def test_05_multiple_entries(self):
# two consistent entries
now = datetime.now()
UserCache("hans1", "resolver1", "uid1", now - timedelta(seconds=60)).save()
UserCache("hans1", "resolver1", "uid1", now).save()
r = UserCache.query.filter(UserCache.username == "hans1", UserCache.resolver == "resolver1")
self.assertEquals(r.count(), 2)
u_name = get_username("uid1", "resolver1")
self.assertEqual(u_name, "hans1")
r = delete_user_cache()
# two inconsistent entries: most recent entry (ordered by datetime) wins
UserCache("hans2", "resolver1", "uid1", now).save()
UserCache("hans1", "resolver1", "uid1", now - timedelta(seconds=60)).save()
r = UserCache.query.filter(UserCache.user_id == "uid1", UserCache.resolver == "resolver1")
self.assertEquals(r.count(), 2)
u_name = get_username("uid1", "resolver1")
self.assertEqual(u_name, "hans2")
# Clean up the cache
r = delete_user_cache()
def test_05_multiple_entries(self):
# two consistent entries
now = datetime.now()
UserCache("hans1", "hans1", "resolver1", "uid1",
now - timedelta(seconds=60)).save()
UserCache("hans1", "hans1", "resolver1", "uid1", now).save()
r = UserCache.query.filter(UserCache.username == "hans1",
UserCache.resolver == "resolver1")
self.assertEquals(r.count(), 2)
u_name = get_username("uid1", "resolver1")
self.assertEqual(u_name, "hans1")
r = delete_user_cache()
# two inconsistent entries: most recent entry (ordered by datetime) wins
UserCache("hans2", "hans2", "resolver1", "uid1", now).save()
UserCache("hans1", "hans1", "resolver1", "uid1",
now - timedelta(seconds=60)).save()
r = UserCache.query.filter(UserCache.user_id == "uid1",
UserCache.resolver == "resolver1")
self.assertEquals(r.count(), 2)
u_name = get_username("uid1", "resolver1")
self.assertEqual(u_name, "hans2")
# Clean up the cache
r = delete_user_cache()
def test_03_get_identifiers(self):
# create realm
self._create_realm()
# delete user_cache
r = delete_user_cache()
self.assertTrue(r >= 0)
# The username is not in the cache. It is fetched from the resolver
# At the same time the cache is filled. Implicitly we test the
# _get_resolvers!
user = User(self.username, self.realm1, self.resolvername1)
uids = user.get_user_identifiers()
self.assertEqual(user.login, self.username)
self.assertEqual(user.uid, self.uid)
# Now, the cache should have exactly one entry
entry = UserCache.query.one()
self.assertEqual(entry.user_id, self.uid)
self.assertEqual(entry.username, self.username)
self.assertEqual(entry.resolver, self.resolvername1)
ts = entry.timestamp
# delete the resolver, which also purges the cache
self._delete_realm()
# manually re-add the entry from above
UserCache(self.username, self.username, self.resolvername1, self.uid,
ts).save()
# the username is fetched from the cache
u_name = get_username(self.uid, self.resolvername1)
self.assertEqual(u_name, self.username)
# The `User` class also fetches the UID from the cache
user2 = User(self.username, self.realm1, self.resolvername1)
self.assertEqual(user2.uid, self.uid)
# delete the cache
r = delete_user_cache()
# try to fetch the username. It is not in the cache and the
# resolver does not exist anymore.
u_name = get_username(self.uid, self.resolvername1)
self.assertEqual(u_name, "")
# similar case for the `User` class
# The `User` class also tries to fetch the UID from the cache
with self.assertRaises(UserError):
user3 = User(self.username, self.realm1, self.resolvername1)
def test_99_unset_config(self):
# Test early exit!
# Assert that the function `retrieve_latest_entry` is called if the cache is enabled
with patch('privacyidea.lib.usercache.retrieve_latest_entry') as mock_retrieve:
mock_retrieve.return_value = None
get_username('some-userid', 'resolver1')
self.assertEqual(mock_retrieve.call_count, 1)
set_privacyidea_config(EXPIRATION_SECONDS, 0)
self.assertFalse(is_cache_enabled())
# Assert that the function `retrieve_latest_entry` is not called anymore
with patch('privacyidea.lib.usercache.retrieve_latest_entry') as mock_retrieve:
mock_retrieve.return_value = None
get_username('some-userid', 'resolver1')
self.assertEqual(mock_retrieve.call_count, 0)
def test_01_get_username_from_cache(self):
# If a username is already contained in the cache, the function
# lib.user.get_username will return the cache value
username = "******"
resolver = "resolver1"
uid = "1"
expiration_delta = get_cache_time()
r = UserCache(username, resolver, uid, datetime.now()).save()
u_name = get_username(uid, resolver)
self.assertEqual(u_name, username)
# A non-existing user is not in the cache and returns and empty username
u_name = get_username(uid, "resolver_does_not_exist")
self.assertEqual(u_name, "")
def test_99_unset_config(self):
# Test early exit!
# Assert that the function `retrieve_latest_entry` is called if the cache is enabled
with patch('privacyidea.lib.usercache.retrieve_latest_entry') as mock_retrieve:
mock_retrieve.return_value = None
get_username('some-userid', 'resolver1')
self.assertEqual(mock_retrieve.call_count, 1)
set_privacyidea_config(EXPIRATION_SECONDS, 0)
self.assertFalse(is_cache_enabled())
# Assert that the function `retrieve_latest_entry` is not called anymore
with patch('privacyidea.lib.usercache.retrieve_latest_entry') as mock_retrieve:
mock_retrieve.return_value = None
get_username('some-userid', 'resolver1')
self.assertEqual(mock_retrieve.call_count, 0)
def test_01_get_username_from_cache(self):
# If a username is already contained in the cache, the function
# lib.user.get_username will return the cache value
username = "******"
resolver = "resolver1"
uid = "1"
expiration_delta = get_cache_time()
r = UserCache(username, username, resolver, uid, datetime.now()).save()
u_name = get_username(uid, resolver)
self.assertEqual(u_name, username)
# A non-existing user is not in the cache and returns and empty username
u_name = get_username(uid, "resolver_does_not_exist")
self.assertEqual(u_name, "")
def test_06_implicit_cache_population(self):
self._create_realm()
# testing `get_username`
self.assertEquals(UserCache.query.count(), 0)
# the cache is empty, so the username is read from the resolver
u_name = get_username(self.uid, self.resolvername1)
self.assertEqual(self.username, u_name)
# it should be part of the cache now
r = UserCache.query.filter(
UserCache.user_id == self.uid,
UserCache.resolver == self.resolvername1).one()
self.assertEqual(self.username, r.username)
# Apart from that, the cache should be empty.
self.assertEqual(UserCache.query.count(), 1)
r = delete_user_cache()
# testing `User()`, but this time we add an already-expired entry to the cache
self.assertEquals(UserCache.query.count(), 0)
UserCache(self.username, self.username, self.resolvername1, 'fake_uid',
datetime.now() - timedelta(weeks=50)).save()
# cache contains an expired entry, uid is read from the resolver (we can verify
# that the cache entry is indeed not queried as it contains 'fake_uid' instead of the correct uid)
user = User(self.username, self.realm1, self.resolvername1)
self.assertEqual(user.uid, self.uid)
# a new entry should have been added to the cache now
r = retrieve_latest_entry((UserCache.username == self.username)
& (UserCache.resolver == self.resolvername1))
self.assertEqual(self.uid, r.user_id)
# But the expired entry is also still in the cache
self.assertEqual(UserCache.query.count(), 2)
r = delete_user_cache()
self._delete_realm()
def test_06_implicit_cache_population(self):
self._create_realm()
# testing `get_username`
self.assertEquals(UserCache.query.count(), 0)
# the cache is empty, so the username is read from the resolver
u_name = get_username(self.uid, self.resolvername1)
self.assertEqual(self.username, u_name)
# it should be part of the cache now
r = UserCache.query.filter(UserCache.user_id == self.uid, UserCache.resolver == self.resolvername1).one()
self.assertEqual(self.username, r.username)
# Apart from that, the cache should be empty.
self.assertEqual(UserCache.query.count(), 1)
r = delete_user_cache()
# testing `User()`, but this time we add an already-expired entry to the cache
self.assertEquals(UserCache.query.count(), 0)
UserCache(self.username, self.resolvername1, 'fake_uid', datetime.now() - timedelta(weeks=50)).save()
# cache contains an expired entry, uid is read from the resolver (we can verify
# that the cache entry is indeed not queried as it contains 'fake_uid' instead of the correct uid)
user = User(self.username, self.realm1, self.resolvername1)
self.assertEqual(user.uid, self.uid)
# a new entry should have been added to the cache now
r = retrieve_latest_entry((UserCache.username == self.username) & (UserCache.resolver == self.resolvername1))
self.assertEqual(self.uid, r.user_id)
# But the expired entry is also still in the cache
self.assertEqual(UserCache.query.count(), 2)
r = delete_user_cache()
self._delete_realm()
def test_03_get_identifiers(self):
# create realm
self._create_realm()
# delete user_cache
r = delete_user_cache()
self.assertTrue(r >= 0)
# The username is not in the cache. It is fetched from the resolver
# At the same time the cache is filled. Implicitly we test the
# _get_resolvers!
user = User(self.username, self.realm1, self.resolvername1)
uids = user.get_user_identifiers()
self.assertEqual(user.login, self.username)
self.assertEqual(user.uid, self.uid)
# Now, the cache should have exactly one entry
entry = UserCache.query.one()
self.assertEqual(entry.user_id, self.uid)
self.assertEqual(entry.username, self.username)
self.assertEqual(entry.resolver, self.resolvername1)
# delete the resolver, which also purges the cache
self._delete_realm()
# manually re-add the entry from above
UserCache(entry.username, entry.resolver, entry.user_id, entry.timestamp).save()
# the username is fetched from the cache
u_name = get_username(self.uid, self.resolvername1)
self.assertEqual(u_name, self.username)
# The `User` class also fetches the UID from the cache
user2 = User(self.username, self.realm1, self.resolvername1)
self.assertEqual(user2.uid, self.uid)
# delete the cache
r = delete_user_cache()
# try to fetch the username. It is not in the cache and the
# resolver does not exist anymore.
u_name = get_username(self.uid, self.resolvername1)
self.assertEqual(u_name, "")
# similar case for the `User` class
# The `User` class also tries to fetch the UID from the cache
with self.assertRaises(UserError):
user3 = User(self.username, self.realm1, self.resolvername1)
def test_08_invalidate_delete_resolver(self):
self._create_realm()
self._populate_cache()
# call delete_resolver on resolver1, which should invalidate all of its entries
self._delete_realm()
self.assertEquals(UserCache.query.count(), 1)
# Only hans3 in resolver2 should still be in the cache
u_name = get_username("uid2", "resolver2")
self.assertEquals("hans3", u_name)
delete_user_cache()
def test_08_invalidate_delete_resolver(self):
self._create_realm()
self._populate_cache()
# call delete_resolver on resolver1, which should invalidate all of its entries
self._delete_realm()
self.assertEquals(UserCache.query.count(), 1)
# Only hans3 in resolver2 should still be in the cache
u_name = get_username("uid2", "resolver2")
self.assertEquals("hans3", u_name)
delete_user_cache()
def test_01_secondary_login_attribute(self):
ldap3mock.setLDAPDirectory(LDAPDirectory)
self._create_ldap_realm()
# Populate the user cache, check its contents
user1 = User('alice', self.ldap_realm)
self.assertEquals(user1.resolver, self.ldap_resolver)
self.assertEquals(user1.uid, "cn=alice,ou=example,o=test")
self.assertEquals(user1.login, "alice")
self.assertEquals(user1.used_login, "alice")
entry = UserCache.query.one()
self.assertEquals(entry.user_id, user1.uid)
self.assertEquals(entry.used_login, "alice")
self.assertEquals(entry.username, "alice")
self.assertEquals(entry.resolver, self.ldap_resolver)
# query again, user cache does not change
user2 = User('alice', self.ldap_realm)
self.assertEquals(user2.resolver, self.ldap_resolver)
self.assertEquals(user2.uid, "cn=alice,ou=example,o=test")
self.assertEquals(user2.login, "alice")
self.assertEquals(user2.used_login, "alice")
self.assertEquals(UserCache.query.count(), 1)
# use secondary login attribute, usercache has a new entry with secondary login attribute
user3 = User('*****@*****.**', self.ldap_realm)
self.assertEquals(user3.resolver, self.ldap_resolver)
self.assertEquals(user3.uid, "cn=alice,ou=example,o=test")
self.assertEquals(user3.login, "alice")
self.assertEquals(user3.used_login, "*****@*****.**")
entries = UserCache.query.filter_by(
user_id="cn=alice,ou=example,o=test").order_by(UserCache.id).all()
self.assertEquals(len(entries), 2)
entry = entries[-1]
self.assertEquals(entry.user_id, user1.uid)
self.assertEquals(entry.used_login, "*****@*****.**")
self.assertEquals(entry.username, "alice")
self.assertEquals(entry.resolver, self.ldap_resolver)
# use secondary login attribute again, login name is fetched correctly
user4 = User('*****@*****.**', self.ldap_realm)
self.assertEquals(user4.resolver, self.ldap_resolver)
self.assertEquals(user4.uid, "cn=alice,ou=example,o=test")
self.assertEquals(user4.login, "alice")
self.assertEquals(user4.used_login, "*****@*****.**")
# still only two entries in the cache
entries = UserCache.query.filter_by(
user_id="cn=alice,ou=example,o=test").order_by(UserCache.id).all()
self.assertEquals(len(entries), 2)
# get the primary login name
login_name = get_username("cn=alice,ou=example,o=test",
self.ldap_resolver)
self.assertEquals(login_name, "alice")
# still only two entries in the cache
entries = UserCache.query.filter_by(
user_id="cn=alice,ou=example,o=test").order_by(UserCache.id).all()
self.assertEquals(len(entries), 2)
self._delete_ldap_realm()
def test_02_get_resolvers(self):
# enable user cache
set_privacyidea_config(EXPIRATION_SECONDS, 600)
# create realm
self._create_realm()
# delete user_cache
r = delete_user_cache()
self.assertTrue(r >= 0)
# The username is not in the cache. It is fetched from the resolver
# At the same time the cache is filled.
user = User(self.username, self.realm1)
self.assertEqual(user.login, self.username)
# The user ID is fetched from the resolver
self.assertEqual(user.uid, self.uid)
# Now, the cache should have exactly one entry
entry = UserCache.query.one()
self.assertEqual(entry.user_id, self.uid)
self.assertEqual(entry.username, self.username)
self.assertEqual(entry.resolver, self.resolvername1)
ts = entry.timestamp
# delete the resolver, which also purges the cache
self._delete_realm()
# manually re-add the entry from above
UserCache(self.username, self.username, self.resolvername1, self.uid,
ts).save()
# the username is fetched from the cache
u_name = get_username(self.uid, self.resolvername1)
self.assertEqual(u_name, self.username)
# delete the cache
r = delete_user_cache()
# try to fetch the username. It is not in the cache and the
# resolver does not exist anymore.
u_name = get_username(self.uid, self.resolvername1)
self.assertEqual(u_name, "")
def test_11_cache_expiration(self):
# delete user_cache
r = delete_user_cache()
self.assertTrue(r >= 0)
# populate the cache with artificial, somewhat "old", but still relevant data
timestamp = datetime.now() - timedelta(seconds=300)
UserCache("hans1", "hans1", "resolver1", "uid1", timestamp).save()
UserCache("hans2", "hans2", "resolver1", "uid2", timestamp).save()
# check that the cache is indeed queried
self.assertEqual(get_username("uid1", "resolver1"), "hans1")
self.assertEqual(User("hans2", "realm1", "resolver1").uid, "uid2")
# check that the (non-existent) resolver is queried
# for entries not contained in the cache
self.assertEqual(get_username("uid3", "resolver1"), "")
# TODO: Interestingly, if we mock `datetime` here to increase the time by one
# day, this test works, but a subsequent test (test_ui_certificate) will fail
# with weird error messages. So we do not use the datetime mock for now.
#with self._patch_datetime_now('privacyidea.lib.usercache.datetime.datetime') as mock_datetime:
with patch('privacyidea.lib.usercache.get_cache_time'
) as mock_get_cache_time:
# Instead, we just decrease the cache time from 600 to 60 seconds,
# which causes the entries above to be considered expired
mock_get_cache_time.return_value = timedelta(seconds=60)
# check that the cached entries are not queried anymore
self.assertEqual(UserCache.query.count(), 2)
self.assertEqual(get_username("uid1", "resolver1"), "")
with self.assertRaises(UserError):
User("hans2", "realm1", "resolver1")
self.assertEqual(get_username("uid3", "resolver1"), "")
# We add another, "current" entry
UserCache("hans4", "hans4", "resolver1", "uid4",
datetime.now()).save()
self.assertEqual(UserCache.query.count(), 3)
# we now remove old entries, only the newest remains
delete_user_cache(expired=True)
self.assertEqual(UserCache.query.count(), 1)
self.assertEqual(UserCache.query.one().user_id, "uid4")
# clean up
delete_user_cache()
def test_11_cache_expiration(self):
# delete user_cache
r = delete_user_cache()
self.assertTrue(r >= 0)
# populate the cache with artificial, somewhat "old", but still relevant data
timestamp = datetime.now() - timedelta(seconds=300)
UserCache("hans1", "resolver1", "uid1", timestamp).save()
UserCache("hans2", "resolver1", "uid2", timestamp).save()
# check that the cache is indeed queried
self.assertEqual(get_username("uid1", "resolver1"), "hans1")
self.assertEqual(User("hans2", "realm1", "resolver1").uid, "uid2")
# check that the (non-existent) resolver is queried
# for entries not contained in the cache
self.assertEqual(get_username("uid3", "resolver1"), "")
# TODO: Interestingly, if we mock `datetime` here to increase the time by one
# day, this test works, but a subsequent test (test_ui_certificate) will fail
# with weird error messages. So we do not use the datetime mock for now.
#with self._patch_datetime_now('privacyidea.lib.usercache.datetime.datetime') as mock_datetime:
with patch('privacyidea.lib.usercache.get_cache_time') as mock_get_cache_time:
# Instead, we just decrease the cache time from 600 to 60 seconds,
# which causes the entries above to be considered expired
mock_get_cache_time.return_value = timedelta(seconds=60)
# check that the cached entries are not queried anymore
self.assertEqual(UserCache.query.count(), 2)
self.assertEqual(get_username("uid1", "resolver1"), "")
with self.assertRaises(UserError):
User("hans2", "realm1", "resolver1")
self.assertEqual(get_username("uid3", "resolver1"), "")
# We add another, "current" entry
UserCache("hans4", "resolver1", "uid4", datetime.now()).save()
self.assertEqual(UserCache.query.count(), 3)
# we now remove old entries, only the newest remains
delete_user_cache(expired=True)
self.assertEqual(UserCache.query.count(), 1)
self.assertEqual(UserCache.query.one().user_id, "uid4")
# clean up
delete_user_cache()
def test_01_secondary_login_attribute(self):
ldap3mock.setLDAPDirectory(LDAPDirectory)
self._create_ldap_realm()
# Populate the user cache, check its contents
user1 = User('alice', self.ldap_realm)
self.assertEquals(user1.resolver, self.ldap_resolver)
self.assertEquals(user1.uid, "cn=alice,ou=example,o=test")
self.assertEquals(user1.login, "alice")
self.assertEquals(user1.used_login, "alice")
entry = UserCache.query.one()
self.assertEquals(entry.user_id, user1.uid)
self.assertEquals(entry.used_login, "alice")
self.assertEquals(entry.username, "alice")
self.assertEquals(entry.resolver, self.ldap_resolver)
# query again, user cache does not change
user2 = User('alice', self.ldap_realm)
self.assertEquals(user2.resolver, self.ldap_resolver)
self.assertEquals(user2.uid, "cn=alice,ou=example,o=test")
self.assertEquals(user2.login, "alice")
self.assertEquals(user2.used_login, "alice")
self.assertEquals(UserCache.query.count(), 1)
# use secondary login attribute, usercache has a new entry with secondary login attribute
user3 = User('*****@*****.**', self.ldap_realm)
self.assertEquals(user3.resolver, self.ldap_resolver)
self.assertEquals(user3.uid, "cn=alice,ou=example,o=test")
self.assertEquals(user3.login, "alice")
self.assertEquals(user3.used_login, "*****@*****.**")
entries = UserCache.query.filter_by(user_id="cn=alice,ou=example,o=test").order_by(UserCache.id).all()
self.assertEquals(len(entries), 2)
entry = entries[-1]
self.assertEquals(entry.user_id, user1.uid)
self.assertEquals(entry.used_login, "*****@*****.**")
self.assertEquals(entry.username, "alice")
self.assertEquals(entry.resolver, self.ldap_resolver)
# use secondary login attribute again, login name is fetched correctly
user4 = User('*****@*****.**', self.ldap_realm)
self.assertEquals(user4.resolver, self.ldap_resolver)
self.assertEquals(user4.uid, "cn=alice,ou=example,o=test")
self.assertEquals(user4.login, "alice")
self.assertEquals(user4.used_login, "*****@*****.**")
# still only two entries in the cache
entries = UserCache.query.filter_by(user_id="cn=alice,ou=example,o=test").order_by(UserCache.id).all()
self.assertEquals(len(entries), 2)
# get the primary login name
login_name = get_username("cn=alice,ou=example,o=test", self.ldap_resolver)
self.assertEquals(login_name, "alice")
# still only two entries in the cache
entries = UserCache.query.filter_by(user_id="cn=alice,ou=example,o=test").order_by(UserCache.id).all()
self.assertEquals(len(entries), 2)
self._delete_ldap_realm()
def test_02_get_resolvers(self):
# create realm
self._create_realm()
# delete user_cache
r = delete_user_cache()
self.assertTrue(r >= 0)
# The username is not in the cache. It is fetched from the resolver
# At the same time the cache is filled.
user = User(self.username, self.realm1)
self.assertEqual(user.login, self.username)
# The user ID is fetched from the resolver
self.assertEqual(user.uid, self.uid)
# Now, the cache should have exactly one entry
entry = UserCache.query.one()
self.assertEqual(entry.user_id, self.uid)
self.assertEqual(entry.username, self.username)
self.assertEqual(entry.resolver, self.resolvername1)
# delete the resolver, which also purges the cache
self._delete_realm()
# manually re-add the entry from above
UserCache(entry.username, entry.resolver, entry.user_id, entry.timestamp).save()
# the username is fetched from the cache
u_name = get_username(self.uid, self.resolvername1)
self.assertEqual(u_name, self.username)
# delete the cache
r = delete_user_cache()
# try to fetch the username. It is not in the cache and the
# resolver does not exist anymore.
u_name = get_username(self.uid, self.resolvername1)
self.assertEqual(u_name, "")
def test_07_invalidate_save_resolver(self):
self._create_realm()
self._populate_cache()
# call save_resolver on resolver1, which should invalidate all entries of "resolver1"
# (even the expired 'hans2' one)
save_resolver({"resolver": self.resolvername1,
"type": "passwdresolver",
"fileName": self.PWFILE,
"type.fileName": "string",
"desc.fileName": "Some change"
})
self.assertEquals(UserCache.query.count(), 1)
# Only hans3 in resolver2 should still be in the cache
# We can use get_username to ensure it is fetched from the cache
# because resolver2 does not actually exist
u_name = get_username("uid2", "resolver2")
self.assertEquals("hans3", u_name)
delete_user_cache()
self._delete_realm()
def test_07_invalidate_save_resolver(self):
self._create_realm()
self._populate_cache()
# call save_resolver on resolver1, which should invalidate all entries of "resolver1"
# (even the expired 'hans2' one)
save_resolver({"resolver": self.resolvername1,
"type": "passwdresolver",
"fileName": self.PWFILE,
"type.fileName": "string",
"desc.fileName": "Some change"
})
self.assertEquals(UserCache.query.count(), 1)
# Only hans3 in resolver2 should still be in the cache
# We can use get_username to ensure it is fetched from the cache
# because resolver2 does not actually exist
u_name = get_username("uid2", "resolver2")
self.assertEquals("hans3", u_name)
delete_user_cache()
self._delete_realm()
def test_03_get_username(self):
username = get_username("0", self.resolvername1)
self.assertTrue(username == "root", username)
def test_03_get_username(self):
username = get_username("0", self.resolvername1)
self.assertTrue(username == "root", username)