"] == False
def test_get_embed_authenticated(self, app, api, impersonate):
with app.test_request_context():
with mock.patch(
"meltano.api.controllers.embeds_helper.EmbedsHelper.get_embed_from_token",
return_value={"result": "true"},
):
with impersonate(users.get_user("alice")):
res = api.get(url_for("embeds.get_embed", token="mytoken"))
assert res.status_code == 200
def test_create_role(self, user, status_code, api, app, impersonate):
with app.test_request_context():
with impersonate(users.get_user(user)):
res = api.post(
url_for("settings.roles"), json={"role": {"name": "pytest"}}
)
assert res.status_code == status_code, res.data
if status_code == 201:
assert db.session.query(Role).filter_by(name="pytest").one()
def test_login_audit_columns(self, app):
with app.test_request_context():
alice = users.get_user("alice")
login_count = alice.login_count
login_user(alice)
# time is frozen, so it should work
assert alice.last_login_at == datetime.utcnow()
assert alice.login_count == login_count + 1
def test_bootstrap(self, app, api, impersonate):
with app.test_request_context():
with impersonate(users.get_user("alice")):
res = api.get(url_for("security.bootstrap_app"))
url = urllib.parse.urlparse(res.location)
query = urllib.parse.parse_qs(url.query)
assert res.status_code == 302
assert url.netloc == "localhost"
assert query["auth_token"]
def test_plugins_add_authenticated(self, app, api, impersonate):
with app.test_request_context():
with impersonate(users.get_user("alice")):
res = api.post(
url_for("plugins.add"),
json={
"plugin_type": "extractors",
"name": "tap-gitlab"
},
)
assert res.status_code == 200
assert res.json["name"] == "tap-gitlab"
def test_unassign_role(self, user, status_code, api, app, impersonate):
with app.test_request_context():
fake_role = users.find_or_create_role(name="pytest")
empty_user = users.create_user(username="******")
users.add_role_to_user(empty_user, fake_role)
# save the new user + role
db.session.commit()
# make sure the setup is valid
assert fake_role in empty_user.roles
with impersonate(users.get_user(user)):
res = api.delete(
url_for("settings.roles"),
json={"role": {"name": "pytest"}, "user": empty_user.username},
)
assert res.status_code == status_code, res.data
if res.status_code == 201:
# refresh the instance
empty_user = users.get_user(empty_user.username)
assert fake_role not in empty_user.roles
def test_create_embed_authenticated(self, app, api, impersonate):
with app.test_request_context():
with mock.patch(
"meltano.api.controllers.embeds",
return_value={"result": "embedsnippet"},
):
with impersonate(users.get_user("alice")):
res = api.post(
url_for("embeds.embed"),
json={
"resource_id": "test",
"resource_type": "report"
},
)
assert res.status_code == 200
def post(self):
payload = request.get_json()
role = payload["role"]
user = payload.get("user")
try:
role_name = role.pop("name")
role = users.find_or_create_role(role_name, **role)
if user:
user = users.get_user(user)
users.add_role_to_user(user, role_name)
except KeyError:
return "role.name must be set.", 400
db.session.commit()
return role, 201
def test_assign_role(self, user, status_code, api, app, impersonate):
with app.test_request_context():
empty_user = users.create_user(username="******")
# save the new user
db.session.commit()
with impersonate(users.get_user(user)):
res = api.post(
url_for("settings.roles"),
json={"role": {"name": "pytest"}, "user": empty_user.username},
)
assert res.status_code == status_code, res.data
if status_code == 201:
db.session.add(empty_user)
assert "pytest" in empty_user.roles
def test_delete_role(self, user, status_code, api, app, impersonate):
with app.test_request_context():
fake_role = users.find_or_create_role(name="pytest")
# save the new role
db.session.commit()
assert db.session.query(Role).filter_by(name="pytest").first()
with impersonate(users.get_user(user)):
res = api.delete(
url_for("settings.roles"), json={"role": {"name": "pytest"}}
)
assert res.status_code == status_code, res.data
if res.status_code == 201:
assert not db.session.query(Role).filter_by(name="pytest").first()
