def test_createadmin_prompts_for_username_if_not_given(self):
stderr = StringIO()
stdout = StringIO()
username = factory.make_name("user")
password = factory.make_string()
email = factory.make_email_address()
ssh_import = "%s:%s" % (
random.choice([KEYS_PROTOCOL_TYPE.LP, KEYS_PROTOCOL_TYPE.GH]),
factory.make_name("user-id"),
)
self.patch(createadmin, "prompt_for_username").return_value = username
self.patch(keysource_module.KeySource, "import_keys")
call_command(
"createadmin",
password=password,
email=email,
ssh_import=ssh_import,
stdout=stdout,
stderr=stderr,
)
user = User.objects.get(username=username)
self.assertThat(stderr, IsEmpty)
self.assertThat(stdout, IsEmpty)
self.assertTrue(user.check_password(password))
def test_POST_creates_admin(self):
self.become_admin()
username = factory.make_name("user")
email = factory.make_email_address()
password = factory.make_string()
response = self.client.post(
reverse("users_handler"),
{
"username": username,
"email": email,
"password": password,
"is_superuser": "******",
},
)
self.assertEqual(http.client.OK, response.status_code,
response.content)
self.assertEqual(
username,
json.loads(response.content.decode(
settings.DEFAULT_CHARSET))["username"],
)
created_user = User.objects.get(username=username)
self.assertEqual((email, True),
(created_user.email, created_user.is_superuser))
def test_createadmin_not_prompts_for_password_if_ext_auth(self):
Config.objects.set_config("external_auth_url", "http://example.com/")
stderr = StringIO()
stdout = StringIO()
username = factory.make_name("user")
ssh_import = "%s:%s" % (
random.choice([KEYS_PROTOCOL_TYPE.LP, KEYS_PROTOCOL_TYPE.GH]),
factory.make_name("user-id"),
)
email = factory.make_email_address()
prompt_for_password = self.patch(createadmin, "prompt_for_password")
prompt_for_password.return_value = factory.make_string()
self.patch(keysource_module.KeySource, "import_keys")
call_command(
"createadmin",
username=username,
email=email,
ssh_import=ssh_import,
stdout=stdout,
stderr=stderr,
)
user = User.objects.get(username=username)
self.assertIsNotNone(user)
self.assertFalse(prompt_for_password.called)
self.assertEqual("", stderr.getvalue().strip())
def test_POST_creates_admin_with_ssh_key(self):
self.become_admin()
username = factory.make_name("user")
email = factory.make_email_address()
password = factory.make_string()
key_string = get_data("data/test_rsa0.pub")
response = self.client.post(
reverse("users_handler"),
{
"username": username,
"email": email,
"password": password,
"is_superuser": "******",
"key": key_string,
},
)
self.assertEqual(http.client.OK, response.status_code,
response.content)
self.assertEqual(
username,
json.loads(response.content.decode(
settings.DEFAULT_CHARSET))["username"],
)
created_user = User.objects.get(username=username)
self.assertEqual((email, True),
(created_user.email, created_user.is_superuser))
added_key = get_one(SSHKey.objects.filter(user=created_user))
self.assertEqual(key_string, added_key.key)
def test_POST_requires_admin(self):
response = self.client.post(
reverse('users_handler'), {
'username': factory.make_name('user'),
'email': factory.make_email_address(),
'password': factory.make_string(),
'is_superuser': '******' if factory.pick_bool() else '0',
})
self.assertEqual(http.client.FORBIDDEN, response.status_code,
response.content)
def test_POST_requires_admin(self):
response = self.client.post(
reverse("users_handler"),
{
"username": factory.make_name("user"),
"email": factory.make_email_address(),
"password": factory.make_string(),
"is_superuser": "******" if factory.pick_bool() else "0",
},
)
self.assertEqual(http.client.FORBIDDEN, response.status_code,
response.content)
def test_POST_password_required_without_external_auth(self):
self.become_admin()
username = factory.make_name('user')
response = self.client.post(
reverse('users_handler'), {
'username': username,
'email': factory.make_email_address(),
'is_superuser': '******'
})
self.assertEqual(http.client.BAD_REQUEST, response.status_code,
response.content)
self.assertEqual(response.content.decode('utf8'),
'No provided password!')
def test_POST_creates_audit_event_for_admin(self):
self.become_admin()
username = factory.make_name('user')
self.client.post(
reverse('users_handler'), {
'username': username,
'email': factory.make_email_address(),
'password': factory.make_string(),
'is_superuser': '******',
})
event = Event.objects.get(type__level=AUDIT)
self.assertIsNotNone(event)
self.assertEquals(event.description, "Created admin '%s'." % username)
def test_createadmin_not_prompt_for_ssh_import_if_other_params_given(self):
stderr = StringIO()
stdout = StringIO()
username = factory.make_name('user')
password = factory.make_string()
email = factory.make_email_address()
call_command(
'createadmin', username=username, password=password, email=email,
stdout=stdout, stderr=stderr)
self.assertThat(stderr, IsEmpty)
self.assertThat(stdout, IsEmpty)
def test_create_as_unprivileged(self):
unpriv_user = factory.make_User()
handler = UserHandler(unpriv_user, {}, None)
params = {
"username": factory.make_string(),
"last_name": factory.make_string(30),
"email": factory.make_email_address(),
"is_superuser": factory.pick_bool(),
}
password = factory.make_string()
params.update(make_password_params(password))
with self.assertRaises(HandlerPermissionError):
handler.create(params)
def test_POST_password_required_without_external_auth(self):
self.become_admin()
username = factory.make_name("user")
response = self.client.post(
reverse("users_handler"),
{
"username": username,
"email": factory.make_email_address(),
"is_superuser": "******",
},
)
self.assertEqual(http.client.BAD_REQUEST, response.status_code,
response.content)
self.assertEqual(response.content.decode("utf8"),
"No provided password!")
def test_add_user_with_external_auth_not_local(self):
Config.objects.set_config('external_auth_url',
'http://auth.example.com')
self.client_log_in(as_admin=True)
params = {
'username': factory.make_string(),
'last_name': factory.make_string(30),
'email': factory.make_email_address(),
'is_superuser': factory.pick_bool(),
}
password = factory.make_string()
params.update(make_password_params(password))
self.client.post(reverse('accounts-add'), params)
user = User.objects.get(username=params['username'])
self.assertFalse(user.userprofile.is_local)
def test_POST_creates_audit_event_for_admin(self):
self.become_admin()
username = factory.make_name("user")
self.client.post(
reverse("users_handler"),
{
"username": username,
"email": factory.make_email_address(),
"password": factory.make_string(),
"is_superuser": "******",
},
)
event = Event.objects.get(type__level=AUDIT)
self.assertIsNotNone(event)
self.assertEquals(event.description, "Created admin '%s'." % username)
def test_add_user_POST(self):
self.client_log_in(as_admin=True)
params = {
'username': factory.make_string(),
'last_name': factory.make_string(30),
'email': factory.make_email_address(),
'is_superuser': factory.pick_bool(),
}
password = factory.make_string()
params.update(make_password_params(password))
response = self.client.post(reverse('accounts-add'), params)
self.assertEqual(http.client.FOUND, response.status_code)
user = User.objects.get(username=params['username'])
self.assertAttributes(user, subset_dict(params, user_attributes))
self.assertTrue(user.check_password(password))
def test_add_user_POST_creates_audit_event(self):
self.client.login(user=factory.make_admin())
username = factory.make_string()
params = {
"username": username,
"last_name": factory.make_string(30),
"email": factory.make_email_address(),
"is_superuser": False,
}
password = factory.make_string()
params.update(make_password_params(password))
self.client.post(reverse("accounts-add"), params)
event = Event.objects.get(type__level=AUDIT)
self.assertIsNotNone(event)
self.assertEquals(event.description, "Created user '%s'." % username)
def test_POST_password_optional_with_external_auth(self):
Config.objects.set_config('external_auth_url',
'http://auth.example.com')
self.become_admin()
username = factory.make_name('user')
response = self.client.post(
reverse('users_handler'), {
'username': username,
'email': factory.make_email_address(),
'is_superuser': '******',
})
self.assertEqual(http.client.OK, response.status_code,
response.content)
created_user = User.objects.get(username=username)
self.assertFalse(created_user.has_usable_password())
def test_POST_creates_user_external_auth_not_local(self):
Config.objects.set_config('external_auth_url',
'http://auth.example.com')
self.become_admin()
username = factory.make_name('user')
email = factory.make_email_address()
password = factory.make_string()
self.client.post(
reverse('users_handler'), {
'username': username,
'email': email,
'password': password,
'is_superuser': '******',
})
created_user = User.objects.get(username=username)
self.assertFalse(created_user.userprofile.is_local)
def test_add_admin_POST_creates_audit_event(self):
self.client.login(user=factory.make_admin())
username = factory.make_string()
params = {
'username': username,
'last_name': factory.make_string(30),
'email': factory.make_email_address(),
'is_superuser': True,
}
password = factory.make_string()
params.update(make_password_params(password))
self.client.post(reverse('accounts-add'), params)
event = Event.objects.get(type__level=AUDIT)
self.assertIsNotNone(event)
self.assertEquals(event.description, "Created admin '%s'." % username)
def test_add_user_with_external_auth_not_local(self):
admin = factory.make_admin()
# login before external auth is enabled to avoid requiring macaroons
self.client.login(user=admin)
Config.objects.set_config("external_auth_url",
"http://auth.example.com")
params = {
"username": factory.make_string(),
"last_name": factory.make_string(30),
"email": factory.make_email_address(),
"is_superuser": factory.pick_bool(),
}
password = factory.make_string()
params.update(make_password_params(password))
self.client.post(reverse("accounts-add"), params)
user = User.objects.get(username=params["username"])
self.assertFalse(user.userprofile.is_local)
def test_add_user_POST(self):
self.client.login(user=factory.make_admin())
params = {
"username": factory.make_string(),
"last_name": factory.make_string(30),
"email": factory.make_email_address(),
"is_superuser": factory.pick_bool(),
}
password = factory.make_string()
params.update(make_password_params(password))
response = self.client.post(reverse("accounts-add"), params)
self.assertEqual(http.client.FOUND, response.status_code)
user = User.objects.get(username=params["username"])
self.assertAttributes(user, subset_dict(params, user_attributes))
self.assertTrue(user.check_password(password))
self.assertTrue(user.userprofile.is_local)
def test_create_as_admin_event_log(self):
admin_user = factory.make_admin()
handler = UserHandler(admin_user, {}, None)
params = {
"username": factory.make_string(),
"last_name": factory.make_string(30),
"email": factory.make_email_address(),
"is_superuser": False,
}
password = factory.make_string()
params.update(make_password_params(password))
handler.create(params)
event = Event.objects.get(type__level=AUDIT)
self.assertIsNotNone(event)
self.assertEqual(event.description,
"Created user '{username}'.".format(**params))
def test_POST_password_optional_with_external_auth(self):
Config.objects.set_config("external_auth_url",
"http://auth.example.com")
self.become_admin()
username = factory.make_name("user")
response = self.client.post(
reverse("users_handler"),
{
"username": username,
"email": factory.make_email_address(),
"is_superuser": "******",
},
)
self.assertEqual(http.client.OK, response.status_code,
response.content)
created_user = User.objects.get(username=username)
self.assertFalse(created_user.has_usable_password())
def test_POST_creates_user_external_auth_not_local(self):
Config.objects.set_config("external_auth_url",
"http://auth.example.com")
self.become_admin()
username = factory.make_name("user")
email = factory.make_email_address()
password = factory.make_string()
self.client.post(
reverse("users_handler"),
{
"username": username,
"email": email,
"password": password,
"is_superuser": "******",
},
)
created_user = User.objects.get(username=username)
self.assertFalse(created_user.userprofile.is_local)
def test_create_as_admin(self):
admin_user = factory.make_admin()
handler = UserHandler(admin_user, {}, None)
params = {
"username": factory.make_string(),
"last_name": factory.make_string(30),
"email": factory.make_email_address(),
"is_superuser": factory.pick_bool(),
}
password = factory.make_string()
params.update(make_password_params(password))
handler.create(params)
user = User.objects.get(username=params["username"])
self.assertAttributes(user, subset_dict(params, user_attributes))
self.assertTrue(user.check_password(password))
self.assertTrue(user.userprofile.is_local)
def test_POST_creates_admin(self):
self.become_admin()
username = factory.make_name('user')
email = factory.make_email_address()
password = factory.make_string()
response = self.client.post(
reverse('users_handler'), {
'username': username,
'email': email,
'password': password,
'is_superuser': '******',
})
self.assertEqual(http.client.OK, response.status_code,
response.content)
self.assertEqual(
username,
json.loads(response.content.decode(
settings.DEFAULT_CHARSET))['username'])
created_user = User.objects.get(username=username)
self.assertEqual((email, True),
(created_user.email, created_user.is_superuser))
def test_prompt_for_email_returns_selected_email(self):
email = factory.make_email_address()
self.patch(createadmin, "read_input").return_value = email
self.assertEqual(email, createadmin.prompt_for_email())
