def test_rename_user_with_existing_username(self):
"""
renaming a user to a name of an existing user should raise an exception
"""
db = self.ccd._db.conn
valid_sid = self.session.sid
# this is the user that we try to rename as
name1 = str(getRandomBytes())
create_user(db, name1).uid
# this is the user that we want to rename
name2 = str(getRandomBytes())
uid2 = create_user(db, name2).uid
# now renanme user2 with the name of user1
update_pld = {
"uid": uid2,
"name": name1,
"mail": "foo",
"description": "bar"
}
self.assertRaises(AlreadyExistingError, update_user, self.ccd,
valid_sid, update_pld)
def test_single_user_nonsuperadmin(self):
"""
a user is allowed to receive information of an arbitrary user, if he
has ACCESS_READ in the user2user table.
"""
db = self.ccd._db.conn
# user that requests the information. needs ACCESS_READ
user = create_user(db, str(getRandomBytes()))
wg = create_workgroup(db, "newworkgroup", user.uid, 3)
add_user2user(db, user.uid, 3) # ACCESS_READ
valid_sid = self.ccd._assign_user_a_session(user).sid
# user to request for information
user_to_request = create_user(db, str(getRandomBytes()))
create_workgroup(db, "newworkgroup", user_to_request.uid, 3)
payload = {"uid": user_to_request.uid}
res = show_user(self.ccd, valid_sid, payload)[0]
try:
self.assertEqual(res["uid"], user_to_request.uid)
self.assertEqual(res["name"], user_to_request.name)
self.assertEqual(res["mail"], user_to_request.mail)
self.assertEqual(res["description"], user_to_request.description)
finally:
user.delete(db)
user_to_request.delete(db)
wg.delete(db)
def test_permission_denied(self):
"""
verify that a non-superdmin user, who has no ACCESS_WRITE is not
allowed to modify a user
"""
db = self.ccd._db.conn
# first we create that new user
uid = create_user(db, str(getRandomBytes())).uid
# create a user and a workgroup w/o ACCESS_ADD in
# user2users table
user = create_user(db, str(getRandomBytes()))
create_workgroup(db, "newworkgroup", user.uid, 3)
add_user2user(db, user.uid, 4) # NO ACCESS_WRITE
valid_sid = self.ccd._assign_user_a_session(user).sid
# second, we update this user
name2 = str(getRandomBytes())
mail2 = "mymail%d" % random.randrange(1000, 9999)
description2 = "mydescription%d" % random.randrange(1000, 9999)
update_pld = {
"uid": uid,
"name": name2,
"mail": mail2,
"description": description2
}
self.assertRaises(PermissionDenied, update_user, self.ccd, valid_sid,
update_pld)
def test_single_user_permission_denied(self):
"""
a user that is not superadmin and has no ACCESS_READ must fail reading
user information (of user that are not the user ifself). it must be
raised a permission denied exceperion. Note. every role includes
ACCESS_READ by default, hence the user that requests the information
must no be in user2user table.
"""
db = self.ccd._db.conn
# user that requests the information. needs ACCESS_READ
user = create_user(db, str(getRandomBytes()))
wg = create_workgroup(db, "newworkgroup", user.uid, 3)
valid_sid = self.ccd._assign_user_a_session(user).sid
# user to request for information
user_to_request = create_user(db, str(getRandomBytes()))
create_workgroup(db, "newworkgroup", user_to_request.uid, 3)
payload = {"uid": user_to_request.uid}
try:
self.assertRaises(PermissionDenied, show_user, self.ccd, valid_sid,
payload)
finally:
user.delete(db)
user_to_request.delete(db)
wg.delete(db)
def test_single_user_permission_denied(self):
"""
a user that is not superadmin and has no ACCESS_READ must fail reading
user information (of user that are not the user ifself). it must be
raised a permission denied exceperion. Note. every role includes
ACCESS_READ by default, hence the user that requests the information
must no be in user2user table.
"""
db = self.ccd._db.conn
# user that requests the information. needs ACCESS_READ
user = create_user(db, str(getRandomBytes()))
wg = create_workgroup(db, "newworkgroup", user.uid, 3)
valid_sid = self.ccd._assign_user_a_session(user).sid
# user to request for information
user_to_request = create_user(db, str(getRandomBytes()))
create_workgroup(db, "newworkgroup", user_to_request.uid, 3)
payload = {"uid": user_to_request.uid}
try:
self.assertRaises(PermissionDenied,
show_user,
self.ccd,
valid_sid,
payload)
finally:
user.delete(db)
user_to_request.delete(db)
wg.delete(db)
def test_all_user_permission_denied(self):
"""
a user that is not superadmin and has no ACCESS_READ must fail reading
user information (of user that are not the user ifself). it must be
raised a permission denied exception
"""
db = self.ccd._db.conn
# user that requests the information. needs ACCESS_READ
user = create_user(db, str(getRandomBytes()))
wg = create_workgroup(db, "newworkgroup", user.uid, 3)
valid_sid = self.ccd._assign_user_a_session(user).sid
# user to request for information
user_to_request = create_user(db, str(getRandomBytes()))
create_workgroup(db, "newworkgroup", user_to_request.uid, 3)
# set None to request all users
payload = {"uid": None}
try:
self.assertRaises(PermissionDenied, show_user, self.ccd, valid_sid,
payload)
finally:
user.delete(db)
user_to_request.delete(db)
wg.delete(db)
def test_all_user_permission_denied(self):
"""
a user that is not superadmin and has no ACCESS_READ must fail reading
user information (of user that are not the user ifself). it must be
raised a permission denied exception
"""
db = self.ccd._db.conn
# user that requests the information. needs ACCESS_READ
user = create_user(db, str(getRandomBytes()))
wg = create_workgroup(db, "newworkgroup", user.uid, 3)
valid_sid = self.ccd._assign_user_a_session(user).sid
# user to request for information
user_to_request = create_user(db, str(getRandomBytes()))
create_workgroup(db, "newworkgroup", user_to_request.uid, 3)
# set None to request all users
payload = {"uid": None}
try:
self.assertRaises(PermissionDenied,
show_user,
self.ccd,
valid_sid,
payload)
finally:
user.delete(db)
user_to_request.delete(db)
wg.delete(db)
def test_single_user_nonsuperadmin(self):
"""
a user is allowed to receive information of an arbitrary user, if he
has ACCESS_READ in the user2user table.
"""
db = self.ccd._db.conn
# user that requests the information. needs ACCESS_READ
user = create_user(db, str(getRandomBytes()))
wg = create_workgroup(db, "newworkgroup", user.uid, 3)
add_user2user(db, user.uid, 3) # ACCESS_READ
valid_sid = self.ccd._assign_user_a_session(user).sid
# user to request for information
user_to_request = create_user(db, str(getRandomBytes()))
create_workgroup(db, "newworkgroup", user_to_request.uid, 3)
payload = {"uid": user_to_request.uid}
res = show_user(self.ccd, valid_sid, payload)[0]
try:
self.assertEqual(res["uid"], user_to_request.uid)
self.assertEqual(res["name"], user_to_request.name)
self.assertEqual(res["mail"], user_to_request.mail)
self.assertEqual(res["description"], user_to_request.description)
finally:
user.delete(db)
user_to_request.delete(db)
wg.delete(db)
def test_delpermission(self):
"""
verify that a user with ACCESS_DEL in user2user table is able to
delete users. note: this user must not be the superadmin.
"""
db = self.ccd._db.conn
# create a user and a workgroup. give the user ACCESS_ADD in
# user2users table
user = create_user(db, str(random.randrange(1000,9999)))
wg = create_workgroup(db, "newworkgroup", user.uid, 2)
add_user2user(db, user.uid, 2) # ACCESS_DEL
valid_sid = self.ccd._assign_user_a_session(user).sid
# create user
name = str(getRandomBytes())
valid_pld = {"name": name,
"mail": "mail@mynewuser",
"password": "******"}
# first we create that new user
uid = new_user(self.ccd, valid_sid, valid_pld)
self.assertIsInstance(uid, int)
# second, we delete that user
del_pld = {"uid": uid}
self.assertIsNone(delete_user(self.ccd, valid_sid, del_pld))
user.delete(db)
wg.delete(db)
def test_permission_denied(self):
"""
if user is no superadmin and has no ACCESS_DEL, a permissionDenied
exception is raised
"""
db = self.ccd._db.conn
# create a user and a workgroup. give the user ACCESS_ADD in
# user2users table
user = create_user(db, str(random.randrange(1000,9999)))
wg = create_workgroup(db, "newworkgroup", user.uid, 3)
add_user2user(db, user.uid, 4) # NO ACCESS_DEL
valid_sid = self.ccd._assign_user_a_session(user).sid
invalid_pld = {"uid": "foo"}
try:
self.assertRaises(PermissionDenied,
delete_user,
self.ccd,
valid_sid,
invalid_pld)
finally:
user.delete(db)
wg.delete(db)
def test_project_user_superadmin(self):
"""
using pid instead of uid in payload should return user in
corresponding project
"""
db = self.ccd._db.conn
# user that requests the information. needs ACCESS_READ
valid_sid = self.session.sid
# create users
users = []
for i in range(10):
user = create_user(db, str(getRandomBytes()))
create_workgroup(db, "newworkgroup", user.uid, 3)
users.append(user)
# add users to projects
for u in users:
proj = create_project(db, "test_project_user_superadmin", u, 3)
# set None to request all users
payload = {"pid": proj.pid}
res = show_user(self.ccd, valid_sid, payload)
try:
self.assertUsersInProject(res, users)
finally:
proj.delete(db)
for u in users:
u.delete(db)
def test_all_user_nonsuperadmin(self):
"""
a user is allowed to receive information of a user, if he has
ACCESS_READ in the user2user table.
"""
db = self.ccd._db.conn
# user that requests the information. needs ACCESS_READ
user = create_user(db, str(getRandomBytes()))
wg = create_workgroup(db, "newworkgroup", user.uid, 3)
add_user2user(db, user.uid, 3) # ACCESS_READ
valid_sid = self.ccd._assign_user_a_session(user).sid
# set None to request all users
payload = {"uid": None}
res = show_user(self.ccd, valid_sid, payload)
meta, conn = db
tbl = meta.tables[tbl_users]
with conn.begin():
sel = tbl.select().where(tbl.c.deleted == False)
users = conn.execute(sel).fetchall()
try:
self.assertEqualResolution(res, users)
finally:
user.delete(db)
wg.delete(db)
def test_single_user_superadmin(self):
"""
the superadmin is allowed to receive information of an existing user.
"""
db = self.ccd._db.conn
# user that requests the information. needs ACCESS_READ
valid_sid = self.session.sid
# user to request for information
user_to_request = create_user(db, str(getRandomBytes()))
wg = create_workgroup(db, "newworkgroup", user_to_request.uid, 3)
payload = {"uid": user_to_request.uid}
res = show_user(self.ccd, valid_sid, payload)[0]
try:
self.assertEqual(res["uid"], user_to_request.uid)
self.assertEqual(res["name"], user_to_request.name)
self.assertEqual(res["mail"], user_to_request.mail)
self.assertEqual(res["description"], user_to_request.description)
finally:
user_to_request.delete(db)
wg.delete(db)
def test_project_set(self):
"""
verify the stage is passed with a valid project set and the user is not
a superadmin
"""
db = self.ccd._db.conn
user = create_user(db, "my non admin user")
wg = create_workgroup(db, "wgroup", user.uid, 3) # role id 3 = normal
# user, no wgroup admin
proj = create_project(db, "my project", user, 2) # project admin, role
# does not matter in
# this test
try:
# get a session for the non-admin
valid_session = self.ccd._assign_user_a_session(user)
valid_sid = valid_session.sid
valid_session.setproject(db, proj)
self.assertTrue(stage_three(self.ccd, valid_sid))
finally:
if valid_session:
valid_session.unsetproject(db, proj)
user.delete(db)
wg.delete(db)
proj.delete(db)
def test_permission_denied(self):
"""
if the user is no superadmin and has no ACCESS_ADD a
permissionDenied exception is raised
"""
db = self.ccd._db.conn
user = create_user(db, str(getRandomBytes()))
wg = create_workgroup(db, "newworkgroup", user.uid, 3)
add_user2user(db, user.uid, 3) # no ACCESS_ADD
valid_sid = self.ccd._assign_user_a_session(user).sid
# create user
name = str(getRandomBytes())
valid_pld = {
"name": name,
"mail": "mail@mynewuser",
"password": "******"
}
try:
self.assertRaises(PermissionDenied, new_user, self.ccd, valid_sid,
valid_pld)
finally:
user.delete(db)
wg.delete(db)
def test_single_user_nonexisting(self):
"""
requesting a non-existing user should fail
"""
db = self.ccd._db.conn
# user that requests the information. needs ACCESS_READ
valid_sid = self.session.sid
# user to request for information
user_to_request = create_user(db, str(getRandomBytes()))
wg = create_workgroup(db, "newworkgroup", user_to_request.uid, 3)
payload = {"uid": -1}
try:
self.assertRaises(NotFoundError,
show_user,
self.ccd,
valid_sid,
payload)
finally:
user_to_request.delete(db)
wg.delete(db)
def test_delpermission(self):
"""
verify that a user with ACCESS_DEL in user2user table is able to
delete users. note: this user must not be the superadmin.
"""
db = self.ccd._db.conn
# create a user and a workgroup. give the user ACCESS_ADD in
# user2users table
user = create_user(db, str(random.randrange(1000, 9999)))
wg = create_workgroup(db, "newworkgroup", user.uid, 2)
add_user2user(db, user.uid, 2) # ACCESS_DEL
valid_sid = self.ccd._assign_user_a_session(user).sid
# create user
name = str(getRandomBytes())
valid_pld = {
"name": name,
"mail": "mail@mynewuser",
"password": "******"
}
# first we create that new user
uid = new_user(self.ccd, valid_sid, valid_pld)
self.assertIsInstance(uid, int)
# second, we delete that user
del_pld = {"uid": uid}
self.assertIsNone(delete_user(self.ccd, valid_sid, del_pld))
user.delete(db)
wg.delete(db)
def test_single_user_superadmin(self):
"""
the superadmin is allowed to receive information of an existing user.
"""
db = self.ccd._db.conn
# user that requests the information. needs ACCESS_READ
valid_sid = self.session.sid
# user to request for information
user_to_request = create_user(db, str(getRandomBytes()))
wg = create_workgroup(db, "newworkgroup", user_to_request.uid, 3)
payload = {"uid": user_to_request.uid}
res = show_user(self.ccd, valid_sid, payload)[0]
try:
self.assertEqual(res["uid"], user_to_request.uid)
self.assertEqual(res["name"], user_to_request.name)
self.assertEqual(res["mail"], user_to_request.mail)
self.assertEqual(res["description"], user_to_request.description)
finally:
user_to_request.delete(db)
wg.delete(db)
def test_addpermission(self):
"""
verify that a user with ACCESS_ADD in user2user table is able to
create new users. note: this user must not be the superadmin.
"""
db = self.ccd._db.conn
# create a user and a workgroup. give the user ACCESS_ADD in
# user2users table
user = create_user(db, str(getRandomBytes()))
wg = create_workgroup(db, "newworkgroup", user.uid, 2)
del_user2user(db, user.uid)
add_user2user(db, user.uid, 2) # ACCESS_ADD
valid_sid = self.ccd._assign_user_a_session(user).sid
# create user
name = str(getRandomBytes())
valid_pld = {"name": name,
"mail": "mail@mynewuser",
"password": "******"}
# first we create that new user
uid = new_user(self.ccd, valid_sid, valid_pld)
self.assertIsInstance(uid, int)
# second, we check for the user to be in the database
user2 = User.by_name(self.ccd._db.conn, name)
try:
self.assertEqual(uid, user2.uid)
finally:
# delete them, since they are not needed anymore
user2.delete(db)
user.delete(db)
wg.delete(db)
def test_project_user_superadmin(self):
"""
using pid instead of uid in payload should return user in
corresponding project
"""
db = self.ccd._db.conn
# user that requests the information. needs ACCESS_READ
valid_sid = self.session.sid
# create users
users = []
for i in range(10):
user = create_user(db, str(getRandomBytes()))
create_workgroup(db, "newworkgroup", user.uid, 3)
users.append(user)
# add users to projects
for u in users:
proj = create_project(db, "test_project_user_superadmin", u, 3)
# set None to request all users
payload = {"pid": proj.pid}
res = show_user(self.ccd, valid_sid, payload)
try:
self.assertUsersInProject(res, users)
finally:
proj.delete(db)
for u in users:
u.delete(db)
def test_permission_denied(self):
"""
if the user is no superadmin and has no ACCESS_ADD a
permissionDenied exception is raised
"""
db = self.ccd._db.conn
user = create_user(db, str(getRandomBytes()))
wg = create_workgroup(db, "newworkgroup", user.uid, 3)
add_user2user(db, user.uid, 3) # no ACCESS_ADD
valid_sid = self.ccd._assign_user_a_session(user).sid
# create user
name = str(getRandomBytes())
valid_pld = {"name": name,
"mail": "mail@mynewuser",
"password": "******"}
try:
self.assertRaises(PermissionDenied,
new_user,
self.ccd,
valid_sid,
valid_pld)
finally:
user.delete(db)
wg.delete(db)
def test_project_set(self):
"""
verify the stage is passed with a valid project set and the user is not
a superadmin
"""
db = self.ccd._db.conn
user = create_user(db, "my non admin user")
wg = create_workgroup(db, "wgroup", user.uid, 3) # role id 3 = normal
# user, no wgroup admin
proj = create_project(db, "my project", user, 2) # project admin, role
# does not matter in
# this test
try:
# get a session for the non-admin
valid_session = self.ccd._assign_user_a_session(user)
valid_sid = valid_session.sid
valid_session.setproject(db, proj)
self.assertTrue(stage_three(self.ccd, valid_sid))
finally:
if valid_session:
valid_session.unsetproject(db, proj)
user.delete(db)
wg.delete(db)
proj.delete(db)
def test_all_user_nonsuperadmin(self):
"""
a user is allowed to receive information of a user, if he has
ACCESS_READ in the user2user table.
"""
db = self.ccd._db.conn
# user that requests the information. needs ACCESS_READ
user = create_user(db, str(getRandomBytes()))
wg = create_workgroup(db, "newworkgroup", user.uid, 3)
add_user2user(db, user.uid, 3) # ACCESS_READ
valid_sid = self.ccd._assign_user_a_session(user).sid
# set None to request all users
payload = {"uid": None}
res = show_user(self.ccd, valid_sid, payload)
meta, conn = db
tbl = meta.tables[tbl_users]
with conn.begin():
sel = tbl.select().where(tbl.c.deleted==False)
users = conn.execute(sel).fetchall()
try:
self.assertEqualResolution(res, users)
finally:
user.delete(db)
wg.delete(db)
def test_project_user_owner(self):
"""
the project owner is able to request the users within its project
"""
db = self.ccd._db.conn
users = []
# user that requests the information is creator of the new project
owner = create_user(db, "owner_%s" % str(getRandomBytes()))
create_workgroup(db, "newworkgroup", owner.uid, 3)
creator = create_user(db, "creator_%s" % str(getRandomBytes()))
create_workgroup(db, "newworkgroup", creator.uid, 3)
proj = Project.create_fromname(
db,
"test_project_user_creator",
creator, # creator
owner, # owner
1, # type id
"my project" #description
)
valid_sid = self.ccd._assign_user_a_session(owner).sid
# create users
for i in range(10):
u = create_user(db, str(getRandomBytes()))
create_workgroup(db, "newworkgroup", u.uid, 3)
users.append(u)
# add users to project
for u in users:
create_project(db, "test_project_user_creator", u, 3)
# set None to request all users
payload = {"pid": proj.pid}
res = show_user(self.ccd, valid_sid, payload)
try:
self.assertUsersInProject(res, users)
finally:
proj.delete(db)
for u in users:
u.delete(db)
creator.delete(db)
owner.delete(db)
def test_project_user_owner(self):
"""
the project owner is able to request the users within its project
"""
db = self.ccd._db.conn
users = []
# user that requests the information is creator of the new project
owner = create_user(db, "owner_%s" % str(getRandomBytes()))
create_workgroup(db, "newworkgroup", owner.uid, 3)
creator = create_user(db, "creator_%s" % str(getRandomBytes()))
create_workgroup(db, "newworkgroup", creator.uid, 3)
proj = Project.create_fromname(
db,
"test_project_user_creator",
creator, # creator
owner, # owner
1, # type id
"my project" #description
)
valid_sid = self.ccd._assign_user_a_session(owner).sid
# create users
for i in range(10):
u = create_user(db, str(getRandomBytes()))
create_workgroup(db, "newworkgroup", u.uid, 3)
users.append(u)
# add users to project
for u in users:
create_project(db, "test_project_user_creator", u, 3)
# set None to request all users
payload = {"pid": proj.pid}
res = show_user(self.ccd, valid_sid, payload)
try:
self.assertUsersInProject(res, users)
finally:
proj.delete(db)
for u in users:
u.delete(db)
creator.delete(db)
owner.delete(db)
def test_uid_noint(self):
""" verify that a non-int uid raises an InputError """
db = self.ccd._db.conn
valid_sid = self.session.sid
name1 = str(getRandomBytes())
create_user(db, name1).uid
update_pld = {
"uid": "foobar",
"name": "fubar",
"mail": "foo",
"description": "bar"
}
self.assertRaisesRegexp(InputError, "Invalid payload format!",
update_user, self.ccd, valid_sid, update_pld)
def test_no_project(self):
"""
if no project is set, the user has no write access to create one and
the operations is non of the allowed ones, stage three must fail
"""
db = self.ccd._db.conn
user = create_user(db, "my non admin user")
wg = create_workgroup(db, "wgroup", user.uid, 3) # role id 3 = normal
# user, no wgroup admin
try:
valid_session = self.ccd._assign_user_a_session(user)
valid_sid = valid_session.sid
operations = [
op for op in dir(ccdlib)
if op.startswith("OP_") and not op in ("OP_LOGOUT",
"OP_SETPROJ",
"OP_SHOWPROJ",
"OP_NEWPROJ",
"OP_DELPROJ",
"OP_UPDATEPROJ",
"OP_ADDPROJMEMBER",
"OP_DELPROJMEMBER",
"OP_ADDPROJPLG",
"OP_DELPROJPLG",
"OP_SHOWWGROUP")]
# also test some values that are not part of the protocol
# specification
operations.extend([-1, 999999])
for op in operations:
print("testing %s" % op)
valid_rid = valid_session.assign_rid()
self.assertRaisesRegexp(SessionError,
"Invalid Operation in stage 3!",
verify_stages,
self.ccd,
valid_sid,
valid_rid,
op
)
finally:
user.delete(db)
wg.delete(db)
def test_no_project_but_write_access(self):
"""
if no project is set, the user passes the stage if he is allowed to
create one
"""
db = self.ccd._db.conn
user = create_user(db, "my non admin user")
wg = create_workgroup(db, "wgroup", user.uid, 2) # role id 2 = wgroup
# admin with write
# access
try:
valid_session = self.ccd._assign_user_a_session(user)
valid_sid = valid_session.sid
self.assertTrue(stage_three(self.ccd, valid_sid))
finally:
user.delete(db)
wg.delete(db)
def test_no_project_but_write_access(self):
"""
if no project is set, the user passes the stage if he is allowed to
create one
"""
db = self.ccd._db.conn
user = create_user(db, "my non admin user")
wg = create_workgroup(db, "wgroup", user.uid, 2) # role id 2 = wgroup
# admin with write
# access
try:
valid_session = self.ccd._assign_user_a_session(user)
valid_sid = valid_session.sid
self.assertTrue(stage_three(self.ccd, valid_sid))
finally:
user.delete(db)
wg.delete(db)
def test_write_permission(self):
"""
verify that a user, with ACCESS_WRITE in user2users-table is able
to update an existing user.
"""
db = self.ccd._db.conn
# create a user and a workgroup. give the user ACCESS_ADD in
# user2users table
user = create_user(db, str(getRandomBytes()))
create_workgroup(db, "newworkgroup", user.uid, 2)
add_user2user(db, user.uid, 2) # ACCESS_WRITE
valid_sid = self.ccd._assign_user_a_session(user).sid
# first we create that new user
name = str(getRandomBytes())
add_pld = {
"name": name,
"mail": "mail@mynewuser",
"password": "******"
}
uid = new_user(self.ccd, valid_sid, add_pld)
self.assertIsInstance(uid, int)
# second, we update this user
name2 = str(getRandomBytes())
mail2 = "mymail%d" % random.randrange(1000, 9999)
description2 = "mydescription%d" % random.randrange(1000, 9999)
update_pld = {
"uid": uid,
"name": name2,
"mail": mail2,
"description": description2
}
self.assertIsNone(update_user(self.ccd, valid_sid, update_pld))
# third, we verify that the changed data is written to database
user = User.by_uid(self.ccd._db.conn, uid)
self.assertEqual(user.name, name2)
self.assertEqual(user.mail, mail2)
self.assertEqual(user.description, description2)
def test_single_user_itself(self):
"""
showing information of the user itself should work. the user is no
superadmin.
"""
db = self.ccd._db.conn
user = create_user(db, str(getRandomBytes()))
wg = create_workgroup(db, "newworkgroup", user.uid, 3)
valid_sid = self.ccd._assign_user_a_session(user).sid
payload = {"uid": user.uid}
res = show_user(self.ccd, valid_sid, payload)[0]
try:
self.assertEqual(res["uid"], user.uid)
self.assertEqual(res["name"], user.name)
self.assertEqual(res["mail"], user.mail)
self.assertEqual(res["description"], user.description)
finally:
user.delete(db)
wg.delete(db)
def _test_non_admin_operation(self, op):
"""
gets an operation an test for proper executing for a workgroup user
(non-workgroup admin). asserts True as result.
"""
db = self.ccd._db.conn
user = create_user(db, "my non admin user")
wg = create_workgroup(db, "wgroup", user.uid, 3) # role id 3 = normal
# user, no wgroup admin
try:
valid_session = self.ccd._assign_user_a_session(user)
valid_sid = valid_session.sid
valid_rid = valid_session.assign_rid()
res = verify_stages(self.ccd, valid_sid, valid_rid, op)
self.assertTrue(res)
finally:
user.delete(db)
wg.delete(db)
def test_single_user_itself(self):
"""
showing information of the user itself should work. the user is no
superadmin.
"""
db = self.ccd._db.conn
user = create_user(db, str(getRandomBytes()))
wg = create_workgroup(db, "newworkgroup", user.uid, 3)
valid_sid = self.ccd._assign_user_a_session(user).sid
payload = {"uid": user.uid}
res = show_user(self.ccd, valid_sid, payload)[0]
try:
self.assertEqual(res["uid"], user.uid)
self.assertEqual(res["name"], user.name)
self.assertEqual(res["mail"], user.mail)
self.assertEqual(res["description"], user.description)
finally:
user.delete(db)
wg.delete(db)
def test_single_user_nonexisting(self):
"""
requesting a non-existing user should fail
"""
db = self.ccd._db.conn
# user that requests the information. needs ACCESS_READ
valid_sid = self.session.sid
# user to request for information
user_to_request = create_user(db, str(getRandomBytes()))
wg = create_workgroup(db, "newworkgroup", user_to_request.uid, 3)
payload = {"uid": -1}
try:
self.assertRaises(NotFoundError, show_user, self.ccd, valid_sid,
payload)
finally:
user_to_request.delete(db)
wg.delete(db)
def test_permission_denied(self):
"""
if user is no superadmin and has no ACCESS_DEL, a permissionDenied
exception is raised
"""
db = self.ccd._db.conn
# create a user and a workgroup. give the user ACCESS_ADD in
# user2users table
user = create_user(db, str(random.randrange(1000, 9999)))
wg = create_workgroup(db, "newworkgroup", user.uid, 3)
add_user2user(db, user.uid, 4) # NO ACCESS_DEL
valid_sid = self.ccd._assign_user_a_session(user).sid
invalid_pld = {"uid": "foo"}
try:
self.assertRaises(PermissionDenied, delete_user, self.ccd,
valid_sid, invalid_pld)
finally:
user.delete(db)
wg.delete(db)
def test_no_project(self):
"""
if no project is set, the user has no write access to create one and
the operations is non of the allowed ones, stage three must fail
"""
db = self.ccd._db.conn
user = create_user(db, "my non admin user")
wg = create_workgroup(db, "wgroup", user.uid, 3) # role id 3 = normal
# user, no wgroup admin
try:
valid_session = self.ccd._assign_user_a_session(user)
valid_sid = valid_session.sid
operations = [
op for op in dir(ccdlib) if op.startswith("OP_") and not op in
("OP_LOGOUT", "OP_SETPROJ", "OP_SHOWPROJ", "OP_NEWPROJ",
"OP_DELPROJ", "OP_UPDATEPROJ", "OP_ADDPROJMEMBER",
"OP_DELPROJMEMBER", "OP_ADDPROJPLG", "OP_DELPROJPLG",
"OP_SHOWWGROUP")
]
# also test some values that are not part of the protocol
# specification
operations.extend([-1, 999999])
for op in operations:
print("testing %s" % op)
valid_rid = valid_session.assign_rid()
self.assertRaisesRegexp(SessionError,
"Invalid Operation in stage 3!",
verify_stages, self.ccd, valid_sid,
valid_rid, op)
finally:
user.delete(db)
wg.delete(db)
def test_permission_denied(self):
"""
verify that a non-superdmin user, who has no ACCESS_WRITE is not
allowed to modify a user
"""
db = self.ccd._db.conn
# create a user and a workgroup. give the user ACCESS_ADD in
# user2users table
user = create_user(db, str(random.randrange(1000, 9999)))
wg = create_workgroup(db, "newworkgroup", user.uid, 2)
add_user2user(db, user.uid, 3) # No ACCESS_WRITE
# create user
name = str(getRandomBytes())
password = "******"
valid_pld = {"name": name,
"mail": "mail@mynewuser",
"password": password}
# first we create that new user with SA session
uid = new_user(self.ccd, self.session.sid, valid_pld)
self.assertIsInstance(uid, int)
# second, we update this user with a user who has now allowance to do
# so
password2 = "mypassword2"
update_pld = {"uid": uid,
"old": password,
"new": password2
}
valid_sid = self.ccd._assign_user_a_session(user).sid
self.assertRaises(PermissionDenied,
update_user_passwd,
self.ccd,
valid_sid,
update_pld)
def test_addpermission(self):
"""
verify that a user with ACCESS_ADD in user2user table is able to
create new users. note: this user must not be the superadmin.
"""
db = self.ccd._db.conn
# create a user and a workgroup. give the user ACCESS_ADD in
# user2users table
user = create_user(db, str(getRandomBytes()))
wg = create_workgroup(db, "newworkgroup", user.uid, 2)
del_user2user(db, user.uid)
add_user2user(db, user.uid, 2) # ACCESS_ADD
valid_sid = self.ccd._assign_user_a_session(user).sid
# create user
name = str(getRandomBytes())
valid_pld = {
"name": name,
"mail": "mail@mynewuser",
"password": "******"
}
# first we create that new user
uid = new_user(self.ccd, valid_sid, valid_pld)
self.assertIsInstance(uid, int)
# second, we check for the user to be in the database
user2 = User.by_name(self.ccd._db.conn, name)
try:
self.assertEqual(uid, user2.uid)
finally:
# delete them, since they are not needed anymore
user2.delete(db)
user.delete(db)
wg.delete(db)
def test_addpermission(self):
"""
verify that a user with ACCESS_ADD in user2user table is able to
update user's passwords. note: this user must not be the superadmin.
"""
db = self.ccd._db.conn
# create a user and a workgroup. give the user ACCESS_ADD in
# user2users table
user = create_user(db, str(random.randrange(1000, 9999)))
create_workgroup(db, "newworkgroup", user.uid, 2)
add_user2user(db, user.uid, 2) # ACCESS_ADD
valid_sid = self.ccd._assign_user_a_session(user).sid
# create user
name = str(getRandomBytes())
password = "******"
valid_pld = {"name": name,
"mail": "mail@mynewuser",
"password": password}
# first we create that new user
uid = new_user(self.ccd, valid_sid, valid_pld)
self.assertIsInstance(uid, int)
# second, we update this user
password2 = "mypassword2"
update_pld = {"uid": uid,
"old": password,
"new": password2
}
self.assertIsNone(update_user_passwd(self.ccd, valid_sid, update_pld))
# third, we verify that the changed data is written to database
users = getusers(self.ccd._db.conn, name, password2)
self.assertEqual(len(users), 1)
def _test_non_admin_operation(self, op):
"""
gets an operation an test for proper executing for a workgroup user
(non-workgroup admin). asserts True as result.
"""
db = self.ccd._db.conn
user = create_user(db, "my non admin user")
wg = create_workgroup(db, "wgroup", user.uid, 3) # role id 3 = normal
# user, no wgroup admin
try:
valid_session = self.ccd._assign_user_a_session(user)
valid_sid = valid_session.sid
valid_rid = valid_session.assign_rid()
res = verify_stages(self.ccd,
valid_sid,
valid_rid,
op)
self.assertTrue(res)
finally:
user.delete(db)
wg.delete(db)
