コード例 #1
0
ファイル: security_testing.py プロジェクト: vedsofie/SPNv2 
 def test_standard_user_cannot_change_their_own_role(self):
     from controllers.user import do_create
     to_edit_usr = User.query.filter_by(UserID=self.std_user.UserID).first()
     usr = to_edit_usr.to_hash()
     usr['RoleID'] = self.admin.RoleID
     can_update = do_create(usr, self.std_user)
     self.assertEquals(False, can_update, 'We expect no one to be able to edit their own role')
コード例 #2
0
ファイル: security_testing.py プロジェクト: vedsofie/SPNv2 
 def test_super_admin_can_edit_roles(self):
     from controllers.user import do_create
     to_edit_usr = User.query.filter_by(UserID=self.other_act_std_user.UserID).first()
     usr = to_edit_usr.to_hash()
     usr['RoleID'] = self.admin.RoleID
     running_user = User.query.filter_by(UserID=self.super_admin_usr.UserID).first()
     can_update = do_create(usr, running_user)
     self.assertNotEquals(True, can_update, 'We expect super admins to be able to edit users roles')
コード例 #3
0
ファイル: security_testing.py プロジェクト: vedsofie/SPNv2 
 def test_admin_cannot_change_user_to_belong_to_their_account(self):
     from controllers.user import do_create
     to_edit_usr = User.query.filter_by(UserID=self.other_act_std_user.UserID).first()
     usr = to_edit_usr.to_hash()
     usr['AccountID'] = self.admin_usr.AccountID
     running_user = User.query.filter_by(UserID=self.admin_usr.UserID).first()
     can_update = do_create(usr, running_user)
     self.assertEquals(False, can_update, 'We expect admins to NOT be able to edit users belonging to a different account')
コード例 #4
0
ファイル: security_testing.py プロジェクト: vedsofie/SPNv2 
 def test_admin_can_edit_user_role_to_admin(self):
     from controllers.user import do_create
     to_edit_usr = User.query.filter_by(UserID=self.std_user.UserID).first()
     usr = to_edit_usr.to_hash()
     usr['RoleID'] = self.admin.RoleID
     running_user = User.query.filter_by(UserID=self.admin_usr.UserID).first()
     can_update = do_create(usr, running_user)
     self.assertNotEquals(False, can_update, 'We expect admins to be able to change a user to be an admin so long as they belong to the same Account')
コード例 #5
0
ファイル: security_testing.py プロジェクト: vedsofie/SPNv2 
 def test_admin_cannot_edit_user_role_to_super_admin(self):
     from controllers.user import do_create
     to_edit_usr = User.query.filter_by(UserID=self.std_user.UserID).first()
     usr = to_edit_usr.to_hash()
     usr['RoleID'] = self.super_admin.RoleID
     running_user = User.query.filter_by(UserID=self.admin_usr.UserID).first()
     can_update = do_create(usr, running_user)
     self.assertEquals(False, can_update, 'We expect admins to not be able to give more permission than admin')
コード例 #6
0
ファイル: security_testing.py プロジェクト: vedsofie/SPNv2 
    def test_standard_user_cannot_create_other_users(self):
            from controllers.user import do_create
            to_copy_usr = User.query.filter_by(UserID=self.std_user.UserID).first()
            usr = to_copy_usr.to_hash()
            del usr['UserID']
            usr['username'] = usr['username'] + 'd'

            can_update = do_create(usr, to_copy_usr)
            self.assertEquals(False, can_update, 'We expect standard users to NOT be able to create a user')
コード例 #7
0
ファイル: security_testing.py プロジェクト: vedsofie/SPNv2 
    def test_admin_user_can_create_other_users_of_same_account(self):
            from controllers.user import do_create
            to_copy_usr = User.query.filter_by(UserID=self.admin_usr.UserID).first()
            usr = to_copy_usr.to_hash()
            del usr['UserID']
            usr['username'] = usr['username'] + 'd'

            can_update = do_create(usr, to_copy_usr)
            created_user = can_update
            self.assertNotEquals(False, can_update, 'We expect admin users to be able to create other users of the same type')
            self.assertNotEquals(created_user.UserID, None, 'We do not expect anyone to be able to edit your password besides you')
コード例 #8
0
ファイル: security_testing.py プロジェクト: vedsofie/SPNv2 
    def test_user_can_edit_their_password(self):
            from controllers.user import do_create
            to_edit_usr = User.query.filter_by(UserID=self.other_act_std_user.UserID).first()
            original_pass = to_edit_usr.password
            usr = to_edit_usr.to_hash()

            usr['password'] = '******'
            running_user = User.query.filter_by(UserID=self.other_act_std_user.UserID).first()
            can_update = do_create(usr, running_user)
            the_updated_usr = can_update
            self.assertNotEquals(False, can_update, 'We expect users to be able to change their own passwords')
            self.assertNotEquals(the_updated_usr.password, original_pass, 'We do not expect anyone to be able to edit your password besides you')
コード例 #9
0
ファイル: security_testing.py プロジェクト: vedsofie/SPNv2 
    def test_other_users_cannot_edit_passwords_of_others(self):
            from controllers.user import do_create
            to_edit_usr = User.query.filter_by(UserID=self.other_act_std_user.UserID).first()
            original_pass = to_edit_usr.password
            usr = to_edit_usr.to_hash()

            usr['password'] = '******'
            running_user = User.query.filter_by(UserID=self.super_admin_usr.UserID).first()
            can_update = do_create(usr, running_user)
            the_updated_usr = can_update
            self.assertNotEquals(False, can_update, 'We expect the save to happen still, but with no effect on the password')
            self.assertEquals(the_updated_usr.password, original_pass, 'We do not expect anyone to be able to edit your password besides you')