def test_user_management(self): superuser = config['chroma_managers'][0]['users'][0] superuser_requests = AuthorizedHttpRequests( superuser['username'], superuser['password'], server_http_url=config['chroma_managers'][0]['server_http_url']) response = superuser_requests.get("/api/group/", data={'limit': 0}) self.assertEqual(response.status_code, 200) groups = response.json['objects'] filesystem_users = None for group in groups: if group['name'] == 'filesystem_users': filesystem_users = group self.assertNotEqual(filesystem_users, None) basic_user = { "groups": ["/api/group/%s/" % filesystem_users['id']], "username": "******", "first_name": "", "last_name": "", "email": "", "password1": "foo", "password2": "foo" } response = superuser_requests.post("/api/user/", basic_user) self.assertEqual( response.status_code, 201, "request %s response %s" % (basic_user, response.content)) user = response.json self.assertEqual(user['password1'], None) self.assertEqual(user['password2'], None) basic_user_requests = AuthorizedHttpRequests( basic_user['username'], basic_user['password1'], server_http_url=config['chroma_managers'][0]['server_http_url']) # Check that the unprivileged user can only see his own account response = basic_user_requests.get("/api/user/", data={'limit': 0}) self.assertEqual(response.status_code, 200) users = response.json['objects'] self.assertEqual(len(users), 1) self.assertEqual(users[0]['id'], user['id']) # Check that the unprivileged user can log himself out response = basic_user_requests.delete("/api/session/") self.assertEqual(response.status_code, 204) # Check that once logged out I see no users (assume settings.ALLOW_ANONYMOUS_READ=True) response = basic_user_requests.get("/api/user/") self.assertEqual(response.status_code, 200) self.assertListEqual(response.json['objects'], []) # Log back in basic_user_requests = AuthorizedHttpRequests( basic_user['username'], basic_user['password1'], server_http_url=config['chroma_managers'][0]['server_http_url']) # Change my password user['password1'] = 'bar' user['password2'] = 'bar' user['old_password'] = '******' response = basic_user_requests.put(user['resource_uri'], user) self.assertEqual(response.status_code, 202, response.content) # Log back in with my new password basic_user_requests = AuthorizedHttpRequests( basic_user['username'], user['password1'], server_http_url=config['chroma_managers'][0]['server_http_url']) # Check that the unprivileged user cannot delete himself response = basic_user_requests.delete(user['resource_uri']) self.assertEqual(response.status_code, 400) # Check that the privileged user can delete the unprivileged user response = superuser_requests.delete(user['resource_uri']) self.assertEqual(response.status_code, 204)
def test_user_management(self): superuser = config["chroma_managers"][0]["users"][0] superuser_requests = AuthorizedHttpRequests( superuser["username"], superuser["password"], server_http_url=config["chroma_managers"][0]["server_http_url"], ) response = superuser_requests.get("/api/group/", data={"limit": 0}) self.assertEqual(response.status_code, 200) groups = response.json["objects"] filesystem_users = None for group in groups: if group["name"] == "filesystem_users": filesystem_users = group self.assertNotEqual(filesystem_users, None) basic_user = { "groups": ["/api/group/%s/" % filesystem_users["id"]], "username": "******", "first_name": "", "last_name": "", "email": "", "password1": "foo", "password2": "foo", } response = superuser_requests.post("/api/user/", basic_user) self.assertEqual( response.status_code, 201, "request %s response %s" % (basic_user, response.content)) user = response.json self.assertEqual(user["password1"], None) self.assertEqual(user["password2"], None) basic_user_requests = AuthorizedHttpRequests( basic_user["username"], basic_user["password1"], server_http_url=config["chroma_managers"][0]["server_http_url"], ) # Check that the unprivileged user can only see his own account response = basic_user_requests.get("/api/user/", data={"limit": 0}) self.assertEqual(response.status_code, 200) users = response.json["objects"] self.assertEqual(len(users), 1) self.assertEqual(users[0]["id"], user["id"]) # Check that the unprivileged user can log himself out response = basic_user_requests.delete("/api/session/") self.assertEqual(response.status_code, 204) # Check that once logged out I see no users (assume settings.ALLOW_ANONYMOUS_READ=True) response = basic_user_requests.get("/api/user/") self.assertEqual(response.status_code, 200) self.assertListEqual(response.json["objects"], []) # Log back in basic_user_requests = AuthorizedHttpRequests( basic_user["username"], basic_user["password1"], server_http_url=config["chroma_managers"][0]["server_http_url"], ) # # Change my password # user["password1"] = "bar" # user["password2"] = "bar" # user["old_password"] = "******" # response = basic_user_requests.put(user["resource_uri"], user) # self.assertEqual(response.status_code, 200, response.content) # # Log back in with my new password # basic_user_requests = AuthorizedHttpRequests( # basic_user["username"], user["password1"], server_http_url=config["chroma_managers"][0]["server_http_url"] # ) # Check that the unprivileged user cannot delete himself response = basic_user_requests.delete(user["resource_uri"]) self.assertEqual(response.status_code, 400) # Check that the privileged user can delete the unprivileged user response = superuser_requests.delete(user["resource_uri"]) self.assertEqual(response.status_code, 204)