def test_clear_user_cache_by_time(self): # Make some users old_account = UserInfo("old_account", "Luke Murphey", ["admin", "power"], 1000) old_account2 = UserInfo("old_account2", "Luke Murphey", ["admin", "power"], 2000) no_date = UserInfo("no_date", "Luke Murphey", ["admin", "power"]) new_account = UserInfo("new_account", "Luke Murphey", ["admin", "power"]) new_account.updateLastLogin() old_account.save(self.tmp_dir ) old_account2.save(self.tmp_dir ) no_date.save(self.tmp_dir ) new_account.save(self.tmp_dir ) # Confirm the number of entries after creation self.assertEqual(len(UserInfo.getAllUsers(self.tmp_dir)), 4) # Clear the cache removed_entries = UserInfo.clearCache(30, self.tmp_dir) self.assertEqual(len(removed_entries), 2) # Confirm the number of entries after deletion users = UserInfo.getAllUsers(self.tmp_dir) self.assertEqual(len(users), 2) # Clear all entries from the cache removed_entries = UserInfo.clearCache(0, self.tmp_dir) self.assertEqual(len(removed_entries), 2) # Confirm the number of entries after deletion users = UserInfo.getAllUsers(self.tmp_dir) self.assertEqual(len(users), 0)
def test_auth_auth_info_roles_override_caps_insensitive(self): roles = ["admin", "power", "can_delete"] roles_map_file_path = self.write_auth_csv(self.username.upper(), roles) try: ra = RadiusAuth(self.server, self.secret, self.identifier, vendor_code=self.vendor_code, roles_attribute_id=self.roles_attribute_id) result = ra.authenticate(self.username, self.password, update_user_info=True, directory=self.tmp_dir, roles_map_file_path=roles_map_file_path) self.assertTrue(result) users = UserInfo.getAllUsers(self.tmp_dir) self.assertEqual(len(users), 1) # Get the user user = users[0] self.assertTrue(user.username, self.username) # Make sure the roles exist: if 'can_delete' not in user.roles: self.fail("can_delete not in the roles (%s)" % (user.roles)) if 'admin' not in user.roles: self.fail("admin not in the roles (%s)" % (user.roles)) if 'power' not in user.roles: self.fail("power not in the roles (%s)" % (user.roles)) self.assertEqual(len(user.roles), 3) finally: os.remove(roles_map_file_path)
def test_auth_nologin(self): # Write out a roles map with 'nologin' for the user roles = ["admin", "power", "nologin"] roles_map_file_path = self.write_auth_csv(self.username, roles) try: # Try authentication ra = RadiusAuth(self.server, self.secret, self.identifier, self.roles_key, vendor_code=self.vendor_code, roles_attribute_id=self.roles_attribute_id) result = ra.authenticate(self.username, self.password, update_user_info=True, directory=self.tmp_dir, roles_map_file_path=roles_map_file_path) self.assertFalse(result) users = UserInfo.getAllUsers(self.tmp_dir) self.assertEqual(len(users), 1) # Get the user user = users[0] self.assertEqual(user.username, bytesToString(self.username)) # Make sure the nologin role exists: if 'nologin' not in user.roles: self.fail("nologin not in the roles (%s)" % (user.roles)) finally: os.remove(roles_map_file_path)
def test_auth_auth_info_junk_in_dir(self): with open(os.path.join(self.tmp_dir, "some_junk.csv"), "w") as junk_file: # Write out some junk in the directory and see if it handled well (we will write a CSV since it isn't valid JSON) junk_file.write("This is just some stuff that isn't valid JSON") # Now, proceed with the authentication attempt and make sure the correct result occurs ra = RadiusAuth(self.server, self.secret, self.identifier, vendor_code=self.vendor_code, roles_attribute_id=self.roles_attribute_id) result = ra.authenticate(self.username, self.password, update_user_info=True, directory=self.tmp_dir) self.assertTrue(result) users = UserInfo.getAllUsers(self.tmp_dir) self.assertEqual(len(users), 1) # Get the user user = users[0] self.assertEqual(stringToBytes(user.username), self.username) # Make sure the roles exist: if 'can_delete' not in user.roles: self.fail("can_delete not in the roles (%s)" % (user.roles)) if 'admin' not in user.roles: self.fail("admin not in the roles (%s)" % (user.roles))
def test_load_users(self): user_lmurphey = UserInfo("lmurphey", "Luke Murphey", ["admin", "power"]) self.assertTrue(user_lmurphey.save(self.tmp_dir ), "File was not saved properly" ) user_jdoe = UserInfo("jdoe", "Jane Doe", ["admin", "power"]) self.assertTrue(user_jdoe.save(self.tmp_dir ), "File was not saved properly" ) users = UserInfo.getAllUsers(self.tmp_dir ) self.assertEqual(len(users), 2) for user in users: if user.username == "lmurphey": self.assertEqual(user_lmurphey.load_signature, user.load_signature) elif user.username == "jdoe": self.assertEqual(user_jdoe.load_signature, user.load_signature)
def test_auth_auth_info_custom_roles_key(self): ra = RadiusAuth(self.server, self.secret, self.identifier, roles_key="(28, 15)") result = ra.authenticate(self.username, self.password, update_user_info=True, directory=self.tmp_dir) self.assertTrue(result) users = UserInfo.getAllUsers(self.tmp_dir) self.assertEqual(len(users), 1) # Get the user user = users[0] self.assertTrue(user.username, self.username) # Make sure the roles list is empty (since we entered a roles key that doesn't match the one used by the server and is therefore invalid) self.assertEqual(user.roles, [])
def test_auth_auth_info_default_roles(self): expected_roles=["manager", "analyst"] # Authenticate using an invalid roles key so that we use the default roles, not the one provided by the server ra = RadiusAuth(self.server, self.secret, self.identifier, roles_key="(28, 15)", default_roles=expected_roles) result = ra.authenticate(self.username, self.password, update_user_info=True, directory=self.tmp_dir) self.assertTrue(result) users = UserInfo.getAllUsers(self.tmp_dir) self.assertEqual(len(users), 1) # Get the user user = users[0] self.assertTrue(user.username, self.username) self.assertEqual(sorted(user.roles), sorted(expected_roles))
def test_auth_auth_info(self): ra = RadiusAuth(self.server, self.secret, self.identifier, vendor_code = self.vendor_code, roles_attribute_id=self.roles_attribute_id) result = ra.authenticate(self.username, self.password, update_user_info=True, directory=self.tmp_dir) self.assertTrue(result) users = UserInfo.getAllUsers(self.tmp_dir) self.assertEqual(len(users), 1) # Get the user user = users[0] self.assertTrue(user.username, self.username) # Make sure the roles exist: if 'can_delete' not in user.roles: self.fail("can_delete not in the roles (%s)" % (user.roles)) if 'admin' not in user.roles: self.fail("admin not in the roles (%s)" % (user.roles))
def test_auth_auth_info_roles_override(self): """ This ensures that the CSV file containing the overrides for the roles is correctly loaded and used. This tests the underlying functions getRolesFromLookup() and loadRolesMap() """ roles = ["admin", "power", "can_delete"] roles_map_file_path = self.write_auth_csv(self.username, roles) try: ra = RadiusAuth(self.server, self.secret, self.identifier, vendor_code=self.vendor_code, roles_attribute_id=self.roles_attribute_id) result = ra.authenticate(self.username, self.password, update_user_info=True, directory=self.tmp_dir, roles_map_file_path=roles_map_file_path) self.assertTrue(result) users = UserInfo.getAllUsers(self.tmp_dir) self.assertEqual(len(users), 1) # Get the user user = users[0] self.assertTrue(user.username, self.username) # Make sure the roles exist: if 'can_delete' not in user.roles: self.fail("can_delete not in the roles (%s)" % (user.roles)) if 'admin' not in user.roles: self.fail("admin not in the roles (%s)" % (user.roles)) if 'power' not in user.roles: self.fail("power not in the roles (%s)" % (user.roles)) self.assertEqual(len(user.roles), 3) finally: os.remove(roles_map_file_path)
def test_auth_auth_info_no_directory(self): users = UserInfo.getAllUsers(os.path.join(self.tmp_dir, "DoesNotExist"), make_if_non_existent = False) if len(users) != 0: self.fail("The users list for a directory that does not exist was not an empty array as expected")