def init_user_organization(self, options): # Make a new user so that we have the credentials to log the user in. # We use a randomly generated password so that even if the script is # run on a non-test system and the test database creation somehow # fails, we haven't left a User in the database with insecure # credentials. The password will be thrown away when this process # terminates. self.temporary_user_random_password = get_random_string(24) self.user = User.objects.create(username="******".format( get_random_string(6)), email="*****@*****.**") self.user.set_password(self.temporary_user_random_password) self.user.save() # Create a new Organization with the temporary user as the org's admin. self.org = Organization.create(subdomain="test-screenshots-" + get_random_string(6).lower(), name=options['org_name'], admin_user=self.user) # Add AppSources specified by the user. for spec in (options['app_source'] or []): import json from guidedmodules.models import AppSource try: src_spec = json.loads(spec) if not isinstance(src_spec, dict): raise ValueError() except ValueError as e: raise ValueError( "Invalid value for --app-source '{}': {}".format(spec, e)) app_source = AppSource.objects.create(slug=src_spec.get("slug") or get_random_string(8), spec=src_spec) print("Created AppSource", app_source, "=>", app_source.get_description())
def init_user_organization(self, options): # Make a new user so that we have the credentials to log the user in. # We use a randomly generated password so that even if the script is # run on a non-test system and the test database creation somehow # fails, we haven't left a User in the database with insecure # credentials. The password will be thrown away when this process # terminates. self.temporary_user_random_password = get_random_string(24) self.user = User.objects.create( username="******".format(get_random_string(6)), email="*****@*****.**") self.user.set_password(self.temporary_user_random_password) self.user.save() # Create a new Organization with the temporary user as the org's admin. self.org = Organization.create( subdomain="test-screenshots-"+get_random_string(6).lower(), name=options['org_name'], admin_user=self.user) # Add an AppSource if the user specified one. if options['app_source']: import json from guidedmodules.models import AppSource src_spec = json.loads(options['app_source']) self.app_source = AppSource.objects.create( slug=get_random_string(8), spec=src_spec )
def setUp(self): super().setUp() # Load modules from the fixtures directory so that we have the required # modules as well as a test project. from guidedmodules.models import AppSource from guidedmodules.management.commands.load_modules import Command as load_modules AppSource.objects.create(slug="fixture", spec={ "type": "local", "path": "fixtures/modules/other", }) load_modules().handle() # Create a default user that is a member of the organization. self.user_pw = get_random_string(4) self.user = User.objects.create(username="******") self.user.set_password(self.user_pw) self.user.save() # Create the Organization. org = Organization.create(name="Our Organization", subdomain="testorg", admin_user=self.user)
def setUp(self): super().setUp() # Load modules from the fixtures directory so that we have the required # modules as well as a test project. from guidedmodules.models import AppSource from guidedmodules.management.commands.load_modules import Command as load_modules load_modules().handle() # load system modules AppSource.objects.create( slug="fixture", spec={ "type": "local", "path": "fixtures/modules/other", } )\ .add_app_to_catalog("simple_project") # Create a default user that is a member of the organization. self.user_pw = get_random_string(4) self.user = User.objects.create(username="******") self.user.set_password(self.user_pw) self.user.save() # Create the Organization. org = Organization.create(name="Our Organization", slug="testorg", admin_user=self.user) # Create a Portfolio and Grant Access portfolio = Portfolio.objects.create(title=self.user.username) portfolio.assign_owner_permissions(self.user)
def setUp(self): super().setUp() # Set screen resolution capabilities = {"resolution": "1920x1080"} # Load modules from the fixtures directory so that we have the required # modules as well as a test project. from guidedmodules.models import AppSource from guidedmodules.management.commands.load_modules import Command as load_modules AppSource.objects.all().delete() AppSource.objects.get_or_create( # this one exists on first db load because it's created by # migrations, but because the testing framework seems to # get rid of it after the first test in this class slug="system", is_system_source=True, defaults={ "spec": { # required system projects "type": "local", "path": "fixtures/modules/system", } } ) load_modules().handle() # load system modules AppSource.objects.create( slug="project", spec={ "type": "local", "path": "fixtures/modules/other", } )\ .add_app_to_catalog("simple_project") # Create a default user that is a member of the organization. self.user_pw = get_random_string(4) self.user = User.objects.create(username="******") self.user.set_password(self.user_pw) # Grant user permission to view appsource self.user.user_permissions.add( Permission.objects.get(codename='view_appsource')) self.user.save() # Grant user permission to view appsource self.user.user_permissions.add( Permission.objects.get(codename='view_appsource')) # Create the Organization. org = Organization.create(name="Our Organization", slug="testorg", admin_user=self.user) # Create a Portfolio and Grant Access portfolio = Portfolio.objects.create(title=self.user.username) portfolio.assign_owner_permissions(self.user)
def create_fixture(self, options): # Create a user. user = User() user.username = "******" user.set_password("1234") user.save() # Create an organization. org = Organization.create(name="Test Organization", subdomain="test", allowed_modules=options["projects"], admin_user=user) # All Module and ModuleQuestion instances that are needed. # If the Module has questions that depend on other modules, # include those in the fixture too, recursively. modules = [] def add_module(m): if m in modules: return print(m, file=sys.stderr) modules.append(m) for mq in m.questions.all(): modules.append(mq) if mq.answer_type_module: add_module(mq.answer_type_module) required_projects = [ "system/account_settings_project", "system/organization/app" ] for prj_module_key in required_projects + options["projects"]: try: m = Module.objects.get(key=prj_module_key, visible=True, superseded_by=None) except Module.DoesNotExist: print("Invalid module ID", prj_module_key, file=sys.stderr) return add_module(m) # Ok, save. from django.core import serializers print( serializers.serialize( "json", [ user, org, org.get_organization_project(), org.get_organization_project().root_task, pm ] + modules, indent=2))
def setUp(self): super().setUp() # Load the Q modules from the fixtures directory. from guidedmodules.models import AppSource from guidedmodules.management.commands.load_modules import Command as load_modules AppSource.objects.all().delete() AppSource.objects.get_or_create( # this one exists on first db load because it's created by # migrations, but because the testing framework seems to # get rid of it after the first test in this class slug="system", is_system_source=True, defaults={ "spec": { # required system projects "type": "local", "path": "fixtures/modules/system", } } ) AppSource.objects.create( slug="project", spec={ # contains a test project "type": "local", "path": "fixtures/modules/other", }, trust_assets=True ) load_modules().handle() # Create a default user that is a member of the organization. # Log the user into the test client, which is used for API # tests. The Selenium tests require a separate log in via the # headless browser. from siteapp.models import User, ProjectMembership self.user = User.objects.create(username="******", email="*****@*****.**") self.user.clear_password = get_random_string(16) self.user.set_password(self.user.clear_password) self.user.save() self.user.reset_api_keys() self.client.login(username=self.user.username, password=self.user.clear_password) # Create the Organization. from siteapp.models import Organization self.org = Organization.create(name="Our Organization", subdomain="testorg", admin_user=self.user) # Grant the user permission to change the review state of answers. self.org.reviewers.add(self.user)
def handle(self, *args, **options): # Create the first user. if not User.objects.filter(is_superuser=True).exists(): print( "Let's create your first Q user. This user will have superuser privileges in the Q administrative interface." ) call_command('createsuperuser') # Create the first organization. if not Organization.objects.exists(): print("Let's create your Q organization.") name = Organization._meta.get_field("name") get_input = createsuperuser.Command().get_input_data name = get_input(name, "Organization Name: ", "Test Organization") org = Organization.create( name=name, subdomain="main", admin_user=User.objects.filter(is_superuser=True).first())
def get_compliance_apps_catalog_for_user(user): # Each organization that the user is in sees a different set of compliance # apps. Since a user may be a member of multiple organizations, merge the # catalogs across all of the organizations they are a member of, but # remember which organizations generated which apps. from siteapp.models import Organization catalog = {} for org in Organization.get_all_readable_by(user): apps = get_compliance_apps_catalog(org, user.id) for app in apps: # Add to merged catalog. catalog.setdefault(app['key'], app) # Merge organization list. catalog[app["key"]]["organizations"].add(org) # Turn the organization sets into a list because the templates use |first. catalog = catalog.values() for app in catalog: # print("\n\n app",app) app["organizations"] = sorted(app["organizations"], key=lambda org: org.name) return catalog
is_superuser=True, is_staff=True) password = User.objects.make_random_password(length=24) user.set_password(password) user.save() print("Username:"******"Password:"******"API Key:", user.get_api_keys()['rw']) # Set up a new Organization and make the user an admin of it. ############################################################# print("Creating default organization...") org = Organization.objects.filter(subdomain="main").first() if not org: org = Organization.create(name='Dept of Sobriety', subdomain="main", admin_user=user) # Fill in this user's account profile in this organization. ########################################################### user_profile = user.get_settings_task(org) user_profile_name, _ = TaskAnswer.objects.get_or_create( task=user_profile, question=user_profile.module.questions.get(key="name")) user_profile_name.save_answer("Security Engineer", [], None, user, "web") # Add an AppSource that holds the demonstration compliance apps. ################################################################ print("Adding TACR Demo Apps...") appsrc, is_new = AppSource.objects.get_or_create(namespace="demo") appsrc.spec = { 'type': "git",
def setUp(self): super().setUp() # Load the Q modules from the fixtures directory. from guidedmodules.models import AppSource from guidedmodules.management.commands.load_modules import Command as load_modules AppSource.objects.all().delete() AppSource.objects.get_or_create( # this one exists on first db load because it's created by # migrations, but because the testing framework seems to # get rid of it after the first test in this class slug="system", is_system_source=True, defaults={ "spec": { # required system projects "type": "local", "path": "fixtures/modules/system", } } ) load_modules().handle() # load system modules AppSource.objects.create( slug="project", spec={ # contains a test project "type": "local", "path": "fixtures/modules/other", }, trust_assets=True )\ .add_app_to_catalog("simple_project") # Create a default user that is a member of the organization. # Log the user into the test client, which is used for API # tests. The Selenium tests require a separate log in via the # headless browser. self.user = User.objects.create( username="******", email="*****@*****.**", is_staff=True ) self.user.clear_password = get_random_string(16) self.user.set_password(self.user.clear_password) self.user.save() self.user.reset_api_keys() self.client.login(username=self.user.username, password=self.user.clear_password) # Create a Portfolio and Grant Access portfolio = Portfolio.objects.create(title=self.user.username) portfolio.assign_owner_permissions(self.user) # Create the Organization. self.org = Organization.create(name="Our Organization", slug="testorg", admin_user=self.user) # Grant the user permission to change the review state of answers. self.org.reviewers.add(self.user) # create a second user self.user2 = User.objects.create( username="******", email="*****@*****.**") self.user2.clear_password = get_random_string(16) self.user2.set_password(self.user2.clear_password) self.user2.save() self.user2.reset_api_keys() self.client.login(username=self.user2.username, password=self.user2.clear_password) portfolio = Portfolio.objects.create(title=self.user2.username) portfolio.assign_owner_permissions(self.user2) # create a third user self.user3 = User.objects.create( username="******", email="*****@*****.**") self.user3.clear_password = get_random_string(16) self.user3.set_password(self.user3.clear_password) self.user3.save() self.user3.reset_api_keys() self.client.login(username=self.user3.username, password=self.user3.clear_password) portfolio = Portfolio.objects.create(title=self.user3.username) portfolio.assign_owner_permissions(self.user3) # Grant second user membership in the organization # from https://github.com/GovReady/govready-q/blob/master/siteapp/admin.py#L41 mb, isnew = ProjectMembership.objects.get_or_create( user=self.user2, project=self.org.get_organization_project(), )
def test_organizational_parameters_via_project(self): # for this test, we need a Project, System, and Organization # REMIND: it would be nice to refactor all this setup code so # it could be easily reused ... from guidedmodules.models import AppSource from guidedmodules.management.commands.load_modules import Command as load_modules AppSource.objects.all().delete() AppSource.objects.get_or_create( slug="system", is_system_source=True, defaults={ "spec": { # required system projects "type": "local", "path": "fixtures/modules/system", } } ) load_modules().handle() # load system modules AppSource.objects.create( slug="project", spec={ # contains a test project "type": "local", "path": "fixtures/modules/other", }, trust_assets=True )\ .add_app_to_catalog("simple_project") user = User.objects.create( username="******", email="*****@*****.**", is_staff=True ) org = Organization.create(name="Our Organization", slug="testorg", admin_user=user) root_element = Element(name="My Root Element", description="Description of my root element") root_element.save() system = System() system.root_element = root_element system.save() project = org.get_organization_project() project.system = system project.save() parameter_values = project.get_parameter_values(Catalogs.NIST_SP_800_53_rev4) self.assertEquals(parameter_values["ac-1_prm_2"], "at least every 3 years") # now, add an organizational setting and try again OrganizationalSetting.objects.create(organization=org, catalog_key=Catalogs.NIST_SP_800_53_rev4, parameter_key="ac-1_prm_2", value="at least every 100 years") # we should now see the organizational setting override parameter_values = project.get_parameter_values(Catalogs.NIST_SP_800_53_rev4) self.assertEquals(parameter_values["ac-1_prm_2"], "at least every 100 years")
def handle(self, *args, **options): # Sanity check that the database is available and ready --- make sure the system # modules exist (since we need them before creating an Organization). # Also useful in container deployments to make sure container fully deployed. try: if not Module.objects.filter(app__source__is_system_source=True, app__appname="organization", app__system_app=True, module_name="app").exists(): raise OperationalError() # to trigger below except OperationalError: print("The database is not initialized yet.") sys.exit(1) # Create AppSources that we want. if os.path.exists("/mnt/q-files-host"): # For our docker image. AppSource.objects.get_or_create(slug="host", defaults={ "spec": { "type": "local", "path": "/mnt/q-files-host" } }) # Second, for 0.9.x startpack # We can use forward slashes because we are storing the path in the database # and the path will be applied correctly to the operating OS. qfiles_path = 'q-files/vendors/govready/govready-q-files-startpack/q-files' if os.path.exists(qfiles_path): # For 0.9.x+. AppSource.objects.get_or_create( slug="govready-q-files-startpack", defaults={"spec": { "type": "local", "path": qfiles_path }}) # Load the AppSource's assessments (apps) we want # We will do some hard-coding here temporarily created_appsource = AppSource.objects.get( slug="govready-q-files-startpack") for appname in [ "System-Description-Demo", "PTA-Demo", "rules-of-behavior" ]: print("Adding appname '{}' from AppSource '{}' to catalog.". format(appname, created_appsource)) try: appver = created_appsource.add_app_to_catalog(appname) except Exception as e: raise # Finally, for authoring, create an AppSource to the stub file qfiles_path = 'guidedmodules/stubs/q-files' if os.path.exists(qfiles_path): # For 0.9.x+. AppSource.objects.get_or_create( slug="govready-q-files-stubs", defaults={"spec": { "type": "local", "path": qfiles_path }}) print("Adding AppSource for authoring.") # Create GovReady admin users, if specified in local/environment.json if len(settings.GOVREADY_ADMINS): for admin_user in settings.GOVREADY_ADMINS: username = admin_user["username"] if not User.objects.filter(username=username).exists(): user = User.objects.create(username=username, is_superuser=True, is_staff=True) user.set_password(admin_user["password"]) user.email = admin_user["email"] user.save() print( "Created administrator account: username '{}' with email '{}'." .format(user.username, user.email)) else: print( "\n[WARNING] Skipping create admin account '{}' - username already exists.\n" .format(username)) # Create the first user. if not User.objects.filter(is_superuser=True).exists(): if not options['non_interactive']: print( "Let's create your first Q user. This user will have superuser privileges in the Q administrative interface." ) call_command('createsuperuser') else: # Create an "admin" account with a random pwd and # print it on stdout. user = User.objects.create(username="******", is_superuser=True, is_staff=True) password = User.objects.make_random_password(length=24) user.set_password(password) user.save() print( "Created administrator account (username: {}) with password: {}" .format(user.username, password)) # Get the admin user - it was just created and should be the only admin user. user = User.objects.filter(is_superuser=True).get() # Create the first portfolio portfolio = Portfolio.objects.create(title=user.username) portfolio.assign_owner_permissions(user) print("Created administrator portfolio {}".format(portfolio.title)) else: # One or more superusers already exist print( "\n[WARNING] Superuser(s) already exist, not creating default admin superuser. Did you specify 'govready_admins' in 'local/environment.json'? Are you connecting to a persistent database?\n" ) # Create the first organization. if not Organization.objects.filter(slug="main").exists(): if not options['non_interactive']: print("Let's create your organization.") name = Organization._meta.get_field("name") get_input = createsuperuser.Command().get_input_data name = get_input(name, "Organization name: ", "My Organization") else: name = "The Secure Organization" org = Organization.create(name=name, slug="main", admin_user=user) else: org = Organization.objects.get(slug="main") # Add the user to the org's help squad and reviewers lists. try: user except NameError: print("[WARNING] Admin already added to Help Squad and Reviewers") else: if user not in org.help_squad.all(): org.help_squad.add(user) if user not in org.reviewers.all(): org.reviewers.add(user) # Provide feedback to user print("You can now login into GovReady-Q...")
def handle(self, *args, **options): # Sanity check that the database is ready --- make sure the system # modules exist (since we need them before creating an Organization). try: if not Module.objects.filter(app__source__is_system_source=True, app__appname="organization", app__system_app=True, module_name="app").exists(): raise OperationalError() # to trigger below except OperationalError: print("The database is not initialized yet.") sys.exit(1) # Create AppSources that we want. if os.path.exists("/mnt/apps"): # For our docker image. AppSource.objects.get_or_create( slug="host", defaults={"spec": { "type": "local", "path": "/mnt/apps" }}) AppSource.objects.get_or_create( slug="samples", defaults={ "spec": { "type": "git", "url": "https://github.com/GovReady/govready-sample-apps" } }) # Create the first user. if not User.objects.filter(is_superuser=True).exists(): if not options['non_interactive']: print( "Let's create your first Q user. This user will have superuser privileges in the Q administrative interface." ) call_command('createsuperuser') else: # Create an "admin" account with a random password and # print it on stdout. user = User.objects.create(username="******", is_superuser=True, is_staff=True) password = User.objects.make_random_password(length=24) user.set_password(password) user.save() print( "Created administrator account (username: {}) with password: {}" .format(user.username, password)) # Get the admin user - it was just created and should be the only admin user. user = User.objects.filter(is_superuser=True).get() # Create the first organization. if not Organization.objects.filter(subdomain="main").exists(): if not options['non_interactive']: print("Let's create your Q organization.") name = Organization._meta.get_field("name") get_input = createsuperuser.Command().get_input_data name = get_input(name, "Organization Name: ", "Test Organization") else: name = "The Secure Company" org = Organization.create(name=name, subdomain="main", admin_user=user) else: org = Organization.objects.get(subdomain="main") # Add the user to the org's help squad and reviewers lists. if user not in org.help_squad.all(): org.help_squad.add(user) if user not in org.reviewers.all(): org.reviewers.add(user)