async def test_list_factors_new_user(self, fs):
# Instantiate Mock Client
client = MockOktaClient(fs)
# Create User
user_profile = models.UserProfile()
user_profile.first_name = "John"
user_profile.last_name = "Doe-List-Factor"
user_profile.email = "*****@*****.**"
user_profile.login = "******"
create_user_req = models.CreateUserRequest({
"credentials":
models.UserCredentials({
"password":
models.PasswordCredential({"value": "Password150kta"})
}),
"profile":
user_profile
})
created_user, _, err = await client.create_user(create_user_req)
assert err is None
assert isinstance(created_user, models.User)
# List factor to validate
users_factors, _, err = await client.list_factors(created_user.id)
assert err is None
assert len(users_factors) == 0
# Deactivate + delete user
_, err = await client.deactivate_user(created_user.id)
assert err is None
_, err = await client.deactivate_or_delete_user(created_user.id)
assert err is None
async def test_activate_user(self, fs):
# Instantiate Mock Client
test_client = MockOktaClient(fs)
# Create Password
password = models.PasswordCredential({"value": "Password150kta"})
# Create User Credentials
user_creds = models.UserCredentials({"password": password})
# Create User Profile and CreateUser Request
user_profile = models.UserProfile()
user_profile.first_name = "John"
user_profile.last_name = "Doe-Activate"
user_profile.email = "*****@*****.**"
user_profile.login = "******"
create_user_req = models.CreateUserRequest({
"credentials": user_creds,
"profile": user_profile
})
try:
# Create query parameters and Create User
query_params_create = {"activate": "False"}
user, resp, err = await test_client.create_user(
create_user_req, query_params_create)
assert err is None
# Create query parameters and Activate User
query_params_activate = {"sendEmail": "False"}
token, resp, err = await test_client.activate_user(
user.id, query_params_activate)
assert err is None
assert token is not None
# Ensure correct Object is returned
assert isinstance(token, models.UserActivationToken)
# Create query parameters and List Users
query_params_list = {"filter": "status eq \"ACTIVE\""}
users, resp, err = await test_client.list_users(query_params_list)
assert err is None
# Ensure user is in list
assert next((usr for usr in users if usr.id == user.id),
None) is not None
finally:
errors = []
# Deactivate, then delete created user
try:
_, err = await test_client.deactivate_or_delete_user(user.id)
assert err is None
except Exception as exc:
errors.append(exc)
try:
_, err = await test_client.deactivate_or_delete_user(user.id)
assert err is None
except Exception as exc:
errors.append(exc)
assert len(errors) == 0
async def test_change_user_password(self, fs):
# Instantiate Mock Client
test_client = MockOktaClient(fs)
# Create Password
password = models.PasswordCredential({"value": "Password150kta"})
# Create User Credentials
user_creds = models.UserCredentials({"password": password})
# Create User Profile and CreateUser Request
user_profile = models.UserProfile()
user_profile.first_name = "John"
user_profile.last_name = "Doe-Change-PW"
user_profile.email = "*****@*****.**"
user_profile.login = "******"
create_user_req = models.CreateUserRequest({
"credentials": user_creds,
"profile": user_profile
})
# Create Query Parameters and Create User
query_params_create = {"activate": "True"}
user, _, err = await test_client.create_user(create_user_req,
query_params_create)
assert err is None
# Give time before changing password
time.sleep(1)
# Create new Password
NEW_PASSWORD = "******"
new_password = models.PasswordCredential({"value": NEW_PASSWORD})
change_pw_req = models.ChangePasswordRequest({
"oldPassword":
password,
"newPassword":
new_password
})
# change password and retrieve user after
_, _, err = await test_client.change_password(user.id, change_pw_req)
assert err is None
got_user, resp, err = await test_client.get_user(user.id)
assert got_user.id == user.id
assert err is None
# Verify password in updated user obj, changed after original
DATETIME_FORMAT = "%Y-%m-%dT%H:%M:%S.%fZ"
assert datetime.strptime(got_user.password_changed, DATETIME_FORMAT)\
> datetime.strptime(user.password_changed, DATETIME_FORMAT)
# Deactivate, then delete created user
_, err = await test_client.deactivate_or_delete_user(user.id)
assert err is None
_, err = await test_client.deactivate_or_delete_user(user.id)
assert err is None
async def test_assign_user_to_role(self, fs):
# Instantiate Mock Client
test_client = MockOktaClient(fs)
# Create Password
password = models.PasswordCredential({"value": "Password150kta"})
# Create User Credentials
user_creds = models.UserCredentials({"password": password})
# Create User Profile and CreateUser Request
user_profile = models.UserProfile()
user_profile.first_name = "John"
user_profile.last_name = "Doe-Assign-User-Role"
user_profile.email = "*****@*****.**"
user_profile.login = "******"
create_user_req = models.CreateUserRequest({
"credentials": user_creds,
"profile": user_profile
})
# Create Query Parameters and Create User
query_params_create = {"activate": "True"}
user, _, err = await test_client.create_user(create_user_req,
query_params_create)
assert err is None
# Create Assign Role Request with Roletype Enum
USER_ADMIN = models.RoleType.USER_ADMIN
assign_role_req = models.AssignRoleRequest({"type": USER_ADMIN})
# Assign Role to User
_, _, err = await test_client.assign_role_to_user(
user.id, assign_role_req)
assert err is None
# Get Roles for user and ensure role assigned is found
roles, _, err = await test_client.list_assigned_roles_for_user(user.id)
found_role = next((role for role in roles if role.type == USER_ADMIN),
None)
assert found_role is not None
# Remove assigned role from user
_, err = await test_client.remove_role_from_user(
user.id, found_role.id)
assert err is None
# Get Roles for user and ensure role assigned is NOT found
roles, _, err = await test_client.list_assigned_roles_for_user(user.id)
found_role = next((role for role in roles if role.type == USER_ADMIN),
None)
assert found_role is None
# Deactivate, then delete created user
_, err = await test_client.deactivate_or_delete_user(user.id)
assert err is None
_, err = await test_client.deactivate_or_delete_user(user.id)
assert err is None
async def test_suspend_user(self, fs):
# Instantiate Mock Client
test_client = MockOktaClient(fs)
# Create Password
password = models.PasswordCredential({"value": "Password150kta"})
# Create User Credentials
user_creds = models.UserCredentials({"password": password})
# Create User Profile and CreateUser Request
user_profile = models.UserProfile()
user_profile.first_name = "John"
user_profile.last_name = "Doe-Suspend"
user_profile.email = "*****@*****.**"
user_profile.login = "******"
create_user_req = models.CreateUserRequest({
"credentials": user_creds,
"profile": user_profile
})
# Create Query Parameters and Create User
query_params_create = {"activate": "True"}
user, _, err = await test_client.create_user(create_user_req,
query_params_create)
assert err is None
# Suspend User
_, err = await test_client.suspend_user(user.id)
assert err is None
# Create query params and List Suspended Users
query_params_list = {"filter": "status eq \"SUSPENDED\""}
users, resp, err = await test_client.list_users(query_params_list)
assert err is None
# Ensure created user is in list
assert next((usr for usr in users if usr.id == user.id),
None) is not None
# Unsuspend User
_, err = await test_client.unsuspend_user(user.id)
assert err is None
# Create query params and List Active Users
query_params_list = {"filter": "status eq \"ACTIVE\""}
users, resp, err = await test_client.list_users(query_params_list)
assert err is None
# Ensure created user is in list
assert next((usr for usr in users if usr.id == user.id),
None) is not None
# Deactivate, then delete created user
_, err = await test_client.deactivate_or_delete_user(user.id)
assert err is None
_, err = await test_client.deactivate_or_delete_user(user.id)
assert err is None
async def test_create_get_user(self, fs):
# Instantiate Mock Client
test_client = MockOktaClient(fs)
# Create Password
password = models.PasswordCredential({"value": "Password150kta"})
# Create User Credentials
user_creds = models.UserCredentials({"password": password})
# Create User Profile and CreateUser Request
user_profile = models.UserProfile()
user_profile.first_name = "John"
user_profile.last_name = "Doe-Get"
user_profile.email = "*****@*****.**"
user_profile.login = "******"
create_user_req = models.CreateUserRequest({
"credentials": user_creds,
"profile": user_profile
})
query_params_create = {"activate": "False"}
# Create User
user, resp, err = await test_client.create_user(
create_user_req, query_params_create)
assert err is None
got_user, resp, err = await test_client.get_user(user.id)
assert got_user.id == user.id
got_user_with_string, resp, err = await test_client.get_user(
user_profile.login)
assert got_user_with_string.id == user.id
assert user.profile.first_name == user_profile.first_name
assert user.profile.last_name == user_profile.last_name
assert user.profile.email == user_profile.email
assert user.profile.login == user_profile.login
user_id = user.id
# Deactivate, then delete created user
_, err = await test_client.deactivate_or_delete_user(user.id)
assert err is None
_, err = await test_client.deactivate_or_delete_user(user.id)
assert err is None
user, _, err = await test_client.get_user(user_id)
assert user is None
assert isinstance(err, OktaAPIError)
async def test_enroll_sms_factor(self, fs):
# Instantiate Mock Client
client = MockOktaClient(fs)
# Create User
user_profile = models.UserProfile()
user_profile.first_name = "John"
user_profile.last_name = "Doe-SMS"
user_profile.email = "*****@*****.**"
user_profile.login = "******"
create_user_req = models.CreateUserRequest({
"credentials":
models.UserCredentials({
"password":
models.PasswordCredential({"value": "Password150kta"})
}),
"profile":
user_profile
})
created_user, _, err = await client.create_user(create_user_req)
assert err is None
assert isinstance(created_user, models.User)
# Create and add factor
sms_factor = models.SmsUserFactor({
"profile":
models.SmsUserFactorProfile({"phoneNumber": "+12345678901"})
})
enrolled_factor, _, err = await \
client.enroll_factor(created_user.id, sms_factor)
assert err is None
assert isinstance(enrolled_factor, models.SmsUserFactor)
# List factor to validate
users_factors, _, err = await client.list_factors(created_user.id)
assert err is None
assert len(users_factors) > 0 and len(users_factors) == 1
assert isinstance(users_factors[0], models.SmsUserFactor)
assert users_factors[0].id == enrolled_factor.id
assert users_factors[0].factor_type == models.FactorType.SMS
assert users_factors[0].profile.phone_number ==\
sms_factor.profile.phone_number
# Deactivate + delete user
_, err = await client.deactivate_user(created_user.id)
assert err is None
_, err = await client.deactivate_or_delete_user(created_user.id)
assert err is None
async def test_get_reset_password_link_for_user(self, fs):
# Instantiate Mock Client
test_client = MockOktaClient(fs)
# Create Password
password = models.PasswordCredential({"value": "Password150kta"})
# Create User Credentials
user_creds = models.UserCredentials({"password": password})
# Create User Profile and CreateUser Request
user_profile = models.UserProfile()
user_profile.first_name = "John"
user_profile.last_name = "Doe-Reset-PW-URL"
user_profile.email = "*****@*****.**"
user_profile.login = "******"
create_user_req = models.CreateUserRequest({
"credentials": user_creds,
"profile": user_profile
})
try:
# Create Query Parameters and Create User
query_params_create = {"activate": "True"}
user, _, err = await test_client.create_user(
create_user_req, query_params_create)
# Create Query Parameters and get Reset Password Token
query_params_reset_pw = {"sendEmail": "False"}
reset_pw_token, _, err = await test_client.reset_password(
user.id, query_params_reset_pw)
assert err is None
assert isinstance(reset_pw_token, models.ResetPasswordToken)
assert reset_pw_token is not None
finally:
errors = []
# Deactivate, then delete created user
try:
_, err = await test_client.deactivate_or_delete_user(user.id)
assert err is None
except Exception as exc:
errors.append(exc)
try:
_, err = await test_client.deactivate_or_delete_user(user.id)
assert err is None
except Exception as exc:
errors.append(exc)
assert len(errors) == 0
async def test_expire_password_get_temporary(self, fs):
# Instantiate Mock Client
test_client = MockOktaClient(fs)
# Create Password
password = models.PasswordCredential({"value": "Password150kta"})
# Create User Credentials
user_creds = models.UserCredentials({"password": password})
# Create User Profile and CreateUser Request
user_profile = models.UserProfile()
user_profile.first_name = "John"
user_profile.last_name = "Doe-Expire-PW-URL"
user_profile.email = "*****@*****.**"
user_profile.login = "******"
create_user_req = models.CreateUserRequest({
"credentials": user_creds,
"profile": user_profile
})
try:
# Create Query Parameters and Create User
query_params_create = {"activate": "True"}
user, _, err = await test_client.create_user(
create_user_req, query_params_create)
assert err is None
# Create Query Parameters and get Temporary Password
temporary_pw, _, err = await\
test_client.expire_password_and_get_temporary_password(user.id)
assert err is None
assert isinstance(temporary_pw, models.TempPassword)
assert temporary_pw is not None
finally:
errors = []
# Deactivate, then delete created user
try:
_, err = await test_client.deactivate_or_delete_user(user.id)
assert err is None
except Exception as exc:
errors.append(exc)
try:
_, err = await test_client.deactivate_or_delete_user(user.id)
assert err is None
except Exception as exc:
errors.append(exc)
assert len(errors) == 0
async def test_update_user_profile(self, fs):
# Instantiate Mock Client
test_client = MockOktaClient(fs)
# Create Password
password = models.PasswordCredential({"value": "Password150kta"})
# Create User Credentials
user_creds = models.UserCredentials({"password": password})
# Create User Profile and CreateUser Request
user_profile = models.UserProfile()
user_profile.first_name = "John"
user_profile.last_name = "Doe-Update-Profile"
user_profile.email = "*****@*****.**"
user_profile.login = "******"
create_user_req = models.CreateUserRequest({
"credentials": user_creds,
"profile": user_profile
})
# Create query parameters and Create User
query_params_create = {"activate": "False"}
user, _, err = await test_client.create_user(create_user_req,
query_params_create)
assert err is None
# Craft new profile and get user object
new_profile = user.profile
NICK_NAME = "JD"
new_profile.nick_name = NICK_NAME
updated_user = models.User({"profile": new_profile})
# Update User with new details
new_user, _, err = await test_client.update_user(user.id, updated_user)
assert err is None
assert new_user is not None
# Retrieve user and ensure details are updated
got_user, _, err = await test_client.get_user(user.id)
assert err is None
assert got_user.id == user.id
assert got_user.profile.nick_name == NICK_NAME
# Deactivate, then delete created user
_, err = await test_client.deactivate_or_delete_user(user.id)
assert err is None
_, err = await test_client.deactivate_or_delete_user(user.id)
assert err is None
async def test_change_recovery_question(self, fs):
# Instantiate Mock Client
test_client = MockOktaClient(fs)
# Create Password
password = models.PasswordCredential({"value": "Password150kta"})
# Create User Credentials
user_creds = models.UserCredentials({"password": password})
# Create User Profile and CreateUser Request
user_profile = models.UserProfile()
user_profile.first_name = "John"
user_profile.last_name = "Doe-Change-Recovery"
user_profile.email = "*****@*****.**"
user_profile.login = "******"
create_user_req = models.CreateUserRequest({
"credentials": user_creds,
"profile": user_profile
})
# Create Query Parameters and Create User
query_params_create = {"activate": "True"}
user, _, err = await test_client.create_user(create_user_req,
query_params_create)
assert err is None
# Create Recovery Question
NEW_RECOVERY_Q = "What's your favourite security question?"
NEW_RECOVERY_A = "This One!"
new_recovery_question = models.RecoveryQuestionCredential({
"question":
NEW_RECOVERY_Q,
"answer":
NEW_RECOVERY_A
})
new_user_creds = models.UserCredentials({
"password":
password,
"recoveryQuestion":
new_recovery_question
})
# Change Recovery Question
updated_user_creds, _, err = await\
test_client.change_recovery_question(user.id, new_user_creds)
assert err is None
assert isinstance(updated_user_creds, models.UserCredentials)
# Create New Password
NEW_PASSWORD = password.value[::-1] # reverse string
new_pw = models.PasswordCredential({"value": NEW_PASSWORD})
recovery_answer = models.RecoveryQuestionCredential(
{"answer": NEW_RECOVERY_A})
change_pw_user_creds = models.UserCredentials({
"password":
new_pw,
"recoveryQuestion":
recovery_answer
})
# Create New Password using Recovery Question answer
_, _, err = await test_client.forgot_password_set_new_password(
user.id, change_pw_user_creds)
assert err is None
# Get User and verify password was changed
got_user, _, err = await test_client.get_user(user.id)
assert got_user.id == user.id
assert err is None
DATETIME_FORMAT = "%Y-%m-%dT%H:%M:%S.%fZ"
assert datetime.strptime(got_user.password_changed, DATETIME_FORMAT)\
> datetime.strptime(user.password_changed, DATETIME_FORMAT)
# Deactivate, then delete created user
_, err = await test_client.deactivate_or_delete_user(user.id)
assert err is None
_, err = await test_client.deactivate_or_delete_user(user.id)
assert err is None
async def test_delete_factor(self, fs):
# Instantiate Mock Client
client = MockOktaClient(fs)
# Create User
user_profile = models.UserProfile()
user_profile.first_name = "John"
user_profile.last_name = "Doe-Delete-Factor"
user_profile.email = "*****@*****.**"
user_profile.login = "******"
create_user_req = models.CreateUserRequest({
"credentials":
models.UserCredentials({
"password":
models.PasswordCredential({"value": "Password150kta"})
}),
"profile":
user_profile
})
created_user, _, err = await client.create_user(create_user_req)
assert err is None
assert isinstance(created_user, models.User)
# Create and add factor
sms_factor = models.SmsUserFactor({
"profile":
models.SmsUserFactorProfile({"phoneNumber": "+12345678901"})
})
enrolled_factor, _, err = await \
client.enroll_factor(created_user.id, sms_factor)
assert err is None
assert isinstance(enrolled_factor, models.SmsUserFactor)
# Get factor to validate
retrieved_user_factor, _, err = await client.get_factor(
created_user.id, enrolled_factor.id)
assert err is None
assert isinstance(retrieved_user_factor, models.SmsUserFactor)
assert retrieved_user_factor.id == enrolled_factor.id
assert retrieved_user_factor.factor_type == models.FactorType.SMS
assert retrieved_user_factor.profile.phone_number ==\
sms_factor.profile.phone_number
# Delete factor
_, err = await client.delete_factor(created_user.id,
enrolled_factor.id)
assert err is None
# Get factor to validate
retrieved_user_factor, resp, err = await client.get_factor(
created_user.id, enrolled_factor.id)
assert err is not None
assert isinstance(err, OktaAPIError)
assert retrieved_user_factor is None
assert resp.get_status() == HTTPStatus.NOT_FOUND
# Deactivate + delete user
_, err = await client.deactivate_user(created_user.id)
assert err is None
_, err = await client.deactivate_or_delete_user(created_user.id)
assert err is None
async def test_list_supported_security_questions(self):
# Instantiate Mock Client
client = MockOktaClient(fs)
client = Client()
# Create User
user_profile = models.UserProfile()
user_profile.first_name = "John"
user_profile.last_name = "Doe-List-Security-Question"
user_profile.email = "*****@*****.**"
user_profile.login = "******"
create_user_req = models.CreateUserRequest({
"credentials":
models.UserCredentials({
"password":
models.PasswordCredential({"value": "Password150kta"})
}),
"profile":
user_profile
})
created_user, _, err = await client.create_user(create_user_req)
assert err is None
assert isinstance(created_user, models.User)
# Create and add factor
sec_q_factor = models.SecurityQuestionUserFactor({
"factorType":
models.FactorType.QUESTION,
"provider":
models.FactorProvider.OKTA,
"profile":
models.SecurityQuestionUserFactorProfile({
"question": "disliked_food",
"answer": "lasagna"
})
})
enrolled_factor, _, err = await \
client.enroll_factor(created_user.id, sec_q_factor)
assert err is None
assert isinstance(enrolled_factor, models.SecurityQuestionUserFactor)
# List factor to validate
users_factors, _, err = await client.list_factors(created_user.id)
assert err is None
assert len(users_factors) > 0 and len(users_factors) == 1
assert isinstance(users_factors[0], models.SecurityQuestionUserFactor)
assert users_factors[0].factor_type == models.FactorType.QUESTION
assert users_factors[0].id == sec_q_factor.id
assert users_factors[0].profile.question ==\
sec_q_factor.profile.question
assert users_factors[0].profile.answer == sec_q_factor.profile.answer
assert users_factors[0].profile.question_text
# List Security q's
retrieved_questions, _, err = await \
client.list_supported_security_questions(created_user.id)
assert err is None
assert next(
(question for question in retrieved_questions
if question.profile.question == enrolled_factor.profile.question))
# Deactivate + delete user
_, err = await client.deactivate_user(created_user.id)
assert err is None
_, err = await client.deactivate_or_delete_user(created_user.id)
assert err is None
async def test_remove_group(self, fs):
# Instantiate Mock Client
client = MockOktaClient(fs)
# Create Password
password = models.PasswordCredential({"value": "Password150kta"})
# Create User Credentials
user_creds = models.UserCredentials({"password": password})
# Create User Profile and CreateUser Request
user_profile = models.UserProfile()
user_profile.first_name = "John"
user_profile.last_name = "Doe-Remove-Group"
user_profile.email = "*****@*****.**"
user_profile.login = "******"
create_user_req = models.CreateUserRequest({
"credentials": user_creds,
"profile": user_profile
})
# Create query parameters and Create User
query_params_create = {"activate": "False"}
user, _, err = await client.create_user(create_user_req,
query_params_create)
assert err is None
assert isinstance(user, models.User)
# Create Group Object
GROUP_NAME = "Group-Target-Test"
group_profile = models.GroupProfile({"name": GROUP_NAME})
group_obj = models.Group({"profile": group_profile})
# Create Group
group, _, err = await client.create_group(group_obj)
assert err is None
assert isinstance(group, models.Group)
# Add user to group
_, err = await client.add_user_to_group(group.id, user.id)
assert err is None
users_in_group, _, err = await client.list_group_users(group.id)
assert err is None
assert next((usr for usr in users_in_group if usr.id == user.id))
# Delete created group
_, err = await client.delete_group(group.id)
assert err is None
# Retrieve group list again to ensure deleted
groups_list, _, err = await client.list_groups()
assert err is None
assert next(
(grp for grp in groups_list if grp.id == group.id), None) is None
# Deactivate, then delete created user
_, err = await client.deactivate_or_delete_user(user.id)
assert err is None
_, err = await client.deactivate_or_delete_user(user.id)
assert err is None
async def test_group_users_operations(self, fs):
# Instantiate Mock Client
client = MockOktaClient(fs)
# Create Password
password = models.PasswordCredential({
"value": "Password150kta"
})
# Create User Credentials
user_creds = models.UserCredentials({
"password": password
})
# Create User Profile and CreateUser Request
user_profile = models.UserProfile()
user_profile.first_name = "John"
user_profile.last_name = "Doe-Activate"
user_profile.email = "*****@*****.**"
user_profile.login = "******"
create_user_req = models.CreateUserRequest({
"credentials": user_creds,
"profile": user_profile
})
try:
# Create query parameters and Create User
query_params_create = {"activate": "False"}
user, _, err = await client.create_user(
create_user_req, query_params_create)
assert err is None
assert isinstance(user, models.User)
# Create Group Object
GROUP_NAME = "Group-Target-Test"
group_profile = models.GroupProfile({
"name": GROUP_NAME
})
group_obj = models.Group({
"profile": group_profile
})
# Create Group
group, _, err = await client.create_group(group_obj)
assert err is None
assert isinstance(group, models.Group)
# Add user to group
_, err = await client.add_user_to_group(group.id, user.id)
assert err is None
users_in_group, _, err = await client.list_group_users(group.id)
assert err is None
assert next((usr for usr in users_in_group if usr.id == user.id))
# Remove user from group
_, err = await client.remove_user_from_group(group.id, user.id)
assert err is None
users_in_group, _, err = await client.list_group_users(group.id)
assert err is None
assert len(users_in_group) == 0
assert next(
(usr for usr in users_in_group if usr.id == user.id), None) is None
finally:
errors = []
# Deactivate, then delete created user
try:
_, err = await client.deactivate_or_delete_user(user.id)
assert err is None
except Exception as exc:
errors.append(exc)
try:
_, err = await client.deactivate_or_delete_user(user.id)
assert err is None
except Exception as exc:
errors.append(exc)
# Delete created group
try:
_, err = await client.delete_group(group.id)
assert err is None
except Exception as exc:
errors.append(exc)
assert len(errors) == 0
async def test_reset_factors(self):
# Instantiate Mock Client
client = MockOktaClient(fs)
# Create User
user_profile = models.UserProfile()
user_profile.first_name = "John"
user_profile.last_name = "Doe-Reset-Factor"
user_profile.email = "*****@*****.**"
user_profile.login = "******"
create_user_req = models.CreateUserRequest({
"credentials": models.UserCredentials({
"password": models.PasswordCredential({
"value": "Password150kta"
})
}),
"profile": user_profile
})
try:
created_user, _, err = await client.create_user(create_user_req)
assert err is None
assert isinstance(created_user, models.User)
# Create and add factor
sms_factor = models.SmsUserFactor({
"profile": models.SmsUserFactorProfile({
"phoneNumber": "+12345678901"
})
})
enrolled_factor, _, err = await \
client.enroll_factor(created_user.id, sms_factor)
assert err is None
assert isinstance(enrolled_factor, models.SmsUserFactor)
# Get factor to validate
retrieved_user_factor, _, err = await client.get_factor(
created_user.id, enrolled_factor.id
)
assert err is None
assert isinstance(retrieved_user_factor, models.SmsUserFactor)
assert retrieved_user_factor.id == enrolled_factor.id
assert retrieved_user_factor.factor_type == models.FactorType.SMS
assert retrieved_user_factor.profile.phone_number ==\
sms_factor.profile.phone_number
# Reset factor
_, err = await client.reset_factors(created_user.id)
assert err is None
# List factors to validate
users_factors, _, err = await client.list_factors(created_user.id)
assert err is None
assert len(users_factors) == 0
finally:
errors = []
# Deactivate + delete user
try:
_, err = await client.deactivate_user(created_user.id)
assert err is None
except Exception as exc:
errors.append(exc)
try:
_, err = await client.deactivate_or_delete_user(created_user.id)
assert err is None
except Exception as exc:
errors.append(exc)
assert len(errors) == 0
async def test_user_group_target_to_role(self, fs):
# Instantiate Mock Client
test_client = MockOktaClient(fs)
# Create Password
password = models.PasswordCredential({"value": "Password150kta"})
# Create User Credentials
user_creds = models.UserCredentials({"password": password})
# Create User Profile and CreateUser Request
user_profile = models.UserProfile()
user_profile.first_name = "John"
user_profile.last_name = "Doe-Group-Target-Role-Assign"
user_profile.email = "*****@*****.**"
user_profile.login = "******"
create_user_req = models.CreateUserRequest({
"credentials": user_creds,
"profile": user_profile
})
# Create Query Parameters and Create User
query_params_create = {"activate": "True"}
user, _, err = await test_client.create_user(create_user_req,
query_params_create)
assert err is None
# Create Group Object
NEW_GROUP_NAME = "Group-Target-Test-Assign"
new_group_profile = models.GroupProfile({"name": NEW_GROUP_NAME})
new_group = models.Group({"profile": new_group_profile})
# Create Group
group, _, err = await test_client.create_group(new_group)
assert err is None
# Create request to assign role to user
USER_ADMIN = models.RoleType.USER_ADMIN
assign_role_req = models.AssignRoleRequest({"type": USER_ADMIN})
# Assign Role to User
user_role, _, err = await test_client.assign_role_to_user(
user.id, assign_role_req)
assert err is None
# Add Group Target to the Role
_, err = await test_client.add_group_target_to_role(
user.id, user_role.id, group.id)
assert err is None
# Retrieve group targets for role and ensure added one is there
groups, _, err = await test_client.list_group_targets_for_role(
user.id, user_role.id)
assert next((grp for grp in groups if grp.id == group.id),
None) is not None
# Create another group to add
NEW_GROUP_NAME = "Temp-Group-Target-Test-Assign"
new_group_profile = models.GroupProfile({"name": NEW_GROUP_NAME})
new_group = models.Group({"profile": new_group_profile})
# Create 2nd group
temp_group, _, err = await test_client.create_group(new_group)
assert err is None
# Add new group target to role and remove original
_, err = await test_client.add_group_target_to_role(
user.id, user_role.id, temp_group.id)
assert err is None
_, err = await test_client.remove_group_target_from_role(
user.id, user_role.id, group.id)
assert err is None
# Deactivate, then delete created user
_, err = await test_client.deactivate_or_delete_user(user.id)
assert err is None
_, err = await test_client.deactivate_or_delete_user(user.id)
assert err is None
# Delete groups created
await test_client.delete_group(group.id)
await test_client.delete_group(temp_group.id)
async def test_group_rule_operations(self, fs):
# Instantiate Mock Client
client = MockOktaClient(fs)
# Create Password
password = models.PasswordCredential({
"value": "Password150kta"
})
# Create User Credentials
user_creds = models.UserCredentials({
"password": password
})
# Create User Profile and CreateUser Request
user_profile = models.UserProfile()
user_profile.first_name = "John"
user_profile.last_name = "Doe-Group-Rule-Ops"
user_profile.email = "*****@*****.**"
user_profile.login = "******"
create_user_req = models.CreateUserRequest({
"credentials": user_creds,
"profile": user_profile
})
try:
# Create query parameters and Create User
query_params_create = {"activate": "False"}
user, _, err = await client.create_user(
create_user_req, query_params_create)
assert err is None
assert isinstance(user, models.User)
# Create Group Object
GROUP_NAME = "Group-Target-Test-Group-Rule-Ops"
group_profile = models.GroupProfile({
"name": GROUP_NAME
})
group_obj = models.Group({
"profile": group_profile
})
# Create Group
group, _, err = await client.create_group(group_obj)
assert err is None
assert isinstance(group, models.Group)
# Create Group Rule
last_name = user.profile.last_name
GROUP_RULE_NAME = "Test-Group-Rule-Group-Rule-Ops"
GROUP_RULE_TYPE = "group_rule"
GROUP_RULE_EXP_TYPE = "urn:okta:expression:1.0"
GROUP_RULE_EXP_VALUE = f"user.lastName==\"{last_name}\""
group_rule_exp = models.GroupRuleExpression({
"type": GROUP_RULE_EXP_TYPE,
"value": GROUP_RULE_EXP_VALUE
})
group_rule_cond = models.GroupRuleConditions({
"expression": group_rule_exp
})
group_rule_group_assignment = models.GroupRuleGroupAssignment({
"groupIds": [group.id]
})
group_rule_action = models.GroupRuleAction({
"assignUserToGroups": group_rule_group_assignment
})
group_rule_object = models.GroupRule({
"actions": group_rule_action,
"conditions": group_rule_cond,
"name": GROUP_RULE_NAME,
"type": GROUP_RULE_TYPE
})
group_rule, _, err = await client.create_group_rule(group_rule_object)
assert err is None
assert isinstance(group_rule, models.GroupRule)
# Activate Group Rule
_, err = await client.activate_group_rule(group_rule.id)
assert err is None
# 15 second sleep for backend to update
mock_pause_function(15)
users_in_group, _, err = await client.list_group_users(group.id)
assert err is None
assert next((usr for usr in users_in_group if usr.id ==
user.id), None) is not None
# Ensure activated rule is in group rules
group_rules, _, err = await client.list_group_rules()
assert err is None
assert next((rule for rule in group_rules if rule.id ==
group_rule.id), None) is not None
# Deactivate rule (to update)
_, err = await client.deactivate_group_rule(group_rule.id)
assert err is None
# Update rule
# Create new rule
NEW_GROUP_RULE_NAME = "Test-Group-Rule Updated"
NEW_GROUP_RULE_EXP_VALUE = "user.lastName==\"BLAHBLAHBLAH\""
new_group_rule_exp = models.GroupRuleExpression({
"type": GROUP_RULE_EXP_TYPE,
"value": NEW_GROUP_RULE_EXP_VALUE
})
new_group_rule_cond = models.GroupRuleConditions({
"expression": new_group_rule_exp
})
new_group_rule_group_assignment = models.GroupRuleGroupAssignment({
"groupIds": [group.id]
})
new_group_rule_action = models.GroupRuleAction({
"assignUserToGroups": new_group_rule_group_assignment
})
new_group_rule_object = models.GroupRule({
"actions": new_group_rule_action,
"conditions": new_group_rule_cond,
"name": NEW_GROUP_RULE_NAME,
"type": GROUP_RULE_TYPE
})
new_group_rule, _, err = await client.update_group_rule(
group_rule.id,
new_group_rule_object)
assert err is None
# Activate updated rule and verify user isn't in group
_, err = await client.activate_group_rule(new_group_rule.id)
assert err is None
# 15 second sleep for backend to update
mock_pause_function(15)
users_in_group, _, err = await client.list_group_users(group.id)
assert err is None
assert next(
(usr for usr in users_in_group if usr.id == user.id), None) is None
finally:
errors = []
# Deactivate rule
try:
_, err = await client.deactivate_group_rule(new_group_rule.id)
assert err is None
except Exception as exc:
errors.append(exc)
# Deactivate, then delete created user
try:
_, err = await client.deactivate_user(user.id)
assert err is None
except Exception as exc:
errors.append(exc)
try:
_, err = await client.deactivate_or_delete_user(user.id)
assert err is None
except Exception as exc:
errors.append(exc)
# Delete created group
try:
_, err = await client.delete_group(group.id)
assert err is None
except Exception as exc:
errors.append(exc)
# Delete group rules
try:
_, err = await client.delete_group_rule(group_rule.id)
assert err is None
except Exception as exc:
errors.append(exc)
assert len(errors) == 0
async def test_user_pagination(self, fs):
# Instantiate Mock Client
test_client = MockOktaClient(fs)
# Create Password
password = models.PasswordCredential({"value": "Password150kta"})
# Create User Credentials
user_creds = models.UserCredentials({"password": password})
# Create 2 user profiles
first_user_profile = models.UserProfile()
first_user_profile.first_name = "John"
first_user_profile.last_name = "Doe-Paginate-1"
first_user_profile.email = "*****@*****.**"
first_user_profile.login = "******"
second_user_profile = models.UserProfile()
second_user_profile.first_name = "John"
second_user_profile.last_name = "Doe-Paginate-2"
second_user_profile.email = "*****@*****.**"
second_user_profile.login = "******"
first_create_user_req = models.CreateUserRequest({
"credentials":
user_creds,
"profile":
first_user_profile
})
second_create_user_req = models.CreateUserRequest({
"credentials":
user_creds,
"profile":
second_user_profile
})
# Create Query Parameters and Create 2 Users
query_params_create = {"activate": "False"}
user1, _, err = await test_client.create_user(first_create_user_req,
query_params_create)
assert err is None
user2, _, err = await test_client.create_user(second_create_user_req,
query_params_create)
assert err is None
# Create Query Parameters and List Users
query_params_limit = {"limit": "1"} # Retrieve one user
usr_list, resp, err = await test_client.list_users(query_params_limit)
assert err is None
assert len(usr_list) == 1
assert isinstance(usr_list[0], models.User)
assert resp.has_next() # ensure next can be determined
# Retrieve next page of results
second_usr_list, err = await resp.next()
assert err is None
assert len(second_usr_list) == 1
assert isinstance(second_usr_list[0], models.User)
# Deactivate & delete both users
_, err = await test_client.deactivate_or_delete_user(user1.id)
assert err is None
_, err = await test_client.deactivate_or_delete_user(user1.id)
assert err is None
_, err = await test_client.deactivate_or_delete_user(user2.id)
assert err is None
_, err = await test_client.deactivate_or_delete_user(user2.id)
assert err is None
# Ensure deletion
found_user, _, err = await test_client.get_user(user1.id)
assert found_user is None
assert isinstance(err, OktaAPIError)
async def test_enroll_security_question_factor(self):
# Instantiate Mock Client
client = MockOktaClient(fs)
# Create User
user_profile = models.UserProfile()
user_profile.first_name = "John"
user_profile.last_name = "Doe-Security-Question"
user_profile.email = "*****@*****.**"
user_profile.login = "******"
create_user_req = models.CreateUserRequest({
"credentials": models.UserCredentials({
"password": models.PasswordCredential({
"value": "Password150kta"
})
}),
"profile": user_profile
})
try:
created_user, _, err = await client.create_user(create_user_req)
assert err is None
assert isinstance(created_user, models.User)
# Create and add factor
sec_q_factor = models.SecurityQuestionUserFactor({
"factorType": models.FactorType.QUESTION,
"provider": models.FactorProvider.OKTA,
"profile": models.SecurityQuestionUserFactorProfile({
"question": "disliked_food",
"answer": "lasagna"
})
})
enrolled_factor, _, err = await \
client.enroll_factor(created_user.id, sec_q_factor)
assert err is None
assert isinstance(enrolled_factor, models.SecurityQuestionUserFactor)
# List factor to validate
users_factors, _, err = await client.list_factors(created_user.id)
assert err is None
assert len(users_factors) > 0 and len(users_factors) == 1
assert isinstance(users_factors[0], models.SecurityQuestionUserFactor)
assert users_factors[0].factor_type == models.FactorType.QUESTION
assert users_factors[0].id == sec_q_factor.id
assert users_factors[0].profile.question ==\
sec_q_factor.profile.question
assert users_factors[0].profile.answer == sec_q_factor.profile.answer
assert users_factors[0].profile.question_text
finally:
errors = []
# Deactivate + delete user
try:
_, err = await client.deactivate_user(created_user.id)
assert err is None
except Exception as exc:
errors.append(exc)
try:
_, err = await client.deactivate_or_delete_user(created_user.id)
assert err is None
except Exception as exc:
errors.append(exc)
assert len(errors) == 0