def Run(self): with test_lib.FakeTime(42): self.CreateAdminUser(u"requestor") client_id = self.SetupClient(0) # Delete the certificate as it's being regenerated every time the # client is created. with aff4.FACTORY.Open(client_id, mode="rw", token=self.token) as grr_client: grr_client.DeleteAttribute(grr_client.Schema.CERT) with test_lib.FakeTime(44): approval_id = self.RequestClientApproval( client_id.Basename(), reason="foo", approver=self.token.username, requestor=u"requestor") with test_lib.FakeTime(126): self.Check("GrantClientApproval", args=user_plugin.ApiGrantClientApprovalArgs( client_id=client_id.Basename(), approval_id=approval_id, username=u"requestor"), replace={approval_id: "approval:111111"})
def testSendsEmailWithApprovalGrantInformation(self): approval_id = self.RequestClientApproval(self.client_id, reason="requestreason", requestor="requestuser") with mock.patch.object(email_alerts.EMAIL_ALERTER, "SendEmail") as send_fn: self.handler.Handle( user_plugin.ApiGrantClientApprovalArgs( client_id=self.client_id, approval_id=approval_id, username="******"), self.context) send_fn.assert_called_once() message = send_fn.call_args[1]["message"] self.assertIn( (f"href=\"http://localhost:8000/v2/clients/{self.client_id}\""), message) # Check for correct link to legacy UI. # TODO: Remove once new UI is stable. self.assertIn( f"href=\"http://localhost:8000/#/clients/{self.client_id}\"", message) self.assertIn(self.context.username, message) self.assertIn("requestreason", message) self.assertIn(self.client_id, message)
def Run(self): with test_lib.FakeTime(42): self.CreateAdminUser(u"requestor") client_id = self.SetupClient(0) with test_lib.FakeTime(44): approval_id = self.RequestClientApproval( client_id, reason="foo", approver=self.token.username, requestor=u"requestor") with test_lib.FakeTime(126): self.Check("GrantClientApproval", args=user_plugin.ApiGrantClientApprovalArgs( client_id=client_id, approval_id=approval_id, username=u"requestor"), replace={approval_id: "approval:111111"})
def GrantClientApproval(self, client_id, requestor=None, approval_id=None, approver=u"approver", admin=True): """Grant an approval from approver to delegate. Args: client_id: ClientURN requestor: username string of the user receiving approval. approval_id: id of the approval to grant. approver: username string of the user granting approval. admin: If True, make approver an admin user. Raises: ValueError: if approval_id is empty. """ if not approval_id: raise ValueError("approval_id can't be empty.") if hasattr(client_id, "Basename"): client_id = client_id.Basename() if not requestor: requestor = self.token.username self.CreateUser(requestor) if admin: self.CreateAdminUser(approver) else: self.CreateUser(approver) if not requestor: requestor = self.token.username args = api_user.ApiGrantClientApprovalArgs(client_id=client_id, username=requestor, approval_id=approval_id) handler = api_user.ApiGrantClientApprovalHandler() handler.Handle(args, token=access_control.ACLToken(username=approver))
def GrantClientApproval(self, client_id, requestor=None, approval_id=None, approver=u"approver", admin=True): """Grant an approval from approver to delegate. Args: client_id: Client id. requestor: username string of the user receiving approval. approval_id: id of the approval to grant. approver: username string of the user granting approval. admin: If True, make approver an admin user. Raises: ValueError: if approval_id is empty. """ if not approval_id: raise ValueError("approval_id can't be empty.") if not requestor: requestor = self.test_username self.CreateUser(requestor) if admin: self.CreateAdminUser(approver) else: self.CreateUser(approver) if not requestor: requestor = self.test_username args = api_user.ApiGrantClientApprovalArgs(client_id=client_id, username=requestor, approval_id=approval_id) handler = api_user.ApiGrantClientApprovalHandler() handler.Handle( args, context=api_call_context.ApiCallContext(username=approver))