def test_existing_user_different_org(self, mock_send_mail):
with app.test_client() as c:
c.set_cookie("localhost", "access_token_cookie", TOKEN_ADMIN)
username = get_random_username()
email = get_random_email()
response = c.post(
"/organizations/%s/users" % UUID_ORG,
headers={"x-csrf-token": TOKEN_ADMIN_CSRF},
json={
"username": username,
"role": "user",
"email": email
},
)
self.assertEqual(response.status_code, 201)
user = users.get_by_email(email)
args = mock_send_mail.call_args_list
self.assertEqual(args[0][0][0][0], email)
self.assertEqual(args[0][0][1], "REGISTRATION_VERIFICATION_EMAIL")
self.assertTrue(args[0][0][2]["activation_key"] is not None)
self.assertTrue(
args[0][0][2]["activation_key_expires"] is not None)
self.assertTrue(args[0][0][2]["organization_name"] is not None)
self.assertTrue(args[0][0][2]["organization_uuid"] == UUID_ORG)
self.assertEqual(args[0][0][2]["email"], email)
orgrole = organization_roles.get_organization_role(
UUID_ORG, user["uuid"])
self.assertTrue(orgrole["role"], "user")
# fake activate
users.update_user(uuid=user["uuid"], activated=datetime.now())
c.set_cookie("localhost", "access_token_cookie", TOKEN_USER)
response = c.post(
"/organizations/%s/users" % UUID_ORG2,
headers={"x-csrf-token": TOKEN_USER_CSRF},
json={
"username": username,
"role": "user",
"email": email
},
)
self.assertEqual(response.status_code, 201)
args = mock_send_mail.call_args_list
self.assertEqual(args[1][0][0][0], email)
self.assertEqual(args[1][0][1], "ORGANIZATION_INVITATION")
self.assertTrue("activation_key" not in args[1][0][2])
self.assertTrue("activation_key_expires" not in args[1][0][2])
self.assertTrue(args[1][0][2]["organization_name"] is not None)
self.assertTrue(args[1][0][2]["organization_uuid"] == UUID_ORG2)
self.assertEqual(args[1][0][2]["email"], email)
orgrole = organization_roles.get_organization_role(
UUID_ORG2, user["uuid"])
self.assertTrue(orgrole["role"], "user")
def update_user(org_uuid, uuid):
admin_uuid = get_jwt_identity()
if admin_uuid == uuid:
return abort(make_response(jsonify(message="Cannot update self"), 409))
user_role = organization_roles.get_organization_role(org_uuid, uuid)
user = users.get_by_uuid(uuid)
if user is None or user_role is None:
return abort(make_response(jsonify(message="Not found"), 404))
data = request.json
if not data:
return abort(make_response(jsonify(message="Missing payload"), 400))
role = data.get("role", user_role["role"])
if role not in ["admin", "user"]:
return abort(make_response(jsonify(message="Bad role"), 400))
organization_roles.set_organization_role(org_uuid, uuid, role)
return (
jsonify(
{
"uuid": user["uuid"],
"username": user["username"],
"email": user["email"],
"role": role,
"activated": user["activated"] is not None,
}
),
200,
)
def gcode_delete(org_uuid, uuid):
validate_uuid(uuid)
gcode = gcodes.get_gcode(uuid)
if gcode is None or gcode["organization_uuid"] != org_uuid:
return abort(make_response(jsonify(message="Not found"), 404))
user = get_current_user()
org_role = organization_roles.get_organization_role(org_uuid, user["uuid"])
if (user["uuid"] != gcode["user_uuid"] and user["system_role"] != "admin"
and org_role["role"] != "admin"):
return abort(
make_response(
jsonify(message="G-Code does not belong to %s" % user["uuid"]),
401))
try:
files.remove(gcode["absolute_path"])
except IOError:
pass
finally:
printjobs.update_gcode_data(
uuid,
{
"uuid": gcode["uuid"],
"user_uuid": gcode["user_uuid"],
"filename": gcode["filename"],
"size": gcode["size"],
"available": False,
},
)
gcodes.delete_gcode(uuid)
return "", 204
def test_create_user(self, mock_send_mail):
with app.test_client() as c:
email = get_random_email()
c.set_cookie("localhost", "access_token_cookie", TOKEN_ADMIN)
response = c.post(
"/organizations/%s/users" % UUID_ORG,
headers={"x-csrf-token": TOKEN_ADMIN_CSRF},
json={"role": "user", "email": " %s " % email.upper()},
)
self.assertEqual(response.status_code, 201)
self.assertTrue("uuid" in response.json)
self.assertTrue("username" in response.json)
self.assertTrue("role" in response.json)
self.assertTrue("email" in response.json)
user = users.get_by_email(email)
self.assertTrue(user is not None)
self.assertEqual(user["username"], email)
self.assertEqual(user["email"], email)
self.assertEqual(user["system_role"], "user")
luser = local_users.get_local_user(user["uuid"])
self.assertTrue(luser is None)
args = mock_send_mail.call_args_list
self.assertEqual(args[0][0][0][0], email)
self.assertEqual(args[0][0][1], "REGISTRATION_VERIFICATION_EMAIL")
self.assertTrue(args[0][0][2]["activation_key"] is not None)
self.assertTrue(args[0][0][2]["activation_key_expires"] is not None)
self.assertTrue(args[0][0][2]["organization_name"] is not None)
self.assertTrue(args[0][0][2]["organization_uuid"] is not None)
self.assertEqual(args[0][0][2]["email"], email)
orgrole = organization_roles.get_organization_role(UUID_ORG, user["uuid"])
self.assertTrue(orgrole["role"], "user")
def test_update_user(self):
with app.test_client() as c:
c.set_cookie("localhost", "access_token_cookie", TOKEN_ADMIN)
response = c.patch(
"/organizations/%s/users/%s" % (UUID_ORG, self.uuid),
headers={"x-csrf-token": TOKEN_ADMIN_CSRF},
json={"role": "admin"},
)
self.assertEqual(response.status_code, 200)
self.assertTrue("role" in response.json)
self.assertEqual(response.json["role"], "admin")
user = organization_roles.get_organization_role(UUID_ORG, self.uuid)
self.assertTrue(user is not None)
self.assertEqual(user["role"], "admin")
def add_user_to_org(org_uuid):
user_uuid = request.json.get("uuid")
org_role = request.json.get("role")
user = users.get_by_uuid(user_uuid)
if not user:
return make_response("User does not exist", 400)
if not organizations.get_by_uuid(org_uuid):
return make_response("Organization does not exist", 400)
if organization_roles.get_organization_role(org_uuid,
user_uuid) is not None:
return make_response("User is already in organization", 400)
organization_roles.set_organization_role(org_uuid, user_uuid, org_role)
return make_response("", 200)
def create_api_token():
data = request.json
if not data:
return abort(make_response(jsonify(message="Missing payload"), 400))
name = data.get("name", None)
if not name:
return abort(make_response(jsonify(message="Missing name"), 400))
org_uuid = data.get("organization_uuid", None)
if not org_uuid:
return abort(
make_response(jsonify(message="Missing organization_uuid"), 400))
user = get_current_user()
if not user:
return abort(make_response(jsonify(message="Unauthorized"), 401))
is_member = organization_roles.get_organization_role(
org_uuid, user["uuid"])
if not is_member:
return abort(make_response(jsonify(message="Unauthorized"), 401))
organization = organizations.get_by_uuid(org_uuid)
token = create_access_token(
identity=user,
expires_delta=False,
user_claims={
"username": user.get("username"),
"email": user.get("email"),
"organization_uuid": organization["uuid"],
"organization_name": organization["name"],
},
)
jti = decode_token(token)["jti"]
api_tokens.add_token(user_uuid=user["uuid"],
jti=jti,
name=name,
organization_uuid=org_uuid)
response = {
"access_token": token,
"name": name,
"jti": jti,
"organization": {
"uuid": organization["uuid"],
"name": organization["name"],
},
"created": datetime.now().isoformat(),
}
return jsonify(response), 201
def test_delete(self, mock_send_mail):
with app.test_client() as c:
c.set_cookie("localhost", "access_token_cookie", TOKEN_ADMIN)
email = get_random_email()
response = c.post(
"/organizations/%s/users" % UUID_ORG,
headers={"x-csrf-token": TOKEN_ADMIN_CSRF},
json={
"role": "user",
"email": email,
},
)
self.assertEqual(response.status_code, 201)
uuid = response.json["uuid"]
user = users.get_by_email(email)
api_tokens.add_token(
user_uuid=uuid,
jti=guid.uuid4(),
organization_uuid=UUID_ORG,
name="jti",
)
self.assertTrue(user["uuid"], uuid)
response = c.delete(
"/organizations/%s/users/%s" % (UUID_ORG, uuid),
headers={"x-csrf-token": TOKEN_ADMIN_CSRF},
)
self.assertEqual(response.status_code, 204)
orgrole = organization_roles.get_organization_role(
UUID_ORG, user["uuid"])
tokens = api_tokens.get_tokens_for_user_uuid(user["uuid"],
org_uuid=UUID_ORG)
self.assertTrue(user is not None)
self.assertTrue(orgrole is None)
for t in tokens:
self.assertTrue(t["revoked"])
self.assertTrue(t["organization_uuid"] == UUID_ORG)
args = mock_send_mail.call_args_list
self.assertEqual(args[1][0][0][0], email)
self.assertEqual(args[1][0][1], "ORGANIZATION_REMOVAL")
self.assertTrue(args[1][0][2]["organization_name"] is not None)
self.assertTrue(args[1][0][2]["organization_uuid"] is not None)
self.assertEqual(args[1][0][2]["email"], email)
def delete_user(org_uuid, uuid):
admin_uuid = get_jwt_identity()
if admin_uuid == uuid:
return abort(make_response(jsonify(message="Cannot update self"), 409))
user_role = organization_roles.get_organization_role(org_uuid, uuid)
user = users.get_by_uuid(uuid)
if user is None or user_role is None:
return abort(make_response(jsonify(message="Not found"), 404))
organization = organizations.get_by_uuid(org_uuid)
api_tokens.revoke_all_tokens(uuid, org_uuid)
organization_roles.drop_organization_role(org_uuid, uuid)
send_mail.delay(
[user["email"]],
"ORGANIZATION_REMOVAL",
{
"email": user["email"],
"inviter_username": get_current_user()["username"],
"organization_name": organization["name"],
"organization_uuid": organization["uuid"],
},
)
return "", 204
def wrap(org_uuid, *args, **kwargs):
validate_uuid(org_uuid)
user = get_current_user()
if not user:
return abort(
make_response(jsonify(message="Unauthorized"), 401))
role = organization_roles.get_organization_role(
org_uuid, user["uuid"])
if role is None:
return abort(
make_response(
jsonify(message="Cannot access this organization"),
403))
if required_role is not None and role["role"] != required_role:
return abort(
make_response(
jsonify(
message=
"User does not have the required system role of %s"
% required_role),
403,
))
return func(org_uuid, *args, **kwargs)
def add_user_to_org(org_uuid):
data = request.json
if not data:
return abort(make_response(jsonify(message="Missing payload"), 400))
email = data.get("email", None)
org_role = data.get("role", None)
if not email or not org_role:
return abort(make_response(jsonify(message="Missing email"), 400))
if org_role not in ["admin", "user"]:
return abort(make_response(jsonify(message="Bad role"), 400))
email = email.lstrip().rstrip().lower()
if not is_email(email):
return abort(make_response(jsonify(message="Invalid email"), 400))
existing = users.get_by_email(email)
# completely new user
if existing is None:
user_uuid = guid.uuid4()
activation_key = guid.uuid4()
activation_key_expires = datetime.now().astimezone() + timedelta(hours=24)
users.add_user(
uuid=user_uuid,
email=email,
username=email,
system_role="user",
providers=[],
activation_key_hash=hashlib.sha256(
str(activation_key).encode("utf-8")
).hexdigest(),
activation_key_expires=activation_key_expires,
)
else:
user_uuid = existing.get("uuid", None)
# an activated account that already has a role in this organization
if (
organization_roles.get_organization_role(org_uuid, user_uuid)
and existing["activated"]
):
return abort(make_response(jsonify(message="User already exists"), 409))
# an account that is not activated but has already been sent an invite
activation_key = guid.uuid4()
activation_key_expires = datetime.now().astimezone() + timedelta(hours=24)
users.update_user(
uuid=user_uuid,
activation_key_hash=hashlib.sha256(
str(activation_key).encode("utf-8")
).hexdigest(),
activation_key_expires=activation_key_expires,
)
organization = organizations.get_by_uuid(org_uuid)
organization_roles.set_organization_role(org_uuid, user_uuid, org_role)
if existing is None or existing["activated"] is None:
send_mail.delay(
[email],
"REGISTRATION_VERIFICATION_EMAIL",
{
"activation_key": activation_key,
"activation_key_expires": int(activation_key_expires.timestamp()),
"email": email,
"inviter_username": get_current_user()["username"],
"organization_name": organization["name"],
"organization_uuid": organization["uuid"],
},
)
else:
send_mail.delay(
[email],
"ORGANIZATION_INVITATION",
{
"email": email,
"inviter_username": get_current_user()["username"],
"organization_name": organization["name"],
"organization_uuid": organization["uuid"],
},
)
return (
jsonify(
{
"uuid": str(user_uuid),
"username": existing["username"] if existing else email,
"email": email,
"role": org_role,
"activated": existing["activated"] is not None if existing else False,
}
),
201,
)