def test_ipa_client_batch_no_raise_errors(client, logged_in_dummy_user, dummy_group): """Check the IPAClient batch method""" with client.session_transaction() as sess: ipa = maybe_ipa_session(current_app, sess) result = ipa.batch( methods=[ { "method": "user_find", "params": [[], { "uid": "dummy", 'all': True }] }, { "method": "this_method_wont_work", "params": [["dummy-group"], {}] }, ], raise_errors=False, ) assert result['count'] == 2 assert result['results'][0]['result'][0]['displayname'][ 0] == 'Dummy User' assert isinstance(result['results'][1], BadRequest)
def test_ipa_client_batch_unknown_method(client, logged_in_dummy_user): """Check the IPAClient batch method returns unknown command errors""" with client.session_transaction() as sess: ipa = maybe_ipa_session(current_app, sess) with pytest.raises(BadRequest) as e: ipa.batch(methods=[{"method": "user_findy", "params": [[], {}]}]) assert "unknown command 'user_findy'" in e
def test_ipa_session_unauthorized(client, logged_in_dummy_user): """The user should be unauthorized when the session isn't valid for FreeIPA.""" with client.session_transaction() as sess: sess["noggin_session"] = Fernet( current_app.config['FERNET_SECRET']).encrypt(b'something-invalid') ipa = maybe_ipa_session(current_app, sess) assert ipa is None
def root(): ipa = maybe_ipa_session(current_app, session) username = session.get('noggin_username') if ipa and username: return redirect(url_for('.user', username=username)) # Kick any non-authed user back to the login form. activetab = request.args.get("tab", "login") register_form = RegisterUserForm(prefix="register") login_form = LoginUserForm(prefix="login") if login_form.validate_on_submit(): with handle_form_errors(login_form): return handle_login_form(login_form) if register_form.validate_on_submit(): with handle_form_errors(register_form): return handle_register_form(register_form) return render_template( 'index.html', register_form=register_form, login_form=login_form, activetab=activetab, )
def root(): ipa = maybe_ipa_session(current_app, session) username = session.get('noggin_username') if ipa and username: return redirect(url_for('.user', username=username)) # Kick any non-authed user back to the login form. activetab = request.args.get("tab", "login") register_form = RegisterUserForm(prefix="register") login_form = LoginUserForm(prefix="login") if login_form.validate_on_submit(): with handle_form_errors(login_form): return handle_login_form(login_form) if register_form.validate_on_submit(): if not current_app.config["REGISTRATION_OPEN"]: flash(_("Registration is closed at the moment."), "warning") return redirect(url_for('.root')) with handle_form_errors(register_form): return handle_register_form(register_form) return render_template( 'index.html', register_form=register_form, login_form=login_form, activetab=activetab, )
def test_ipa_client_fasagreement_find(client, logged_in_dummy_user, dummy_agreement): """Check the IPAClient fasagreement_find""" with client.session_transaction() as sess: ipa = maybe_ipa_session(current_app, sess) result = ipa.fasagreement_find(all=True) assert len(result) == 1 assert result[0]['cn'] == ['dummy agreement']
def fn(*args, **kwargs): ipa = maybe_ipa_session(app, session) if ipa: g.ipa = ipa g.current_user = User(g.ipa.user_find(whoami=True)['result'][0]) return f(*args, **kwargs, ipa=ipa) flash('Please log in to continue.', 'warning') return redirect(url_for('root'))
def fn(*args, **kwargs): ipa = maybe_ipa_session(current_app, session) if ipa: g.ipa = ipa g.current_user = User(g.ipa.user_find(whoami=True)['result'][0]) return f(*args, **kwargs, ipa=ipa) coming_from = quote(request.full_path) flash('Please log in to continue.', 'warning') return redirect(f"{url_for('.root')}?next={coming_from}")
def logout(): """Log the user out.""" # Don't use the with_ipa() decorator, otherwise anonymous users visiting this endpoint will be # asked to login to then be logged out. ipa = maybe_ipa_session(app, session) if ipa: ipa.logout() session.clear() return redirect(url_for('root'))
def test_ipa_client_batch_unknown_option(client, logged_in_dummy_user): """Check the IPAClient batch method returns invalid params errors""" with client.session_transaction() as sess: ipa = maybe_ipa_session(current_app, sess) with pytest.raises(BadRequest) as e: ipa.batch( methods=[{"method": "user_find", "params": [[], {"pants": "pants"}]}] ) assert "invalid 'params': Unknown option: pants" in e
def test_ipa_client_fasagreement_add_user(client, logged_in_dummy_user, dummy_agreement): """Check the IPAClient fasagreement_add_user""" with client.session_transaction() as sess: ipa = maybe_ipa_session(current_app, sess) # add a user to the agreement ipa.fasagreement_add_user("dummy agreement", user="******") # check it worked result = ipa.fasagreement_find(all=True) assert "dummy" in result[0]["memberuser_user"]
def logout(): """Log the user out.""" # Don't use the with_ipa() decorator, otherwise anonymous users visiting this endpoint will be # asked to login to then be logged out. try: ipa = maybe_ipa_session(current_app, session) except python_freeipa.exceptions.FreeIPAError: # Not much we can do here, proceed to logout and it may help solve the issue. ipa = None if ipa: ipa.logout() session.clear() return redirect(url_for('.root'))
def test_ipa_client_batch(client, logged_in_dummy_user, dummy_group): """Check the IPAClient batch method""" with client.session_transaction() as sess: ipa = maybe_ipa_session(current_app, sess) result = ipa.batch( methods=[ {"method": "user_find", "params": [[], {"uid": "dummy", 'all': True}]}, {"method": "group_find", "params": [["dummy-group"], {}]}, ] ) assert result['count'] == 2 assert result['results'][0]['result'][0]['displayname'][0] == 'Dummy User' assert result['results'][1]['result'][0]['description'][0] == 'A dummy group'
def test_ipa_client_fasagreement_add(client, logged_in_dummy_user, dummy_agreement): """Check the IPAClient fasagreement_add""" with client.session_transaction() as sess: ipa = maybe_ipa_session(current_app, sess) # add a new agreement and check it is there ipa_admin.fasagreement_add("pants agreement") result = ipa.fasagreement_find(all=True) assert len(result) == 2 assert result[0]['cn'] == ['dummy agreement'] assert result[1]['cn'] == ['pants agreement'] # cleanup ipa_admin.fasagreement_del("pants agreement")
def test_ipa_client_batch_no_raise_errors(client, logged_in_dummy_user, dummy_group): """Check the IPAClient batch method""" with client.session_transaction() as sess: ipa = maybe_ipa_session(current_app, sess) result = ipa.batch(a_methods=[ { "method": "user_find", "params": [["dummy"], {}] }, { "method": "this_method_wont_work", "params": [["dummy-group"], {}] }, ], ) assert result['count'] == 2 assert result['results'][0]['result'][0]['uid'][0] == 'dummy' assert result['results'][1]['error_name'] == 'CommandError'
def test_ipa_client_fasagreement_add_group(client, logged_in_dummy_user, dummy_group, dummy_agreement): """Check the IPAClient fasagreement_add_group""" with client.session_transaction() as sess: ipa = maybe_ipa_session(current_app, sess) # add a user to the agreement ipa_admin.fasagreement_add_group("dummy agreement", group="dummy-group") # check it worked result = ipa.fasagreement_find(all=True, cn="dummy agreement") assert len(result) == 1 assert result[0]["member_group"] == ["dummy-group"] # cleanup ipa_admin.fasagreement_remove_group("dummy agreement", group="dummy-group")
def password_reset(): # If already logged in, redirect to the logged in reset form ipa = maybe_ipa_session(app, session) username = session.get('noggin_username') if ipa and username: return redirect(url_for('user_settings_password', username=username)) username = request.args.get('username') if not username: abort(404) form = PasswordResetForm() if form.validate_on_submit(): res = _validate_change_pw_form(form, username) if res and res.ok: return redirect(url_for('root')) return render_template('password-reset.html', password_reset_form=form, username=username)
def test_ipa_session_invalid(client, logged_in_dummy_user): """We should raise an exception when the session can't be decrypted.""" with client.session_transaction() as sess: sess["noggin_session"] = "invalid" with pytest.raises(TypeError): maybe_ipa_session(current_app, sess)
def test_ipa_session_anonymous(client): """Check maybe_ipa_session() when no user is logged in""" with client.session_transaction() as sess: assert maybe_ipa_session(current_app, sess) is None
def test_ipa_session_authed(client, logged_in_dummy_user): """Check maybe_ipa_session() when a user is logged in""" with client.session_transaction() as sess: assert maybe_ipa_session(current_app, sess) is not None