def test_new_user_only_member(self): """ Existing user, valid project, no edit permissions. Action should be invalid. """ project = fake_clients.FakeProject(name="test_project") user = fake_clients.FakeUser(name="*****@*****.**", password="******", email="*****@*****.**") setup_identity_cache(projects=[project], users=[user]) task = Task.objects.create(ip_address="0.0.0.0", keystone_user={ 'roles': ['_member_'], 'project_id': project.id, 'project_domain_id': 'default', }) data = { 'email': '*****@*****.**', 'project_id': project.id, 'roles': ['_member_'], 'inherited_roles': [], 'domain_id': 'default', } action = NewUserAction(data, task=task, order=1) action.pre_approve() self.assertFalse(action.valid)
def test_new_user_no_tenant(self): """ No user, no tenant. """ setup_identity_cache() task = Task.objects.create(ip_address="0.0.0.0", keystone_user={ 'roles': ['admin', 'project_mod'], 'project_id': 'test_project_id', 'project_domain_id': 'default', }) data = { 'email': '*****@*****.**', 'project_id': 'test_project_id', 'roles': ['_member_'], 'inherited_roles': [], 'domain_id': 'default', } action = NewUserAction(data, task=task, order=1) action.pre_approve() self.assertEqual(action.valid, False) action.post_approve() self.assertEqual(action.valid, False) token_data = {} action.submit(token_data) self.assertEqual(action.valid, False)
def test_new_user_existing_role(self): """ Existing user, valid tenant, has role. Should complete the action as if no role, but actually do nothing. """ project = fake_clients.FakeProject(name="test_project") user = fake_clients.FakeUser(name="*****@*****.**", password="******", email="*****@*****.**") assignment = fake_clients.FakeRoleAssignment( scope={'project': { 'id': project.id }}, role_name="_member_", user={'id': user.id}) setup_identity_cache(projects=[project], users=[user], role_assignments=[assignment]) task = Task.objects.create(ip_address="0.0.0.0", keystone_user={ 'roles': ['admin', 'project_mod'], 'project_id': project.id, 'project_domain_id': 'default', }) data = { 'email': '*****@*****.**', 'project_id': project.id, 'roles': ['_member_'], 'inherited_roles': [], 'domain_id': 'default', } action = NewUserAction(data, task=task, order=1) action.pre_approve() self.assertEqual(action.valid, True) action.post_approve() self.assertEqual(action.valid, True) self.assertEqual(action.action.state, 'complete') token_data = {} action.submit(token_data) self.assertEqual(action.valid, True) fake_client = fake_clients.FakeManager() roles = fake_client._get_roles_as_names(user, project) self.assertEqual(roles, ['_member_'])
def test_new_user_disabled(self): """ Disabled user, valid existing tenant, no role. """ project = mock.Mock() project.id = 'test_project_id' project.name = 'test_project' project.domain = 'default' project.roles = {} user = mock.Mock() user.id = 'user_id_1' user.name = "*****@*****.**" user.email = "*****@*****.**" user.domain = 'default' user.enabled = False setup_temp_cache({'test_project': project}, {user.id: user}) task = Task.objects.create(ip_address="0.0.0.0", keystone_user={ 'roles': ['admin', 'project_mod'], 'project_id': 'test_project_id', 'project_domain_id': 'default', }) data = { 'email': '*****@*****.**', 'project_id': 'test_project_id', 'roles': ['_member_'], 'domain_id': 'default', } action = NewUserAction(data, task=task, order=1) action.pre_approve() self.assertEquals(action.valid, True) action.post_approve() self.assertEquals(action.valid, True) token_data = {'password': '******'} action.submit(token_data) self.assertEquals(action.valid, True) self.assertEquals(len(tests.temp_cache['users']), 2) # The new user id in this case will be "user_id_1" self.assertEquals(tests.temp_cache['users']["user_id_1"].email, '*****@*****.**') self.assertEquals(tests.temp_cache['users']["user_id_1"].password, '123456') self.assertEquals(tests.temp_cache['users']["user_id_1"].enabled, True) self.assertEquals(project.roles["user_id_1"], ['_member_'])
def test_new_user_disabled(self): """ Disabled user, valid existing tenant, no role. """ project = fake_clients.FakeProject(name="test_project") user = fake_clients.FakeUser(name="*****@*****.**", password="******", email="*****@*****.**", enabled=False) setup_identity_cache(projects=[project], users=[user]) task = Task.objects.create(ip_address="0.0.0.0", keystone_user={ 'roles': ['admin', 'project_mod'], 'project_id': project.id, 'project_domain_id': 'default', }) data = { 'email': '*****@*****.**', 'project_id': project.id, 'roles': ['_member_'], 'inherited_roles': [], 'domain_id': 'default', } action = NewUserAction(data, task=task, order=1) action.pre_approve() self.assertEqual(action.valid, True) action.post_approve() self.assertEqual(action.valid, True) token_data = {'password': '******'} action.submit(token_data) self.assertEqual(action.valid, True) self.assertEqual(len(fake_clients.identity_cache['users']), 2) fake_client = fake_clients.FakeManager() user = fake_client.find_user(name="*****@*****.**", domain="default") self.assertEqual(user.email, '*****@*****.**') self.assertEqual(user.password, '123456') self.assertTrue(user.enabled) roles = fake_client._get_roles_as_names(user, project) self.assertEqual(roles, ['_member_'])
def test_create_user_email_not_username(self): """ Test the default case, all valid. No existing user, valid tenant. Different username from email address """ project = mock.Mock() project.id = 'test_project_id' project.name = 'test_project' project.domain = 'default' project.roles = {} setup_temp_cache({'test_project': project}, {}) task = Task.objects.create(ip_address="0.0.0.0", keystone_user={ 'roles': ['admin', 'project_mod'], 'project_id': 'test_project_id', 'project_domain_id': 'default', }) data = { 'username': '******', 'email': '*****@*****.**', 'project_id': 'test_project_id', 'roles': ['_member_'], 'domain_id': 'default', } action = NewUserAction(data, task=task, order=1) action.pre_approve() self.assertEquals(action.valid, True) action.post_approve() self.assertEquals(action.valid, True) token_data = {'password': '******'} action.submit(token_data) self.assertEquals(action.valid, True) self.assertEquals(len(tests.temp_cache['users']), 2) # The new user id in this case will be "user_id_1" self.assertEquals(tests.temp_cache['users']["user_id_1"].email, '*****@*****.**') self.assertEquals(tests.temp_cache['users']["user_id_1"].name, 'test_user') self.assertEquals(tests.temp_cache['users']["user_id_1"].password, '123456') self.assertEquals(project.roles["user_id_1"], ['_member_'])
def test_new_user_existing_role(self): """ Existing user, valid tenant, has role. Should complete the action as if no role, but actually do nothing. """ user = mock.Mock() user.id = 'user_id' user.name = "*****@*****.**" user.email = "*****@*****.**" user.domain = 'default' project = mock.Mock() project.id = 'test_project_id' project.name = 'test_project' project.domain = 'default' project.roles = {user.id: ['_member_']} setup_temp_cache({'test_project': project}, {user.id: user}) task = Task.objects.create(ip_address="0.0.0.0", keystone_user={ 'roles': ['admin', 'project_mod'], 'project_id': 'test_project_id', 'project_domain_id': 'default', }) data = { 'email': '*****@*****.**', 'project_id': 'test_project_id', 'roles': ['_member_'], 'domain_id': 'default', } action = NewUserAction(data, task=task, order=1) action.pre_approve() self.assertEquals(action.valid, True) action.post_approve() self.assertEquals(action.valid, True) self.assertEquals(action.action.state, 'complete') token_data = {} action.submit(token_data) self.assertEquals(action.valid, True) self.assertEquals(project.roles[user.id], ['_member_'])
def test_create_user_email_not_username(self): """ Test the default case, all valid. No existing user, valid tenant. Different username from email address """ project = fake_clients.FakeProject(name="test_project") setup_identity_cache(projects=[project]) task = Task.objects.create(ip_address="0.0.0.0", keystone_user={ 'roles': ['admin', 'project_mod'], 'project_id': project.id, 'project_domain_id': 'default', }) data = { 'username': '******', 'email': '*****@*****.**', 'project_id': project.id, 'roles': ['_member_'], 'inherited_roles': [], 'domain_id': 'default', } action = NewUserAction(data, task=task, order=1) action.pre_approve() self.assertEqual(action.valid, True) action.post_approve() self.assertEqual(action.valid, True) token_data = {'password': '******'} action.submit(token_data) self.assertEqual(action.valid, True) self.assertEqual(len(fake_clients.identity_cache['users']), 2) fake_client = fake_clients.FakeManager() user = fake_client.find_user(name="test_user", domain="default") self.assertEqual(user.email, '*****@*****.**') self.assertEqual(user.password, '123456') self.assertTrue(user.enabled) roles = fake_client._get_roles_as_names(user, project) self.assertEqual(roles, ['_member_'])
def test_new_user_wrong_domain(self): """ Existing user, valid project, invalid domain. Action should be invalid. """ project = fake_clients.FakeProject(name="test_project") user = fake_clients.FakeUser(name="*****@*****.**", password="******", email="*****@*****.**") assignment = fake_clients.FakeRoleAssignment( scope={'project': { 'id': project.id }}, role_name="_member_", user={'id': user.id}) setup_identity_cache(projects=[project], users=[user], role_assignments=[assignment]) task = Task.objects.create(ip_address="0.0.0.0", keystone_user={ 'roles': ['project_admin'], 'project_id': project.id, 'project_domain_id': 'default', }) data = { 'email': '*****@*****.**', 'project_id': project.id, 'roles': ['_member_'], 'inherited_roles': [], 'domain_id': 'not_default', } action = NewUserAction(data, task=task, order=1) action.pre_approve() self.assertFalse(action.valid)
def test_new_user_wrong_domain(self): """ Existing user, valid project, invalid domain. Action should be invalid. """ user = mock.Mock() user.id = 'user_id' user.name = "*****@*****.**" user.email = "*****@*****.**" user.domain = 'default' project = mock.Mock() project.id = 'test_project_id' project.name = 'test_project' project.domain = 'default' project.roles = {user.id: ['_member_']} setup_temp_cache({'test_project': project}, {user.id: user}) task = Task.objects.create(ip_address="0.0.0.0", keystone_user={ 'roles': ['_member_'], 'project_id': 'test_project_id', 'project_domain_id': 'default', }) data = { 'email': '*****@*****.**', 'project_id': 'test_project_id', 'roles': ['_member_'], 'domain_id': 'not_default', } action = NewUserAction(data, task=task, order=1) action.pre_approve() self.assertFalse(action.valid)