def test_new_user_no_tenant(self): """ No user, no tenant. """ setup_identity_cache() task = Task.objects.create( keystone_user={ "roles": ["admin", "project_mod"], "project_id": "test_project_id", "project_domain_id": "default", } ) data = { "email": "*****@*****.**", "project_id": "test_project_id", "roles": ["member"], "inherited_roles": [], "domain_id": "default", } action = NewUserAction(data, task=task, order=1) action.prepare() self.assertEqual(action.valid, False) action.approve() self.assertEqual(action.valid, False) token_data = {} action.submit(token_data) self.assertEqual(action.valid, False)
def test_new_user_existing_role(self): """ Existing user, valid tenant, has role. Should complete the action as if no role, but actually do nothing. """ project = fake_clients.FakeProject(name="test_project") user = fake_clients.FakeUser( name="*****@*****.**", password="******", email="*****@*****.**" ) assignment = fake_clients.FakeRoleAssignment( scope={"project": {"id": project.id}}, role_name="member", user={"id": user.id}, ) setup_identity_cache( projects=[project], users=[user], role_assignments=[assignment] ) task = Task.objects.create( keystone_user={ "roles": ["admin", "project_mod"], "project_id": project.id, "project_domain_id": "default", } ) data = { "email": "*****@*****.**", "project_id": project.id, "roles": ["member"], "inherited_roles": [], "domain_id": "default", } action = NewUserAction(data, task=task, order=1) action.prepare() self.assertEqual(action.valid, True) action.approve() self.assertEqual(action.valid, True) self.assertEqual(action.action.state, "complete") token_data = {} action.submit(token_data) self.assertEqual(action.valid, True) fake_client = fake_clients.FakeManager() roles = fake_client._get_roles_as_names(user, project) self.assertEqual(roles, ["member"])
def test_new_user_disabled(self): """ Disabled user, valid existing tenant, no role. """ project = fake_clients.FakeProject(name="test_project") user = fake_clients.FakeUser( name="*****@*****.**", password="******", email="*****@*****.**", enabled=False, ) setup_identity_cache(projects=[project], users=[user]) task = Task.objects.create( keystone_user={ "roles": ["admin", "project_mod"], "project_id": project.id, "project_domain_id": "default", } ) data = { "email": "*****@*****.**", "project_id": project.id, "roles": ["member"], "inherited_roles": [], "domain_id": "default", } action = NewUserAction(data, task=task, order=1) action.prepare() self.assertEqual(action.valid, True) action.approve() self.assertEqual(action.valid, True) token_data = {"password": "******"} action.submit(token_data) self.assertEqual(action.valid, True) self.assertEqual(len(fake_clients.identity_cache["users"]), 2) fake_client = fake_clients.FakeManager() user = fake_client.find_user(name="*****@*****.**", domain="default") self.assertEqual(user.email, "*****@*****.**") self.assertEqual(user.password, "123456") self.assertTrue(user.enabled) roles = fake_client._get_roles_as_names(user, project) self.assertEqual(roles, ["member"])
def test_create_user_email_not_username(self): """ Test the default case, all valid. No existing user, valid tenant. Different username from email address """ project = fake_clients.FakeProject(name="test_project") setup_identity_cache(projects=[project]) task = Task.objects.create( keystone_user={ "roles": ["admin", "project_mod"], "project_id": project.id, "project_domain_id": "default", } ) data = { "username": "******", "email": "*****@*****.**", "project_id": project.id, "roles": ["member"], "inherited_roles": [], "domain_id": "default", } action = NewUserAction(data, task=task, order=1) action.prepare() self.assertEqual(action.valid, True) action.approve() self.assertEqual(action.valid, True) token_data = {"password": "******"} action.submit(token_data) self.assertEqual(action.valid, True) self.assertEqual(len(fake_clients.identity_cache["users"]), 2) fake_client = fake_clients.FakeManager() user = fake_client.find_user(name="test_user", domain="default") self.assertEqual(user.email, "*****@*****.**") self.assertEqual(user.password, "123456") self.assertTrue(user.enabled) roles = fake_client._get_roles_as_names(user, project) self.assertEqual(roles, ["member"])