def test_delpermission(self):
"""
verify that a user with ACCESS_DEL in user2user table is able to
delete users. note: this user must not be the superadmin.
"""
db = self.ccd._db.conn
# create a user and a workgroup. give the user ACCESS_ADD in
# user2users table
user = create_user(db, str(random.randrange(1000, 9999)))
wg = create_workgroup(db, "newworkgroup", user.uid, 2)
add_user2user(db, user.uid, 2) # ACCESS_DEL
valid_sid = self.ccd._assign_user_a_session(user).sid
# create user
name = str(getRandomBytes())
valid_pld = {
"name": name,
"mail": "mail@mynewuser",
"password": "******"
}
# first we create that new user
uid = new_user(self.ccd, valid_sid, valid_pld)
self.assertIsInstance(uid, int)
# second, we delete that user
del_pld = {"uid": uid}
self.assertIsNone(delete_user(self.ccd, valid_sid, del_pld))
user.delete(db)
wg.delete(db)
def test_name_characters(self):
"""
a name that contains other characters except for a-zA-Z0-9 should
raise an database.ccdErrors.InputError with message 'Invalid username'
"""
valid_sid = self.session.sid
name = str(getRandomBytes())
add_pld = {
"name": name,
"mail": "mail@mynewuser",
"password": "******"
}
# first we create that new user
uid = new_user(self.ccd, valid_sid, add_pld)
self.assertIsInstance(uid, int)
invalid_pld = {
"uid": uid,
"name": "$!YM=!)(>x)",
"mail": "mail@mynewuser",
"password": "******"
}
self.assertRaisesRegexp(InputError, "Invalid username", update_user,
self.ccd, valid_sid, invalid_pld)
def test_addpermission(self):
"""
verify that a user with ACCESS_ADD in user2user table is able to
create new users. note: this user must not be the superadmin.
"""
db = self.ccd._db.conn
# create a user and a workgroup. give the user ACCESS_ADD in
# user2users table
user = create_user(db, str(getRandomBytes()))
wg = create_workgroup(db, "newworkgroup", user.uid, 2)
del_user2user(db, user.uid)
add_user2user(db, user.uid, 2) # ACCESS_ADD
valid_sid = self.ccd._assign_user_a_session(user).sid
# create user
name = str(getRandomBytes())
valid_pld = {"name": name,
"mail": "mail@mynewuser",
"password": "******"}
# first we create that new user
uid = new_user(self.ccd, valid_sid, valid_pld)
self.assertIsInstance(uid, int)
# second, we check for the user to be in the database
user2 = User.by_name(self.ccd._db.conn, name)
try:
self.assertEqual(uid, user2.uid)
finally:
# delete them, since they are not needed anymore
user2.delete(db)
user.delete(db)
wg.delete(db)
def test_superadmin(self):
""" verify that the superadmin is able to update users """
valid_sid = self.session.sid
name = str(getRandomBytes())
add_pld = {
"name": name,
"mail": "mail@mynewuser",
"password": "******"
}
# first we create that new user
uid = new_user(self.ccd, valid_sid, add_pld)
self.assertIsInstance(uid, int)
# second, we update this user
name2 = str(getRandomBytes())
mail2 = "mymail%d" % random.randrange(1000, 9999)
description2 = "mydescription%d" % random.randrange(1000, 9999)
update_pld = {
"uid": uid,
"name": name2,
"mail": mail2,
"description": description2
}
self.assertIsNone(update_user(self.ccd, valid_sid, update_pld))
# third, we verify that the changed data is written to database
user = User.by_uid(self.ccd._db.conn, uid)
self.assertEqual(user.name, name2)
self.assertEqual(user.mail, mail2)
self.assertEqual(user.description, description2)
def test_delpermission(self):
"""
verify that a user with ACCESS_DEL in user2user table is able to
delete users. note: this user must not be the superadmin.
"""
db = self.ccd._db.conn
# create a user and a workgroup. give the user ACCESS_ADD in
# user2users table
user = create_user(db, str(random.randrange(1000,9999)))
wg = create_workgroup(db, "newworkgroup", user.uid, 2)
add_user2user(db, user.uid, 2) # ACCESS_DEL
valid_sid = self.ccd._assign_user_a_session(user).sid
# create user
name = str(getRandomBytes())
valid_pld = {"name": name,
"mail": "mail@mynewuser",
"password": "******"}
# first we create that new user
uid = new_user(self.ccd, valid_sid, valid_pld)
self.assertIsInstance(uid, int)
# second, we delete that user
del_pld = {"uid": uid}
self.assertIsNone(delete_user(self.ccd, valid_sid, del_pld))
user.delete(db)
wg.delete(db)
def test_invalid_sid(self):
""" withough valid session id an error must be raised """
valid_sid = self.session.sid
name = str(getRandomBytes())
password = "******"
add_pld = {"name": name,
"mail": "mail@mynewuser",
"password": password}
# first we create that new user
uid = new_user(self.ccd, valid_sid, add_pld)
self.assertIsInstance(uid, int)
# second, we update this user with an invalid sessin id
password2 = "mypassword2"
update_pld = {"uid": uid,
"old": password,
"new": password2
}
invalid_sid = "AAA"
self.assertRaises(InvalidSessionID,
update_user_passwd,
self.ccd,
invalid_sid,
update_pld)
def test_superadmin(self):
""" verify that the superadmin is able to delete users"""
valid_sid = self.session.sid
name = str(getRandomBytes())
add_pld = {"name": name,
"mail": "mail@mynewuser",
"password": "******"}
# first we create that new user
uid = new_user(self.ccd, valid_sid, add_pld)
self.assertIsInstance(uid, int)
# second, we delete the user
del_pld = {"uid": uid}
self.assertIsNone(delete_user(self.ccd, valid_sid, del_pld))
def test_superadmin(self):
""" verify that the superadmin is able to create users"""
valid_sid = self.session.sid
name = str(getRandomBytes())
valid_pld = {"name": name,
"mail": "mail@mynewuser",
"password": "******"}
# first we create that new user
uid = new_user(self.ccd, valid_sid, valid_pld)
self.assertIsInstance(uid, int)
# second, we check for the user to be in the database
uid2 = User.by_name(self.ccd._db.conn, name).uid
self.assertEqual(uid, uid2)
def test_superadmin(self):
""" verify that the superadmin is able to create users"""
valid_sid = self.session.sid
name = str(getRandomBytes())
valid_pld = {
"name": name,
"mail": "mail@mynewuser",
"password": "******"
}
# first we create that new user
uid = new_user(self.ccd, valid_sid, valid_pld)
self.assertIsInstance(uid, int)
# second, we check for the user to be in the database
uid2 = User.by_name(self.ccd._db.conn, name).uid
self.assertEqual(uid, uid2)
def test_superadmin(self):
""" verify that the superadmin is able to delete users"""
valid_sid = self.session.sid
name = str(getRandomBytes())
add_pld = {
"name": name,
"mail": "mail@mynewuser",
"password": "******"
}
# first we create that new user
uid = new_user(self.ccd, valid_sid, add_pld)
self.assertIsInstance(uid, int)
# second, we delete the user
del_pld = {"uid": uid}
self.assertIsNone(delete_user(self.ccd, valid_sid, del_pld))
def test_write_permission(self):
"""
verify that a user, with ACCESS_WRITE in user2users-table is able
to update an existing user.
"""
db = self.ccd._db.conn
# create a user and a workgroup. give the user ACCESS_ADD in
# user2users table
user = create_user(db, str(getRandomBytes()))
create_workgroup(db, "newworkgroup", user.uid, 2)
add_user2user(db, user.uid, 2) # ACCESS_WRITE
valid_sid = self.ccd._assign_user_a_session(user).sid
# first we create that new user
name = str(getRandomBytes())
add_pld = {
"name": name,
"mail": "mail@mynewuser",
"password": "******"
}
uid = new_user(self.ccd, valid_sid, add_pld)
self.assertIsInstance(uid, int)
# second, we update this user
name2 = str(getRandomBytes())
mail2 = "mymail%d" % random.randrange(1000, 9999)
description2 = "mydescription%d" % random.randrange(1000, 9999)
update_pld = {
"uid": uid,
"name": name2,
"mail": mail2,
"description": description2
}
self.assertIsNone(update_user(self.ccd, valid_sid, update_pld))
# third, we verify that the changed data is written to database
user = User.by_uid(self.ccd._db.conn, uid)
self.assertEqual(user.name, name2)
self.assertEqual(user.mail, mail2)
self.assertEqual(user.description, description2)
def test_permission_denied(self):
"""
verify that a non-superdmin user, who has no ACCESS_WRITE is not
allowed to modify a user
"""
db = self.ccd._db.conn
# create a user and a workgroup. give the user ACCESS_ADD in
# user2users table
user = create_user(db, str(random.randrange(1000, 9999)))
wg = create_workgroup(db, "newworkgroup", user.uid, 2)
add_user2user(db, user.uid, 3) # No ACCESS_WRITE
# create user
name = str(getRandomBytes())
password = "******"
valid_pld = {"name": name,
"mail": "mail@mynewuser",
"password": password}
# first we create that new user with SA session
uid = new_user(self.ccd, self.session.sid, valid_pld)
self.assertIsInstance(uid, int)
# second, we update this user with a user who has now allowance to do
# so
password2 = "mypassword2"
update_pld = {"uid": uid,
"old": password,
"new": password2
}
valid_sid = self.ccd._assign_user_a_session(user).sid
self.assertRaises(PermissionDenied,
update_user_passwd,
self.ccd,
valid_sid,
update_pld)
def assertExceedsLimit(self, pld, to_exceed):
"""
tries to update a user and checks for a InputError with a
message '* exceeds limit'
"""
valid_sid = self.session.sid
name = str(getRandomBytes())
add_pld = {
"name": name,
"mail": "mail@mynewuser",
"password": "******"
}
# first we create that new user
uid = new_user(self.ccd, valid_sid, add_pld)
self.assertIsInstance(uid, int)
pld.update({"uid": uid})
# now we check for arising error
self.assertRaisesRegexp(InputError, "%s exceeds limit" % to_exceed,
update_user, self.ccd, valid_sid, pld)
def test_missing_newpassword(self):
""" without providing a new password an InputError must be raised """
valid_sid = self.session.sid
name = str(getRandomBytes())
password = "******"
add_pld = {"name": name,
"mail": "mail@mynewuser",
"password": password}
# first we create that new user
uid = new_user(self.ccd, valid_sid, add_pld)
self.assertIsInstance(uid, int)
# second, we update this user
update_pld = {"uid": uid,
"old": password
}
self.assertRaisesRegexp(InputError,
"Invalid payload format!",
update_user_passwd,
self.ccd,
valid_sid,
update_pld)
def test_addpermission(self):
"""
verify that a user with ACCESS_ADD in user2user table is able to
create new users. note: this user must not be the superadmin.
"""
db = self.ccd._db.conn
# create a user and a workgroup. give the user ACCESS_ADD in
# user2users table
user = create_user(db, str(getRandomBytes()))
wg = create_workgroup(db, "newworkgroup", user.uid, 2)
del_user2user(db, user.uid)
add_user2user(db, user.uid, 2) # ACCESS_ADD
valid_sid = self.ccd._assign_user_a_session(user).sid
# create user
name = str(getRandomBytes())
valid_pld = {
"name": name,
"mail": "mail@mynewuser",
"password": "******"
}
# first we create that new user
uid = new_user(self.ccd, valid_sid, valid_pld)
self.assertIsInstance(uid, int)
# second, we check for the user to be in the database
user2 = User.by_name(self.ccd._db.conn, name)
try:
self.assertEqual(uid, user2.uid)
finally:
# delete them, since they are not needed anymore
user2.delete(db)
user.delete(db)
wg.delete(db)
def test_addpermission(self):
"""
verify that a user with ACCESS_ADD in user2user table is able to
update user's passwords. note: this user must not be the superadmin.
"""
db = self.ccd._db.conn
# create a user and a workgroup. give the user ACCESS_ADD in
# user2users table
user = create_user(db, str(random.randrange(1000, 9999)))
create_workgroup(db, "newworkgroup", user.uid, 2)
add_user2user(db, user.uid, 2) # ACCESS_ADD
valid_sid = self.ccd._assign_user_a_session(user).sid
# create user
name = str(getRandomBytes())
password = "******"
valid_pld = {"name": name,
"mail": "mail@mynewuser",
"password": password}
# first we create that new user
uid = new_user(self.ccd, valid_sid, valid_pld)
self.assertIsInstance(uid, int)
# second, we update this user
password2 = "mypassword2"
update_pld = {"uid": uid,
"old": password,
"new": password2
}
self.assertIsNone(update_user_passwd(self.ccd, valid_sid, update_pld))
# third, we verify that the changed data is written to database
users = getusers(self.ccd._db.conn, name, password2)
self.assertEqual(len(users), 1)
def test_superadmin(self):
""" verify that the superadmin is able to update user's password """
valid_sid = self.session.sid
name = str(getRandomBytes())
password = "******"
add_pld = {"name": name,
"mail": "mail@mynewuser",
"password": password}
# first we create that new user
uid = new_user(self.ccd, valid_sid, add_pld)
self.assertIsInstance(uid, int)
# second, we update this user
password2 = "mypassword2"
update_pld = {"uid": uid,
"old": password,
"new": password2
}
self.assertIsNone(update_user_passwd(self.ccd, valid_sid, update_pld))
# third, we verify that the changed data is written to database
users = getusers(self.ccd._db.conn, name, password2)
self.assertEqual(len(users), 1)
def assertInvalidPayload(self, pld):
"""
tries to create a new user and checks for a InputError with a
message 'Invalid payload format'
"""
valid_sid = self.session.sid
name = str(getRandomBytes())
add_pld = {
"name": name,
"mail": "mail@mynewuser",
"password": "******"
}
# first we create that new user
uid = new_user(self.ccd, valid_sid, add_pld)
self.assertIsInstance(uid, int)
pld.update({"uid": uid})
# now we check for arising error
self.assertRaisesRegexp(InputError, "Invalid payload format!",
update_user, self.ccd, valid_sid, pld)
