def test_load_user_file(self):
user = UserInfo("no_date", "Luke Murphey", ["admin", "power"])
user.save(self.tmp_dir)
# Try to load the given user
loaded_user = UserInfo.getUserInfo(user.username, self.tmp_dir)
self.assertEqual(user.username, loaded_user.username)
def test_clear_user_cache(self):
# Save a user to the cache
ui_before = UserInfo("lmurphey2", "Luke Murphey", ["admin", "power"])
self.assertTrue(ui_before.save(self.tmp_dir ), "File was not saved properly")
# Clear the user info
self.assertTrue(UserInfo.clearUserInfo("lmurphey2", os.path.join(self.tmp_dir)))
# Verify the file doesn't exist
self.assertFalse(os.path.isfile(os.path.join(self.tmp_dir, "70fce03a92dd14d910839bccbd1b474b.json")))
def test_load_signature(self):
ui = UserInfo("jdoe", "John Doe", ["admin", "power"])
self.assertNotEqual(ui.load_signature, None)
self.assertFalse(ui.hasChanged())
ui.realname = "Luke Murphey"
self.assertTrue(ui.hasChanged())
def test_save_and_load(self):
ui_before = UserInfo("lmurphey", "Luke Murphey", ["admin", "power"])
self.assertTrue(ui_before.save(self.tmp_dir ), "File was not saved properly" )
ui_after = UserInfo.load("lmurphey", self.tmp_dir)
self.assertEqual(ui_after.realname, ui_before.realname)
self.assertEqual(ui_after.username, ui_before.username)
self.assertEqual(ui_after.roles, ui_before.roles)
self.assertEqual(ui_after.load_signature, ui_before.load_signature)
def test_to_dict(self):
ui_before = UserInfo("jdoe", "John Doe", ["admin", "power"])
d_before = ui_before.toDict()
ui_after = UserInfo.loadFromDict(d_before)
self.assertEqual(ui_after.realname, ui_before.realname)
self.assertEqual(ui_after.username, ui_before.username)
self.assertEqual(ui_after.roles, ui_before.roles)
self.assertEqual(ui_after.load_signature, ui_before.load_signature)
def test_auth_auth_info_roles_override_caps_insensitive(self):
roles = ["admin", "power", "can_delete"]
roles_map_file_path = self.write_auth_csv(self.username.upper(), roles)
try:
ra = RadiusAuth(self.server, self.secret, self.identifier, vendor_code=self.vendor_code, roles_attribute_id=self.roles_attribute_id)
result = ra.authenticate(self.username, self.password, update_user_info=True, directory=self.tmp_dir, roles_map_file_path=roles_map_file_path)
self.assertTrue(result)
users = UserInfo.getAllUsers(self.tmp_dir)
self.assertEqual(len(users), 1)
# Get the user
user = users[0]
self.assertTrue(user.username, self.username)
# Make sure the roles exist:
if 'can_delete' not in user.roles:
self.fail("can_delete not in the roles (%s)" % (user.roles))
if 'admin' not in user.roles:
self.fail("admin not in the roles (%s)" % (user.roles))
if 'power' not in user.roles:
self.fail("power not in the roles (%s)" % (user.roles))
self.assertEqual(len(user.roles), 3)
finally:
os.remove(roles_map_file_path)
def test_auth_nologin(self):
# Write out a roles map with 'nologin' for the user
roles = ["admin", "power", "nologin"]
roles_map_file_path = self.write_auth_csv(self.username, roles)
try:
# Try authentication
ra = RadiusAuth(self.server, self.secret, self.identifier, self.roles_key, vendor_code=self.vendor_code, roles_attribute_id=self.roles_attribute_id)
result = ra.authenticate(self.username, self.password, update_user_info=True, directory=self.tmp_dir, roles_map_file_path=roles_map_file_path)
self.assertFalse(result)
users = UserInfo.getAllUsers(self.tmp_dir)
self.assertEqual(len(users), 1)
# Get the user
user = users[0]
self.assertEqual(user.username, bytesToString(self.username))
# Make sure the nologin role exists:
if 'nologin' not in user.roles:
self.fail("nologin not in the roles (%s)" % (user.roles))
finally:
os.remove(roles_map_file_path)
def test_auth_auth_info_junk_in_dir(self):
with open(os.path.join(self.tmp_dir, "some_junk.csv"), "w") as junk_file:
# Write out some junk in the directory and see if it handled well (we will write a CSV since it isn't valid JSON)
junk_file.write("This is just some stuff that isn't valid JSON")
# Now, proceed with the authentication attempt and make sure the correct result occurs
ra = RadiusAuth(self.server, self.secret, self.identifier, vendor_code=self.vendor_code, roles_attribute_id=self.roles_attribute_id)
result = ra.authenticate(self.username, self.password, update_user_info=True, directory=self.tmp_dir)
self.assertTrue(result)
users = UserInfo.getAllUsers(self.tmp_dir)
self.assertEqual(len(users), 1)
# Get the user
user = users[0]
self.assertEqual(stringToBytes(user.username), self.username)
# Make sure the roles exist:
if 'can_delete' not in user.roles:
self.fail("can_delete not in the roles (%s)" % (user.roles))
if 'admin' not in user.roles:
self.fail("admin not in the roles (%s)" % (user.roles))
def test_get_user_info(self):
# Create a user-info object to load
user_info = UserInfo(self.username, "John Doe", ["admin", "power"])
self.assertTrue(user_info.save(self.tmp_dir ), "File was not saved properly")
# Redirect output to a string so that we can test it
out = StringIO()
# Build the input
args = {}
args[USERNAME] = self.username
# Try to get the user info
getUserInfo(args, out, self.tmp_dir)
# Test the output
self.assertEqual(out.getvalue().strip(), "--status=success --userInfo=;" + bytesToString(self.username) + ";John Doe;admin:power")
def test_save_and_load_file(self):
ui_before = UserInfo("lmurphey", "Luke Murphey", ["admin", "power"])
ui_before.updateLastLogin()
ui_before.updateLoadSignature()
self.assertTrue(ui_before.save(self.tmp_dir ), "File was not saved properly" )
ui_after = UserInfo.loadFile(os.path.join(self.tmp_dir, "3f0d712f3d3d99e26aa3a45a1f37494c.json") )
self.assertEqual(ui_after.realname, ui_before.realname)
self.assertEqual(ui_after.username, ui_before.username)
self.assertEqual(ui_after.roles, ui_before.roles)
self.assertEqual(ui_after.lastLoginTime, ui_before.lastLoginTime)
self.assertEqual(ui_after.load_signature, ui_before.load_signature)
def test_auth_auth_info_custom_roles_key(self):
ra = RadiusAuth(self.server, self.secret, self.identifier, roles_key="(28, 15)")
result = ra.authenticate(self.username, self.password, update_user_info=True, directory=self.tmp_dir)
self.assertTrue(result)
users = UserInfo.getAllUsers(self.tmp_dir)
self.assertEqual(len(users), 1)
# Get the user
user = users[0]
self.assertTrue(user.username, self.username)
# Make sure the roles list is empty (since we entered a roles key that doesn't match the one used by the server and is therefore invalid)
self.assertEqual(user.roles, [])
def test_load_users(self):
user_lmurphey = UserInfo("lmurphey", "Luke Murphey", ["admin", "power"])
self.assertTrue(user_lmurphey.save(self.tmp_dir ), "File was not saved properly" )
user_jdoe = UserInfo("jdoe", "Jane Doe", ["admin", "power"])
self.assertTrue(user_jdoe.save(self.tmp_dir ), "File was not saved properly" )
users = UserInfo.getAllUsers(self.tmp_dir )
self.assertEqual(len(users), 2)
for user in users:
if user.username == "lmurphey":
self.assertEqual(user_lmurphey.load_signature, user.load_signature)
elif user.username == "jdoe":
self.assertEqual(user_jdoe.load_signature, user.load_signature)
def test_auth_auth_info_default_roles(self):
expected_roles=["manager", "analyst"]
# Authenticate using an invalid roles key so that we use the default roles, not the one provided by the server
ra = RadiusAuth(self.server, self.secret, self.identifier, roles_key="(28, 15)", default_roles=expected_roles)
result = ra.authenticate(self.username, self.password, update_user_info=True, directory=self.tmp_dir)
self.assertTrue(result)
users = UserInfo.getAllUsers(self.tmp_dir)
self.assertEqual(len(users), 1)
# Get the user
user = users[0]
self.assertTrue(user.username, self.username)
self.assertEqual(sorted(user.roles), sorted(expected_roles))
def test_auth_auth_info(self):
ra = RadiusAuth(self.server, self.secret, self.identifier, vendor_code = self.vendor_code, roles_attribute_id=self.roles_attribute_id)
result = ra.authenticate(self.username, self.password, update_user_info=True, directory=self.tmp_dir)
self.assertTrue(result)
users = UserInfo.getAllUsers(self.tmp_dir)
self.assertEqual(len(users), 1)
# Get the user
user = users[0]
self.assertTrue(user.username, self.username)
# Make sure the roles exist:
if 'can_delete' not in user.roles:
self.fail("can_delete not in the roles (%s)" % (user.roles))
if 'admin' not in user.roles:
self.fail("admin not in the roles (%s)" % (user.roles))
def test_auth_auth_info_roles_override(self):
"""
This ensures that the CSV file containing the overrides for the roles is correctly loaded and used.
This tests the underlying functions getRolesFromLookup() and loadRolesMap()
"""
roles = ["admin", "power", "can_delete"]
roles_map_file_path = self.write_auth_csv(self.username, roles)
try:
ra = RadiusAuth(self.server, self.secret, self.identifier, vendor_code=self.vendor_code, roles_attribute_id=self.roles_attribute_id)
result = ra.authenticate(self.username, self.password, update_user_info=True, directory=self.tmp_dir, roles_map_file_path=roles_map_file_path)
self.assertTrue(result)
users = UserInfo.getAllUsers(self.tmp_dir)
self.assertEqual(len(users), 1)
# Get the user
user = users[0]
self.assertTrue(user.username, self.username)
# Make sure the roles exist:
if 'can_delete' not in user.roles:
self.fail("can_delete not in the roles (%s)" % (user.roles))
if 'admin' not in user.roles:
self.fail("admin not in the roles (%s)" % (user.roles))
if 'power' not in user.roles:
self.fail("power not in the roles (%s)" % (user.roles))
self.assertEqual(len(user.roles), 3)
finally:
os.remove(roles_map_file_path)
def test_get_users(self):
# Create a user-info object to load
user_info = UserInfo("jdoe", "John Doe", ["admin", "power"])
self.assertTrue(user_info.save(self.tmp_dir ), "File was not saved properly" )
user_info2 = UserInfo("alincoln", "Abraham Lincoln", ["power"])
self.assertTrue(user_info2.save(self.tmp_dir ), "File was not saved properly" )
# Redirect output to a string so that we can test it
out = StringIO()
# Try to get the users list
getUsers(None, out, self.tmp_dir )
# Test the output
if out.getvalue().strip() not in ["--status=success --userInfo=;alincoln;Abraham Lincoln;power --userInfo=;jdoe;John Doe;admin:power",
"--status=success --userInfo=;jdoe;John Doe;admin:power --userInfo=;alincoln;Abraham Lincoln;power"]:
self.fail("The output of getUsers() was not what was expected: " + out.getvalue().strip())
def handle_results(self, results, session_key, in_preview):
# Make sure the user has permission
if not self.has_capability('clear_radius_user_cache'):
raise ValueError(
'You do not have permission to remove entries from the cache' +
' (you need the "clear_radius_user_cache" capability)')
# Clear the user if requested
if self.user is not None:
# Run in test mode if necessary
if self.test:
if UserInfo.getUserInfo(self.user) is not None:
self.output_results([{
'user':
self.user,
'message':
'The user record was found and will be cleared for the user "'
+ self.user + '" if not run in test mode'
}])
else:
self.output_results([{
'user':
self.user,
'message':
'No user record was found for the user "' + self.user +
'"'
}])
else:
if UserInfo.clearUserInfo(self.user):
self.output_results([{
'user':
self.user,
'message':
'The user record was cleared for the user "' +
self.user + '"'
}])
self.logger.info(
'Successfully removed cache entry for user=%s' %
self.user)
else:
self.output_results([{
'user':
self.user,
'message':
'No user record was found for the user "' + self.user +
'"'
}])
# Clear the cache by date if requested
if self.days_ago is not None:
deleted_users = UserInfo.clearCache(self.days_ago, test=self.test)
self.logger.info(
'Successfully removed cache entries for users that have not logged in within days=%i, count_deleted=%i'
% (self.days_ago, len(deleted_users)))
deleted_users_dicts = []
if self.test:
message = 'Would be removed from the cache when not run in test mode'
else:
message = 'Successfully removed from the cache'
for user in deleted_users:
deleted_users_dicts.append({'user': user, 'message': message})
self.output_results(deleted_users_dicts)
def test_auth_auth_info_no_directory(self):
users = UserInfo.getAllUsers(os.path.join(self.tmp_dir, "DoesNotExist"), make_if_non_existent = False)
if len(users) != 0:
self.fail("The users list for a directory that does not exist was not an empty array as expected")
def test_signature_change_with_login_time(self):
ui = UserInfo("jdoe", "John Doe", ["admin", "power"])
self.assertFalse(ui.hasChanged())
ui.updateLastLogin()
self.assertTrue(ui.hasChanged())
ui.updateLoadSignature()
self.assertFalse(ui.hasChanged())
# Let the time change a bit by sleeping a bit
time.sleep(2)
ui.updateLastLogin()
self.assertTrue(ui.hasChanged())
def test_clear_user_cache_by_time(self):
# Make some users
old_account = UserInfo("old_account", "Luke Murphey", ["admin", "power"], 1000)
old_account2 = UserInfo("old_account2", "Luke Murphey", ["admin", "power"], 2000)
no_date = UserInfo("no_date", "Luke Murphey", ["admin", "power"])
new_account = UserInfo("new_account", "Luke Murphey", ["admin", "power"])
new_account.updateLastLogin()
old_account.save(self.tmp_dir )
old_account2.save(self.tmp_dir )
no_date.save(self.tmp_dir )
new_account.save(self.tmp_dir )
# Confirm the number of entries after creation
self.assertEqual(len(UserInfo.getAllUsers(self.tmp_dir)), 4)
# Clear the cache
removed_entries = UserInfo.clearCache(30, self.tmp_dir)
self.assertEqual(len(removed_entries), 2)
# Confirm the number of entries after deletion
users = UserInfo.getAllUsers(self.tmp_dir)
self.assertEqual(len(users), 2)
# Clear all entries from the cache
removed_entries = UserInfo.clearCache(0, self.tmp_dir)
self.assertEqual(len(removed_entries), 2)
# Confirm the number of entries after deletion
users = UserInfo.getAllUsers(self.tmp_dir)
self.assertEqual(len(users), 0)
def test_clear_user_cache_doesnt_exist(self):
# Clear the user info
self.assertFalse(UserInfo.clearUserInfo("lmurphey2", os.path.join(self.tmp_dir)))
# Verify the file doesn't exist
self.assertFalse(os.path.isfile(os.path.join(self.tmp_dir, "70fce03a92dd14d910839bccbd1b474b.json")))
def test_to_string(self):
ui = UserInfo("jdoe", "John Doe", ["admin", "power"])
self.assertEqual(str(ui), ";jdoe;John Doe;admin:power")