コード例 #1
0
ファイル: tests.py プロジェクト: hwl-py/hue
def test_ensure_home_directory():
  raise SkipTest

  reset_all_users()
  reset_all_groups()

  useradmin.conf.PASSWORD_POLICY.IS_ENABLED.set_for_testing(False)
  reset_password_policy()

  # Cluster and client for home directory creation
  cluster = pseudo_hdfs4.shared_cluster()
  c = make_logged_in_client(cluster.superuser, is_superuser=True, groupname='test1')
  cluster.fs.setuser(cluster.superuser)

  # Create a user with a home directory
  assert_false(cluster.fs.exists('/user/test1'))
  response = c.post('/useradmin/users/new', dict(username="******", password1='test', password2='test', ensure_home_directory=True))
  assert_true(cluster.fs.exists('/user/test1'))
  dir_stat = cluster.fs.stats('/user/test1')
  assert_equal('test1', dir_stat.user)
  assert_equal('test1', dir_stat.group)
  assert_equal('40755', '%o' % dir_stat.mode)

  # Create a user, then add their home directory
  assert_false(cluster.fs.exists('/user/test2'))
  response = c.post('/useradmin/users/new', dict(username="******", password1='test', password2='test'))
  assert_false(cluster.fs.exists('/user/test2'))
  response = c.post('/useradmin/users/edit/%s' % "test2", dict(username="******", password1='test', password2='test', password_old="test", ensure_home_directory=True))
  assert_true(cluster.fs.exists('/user/test2'))
  dir_stat = cluster.fs.stats('/user/test2')
  assert_equal('test2', dir_stat.user)
  assert_equal('test2', dir_stat.group)
  assert_equal('40755', '%o' % dir_stat.mode)
コード例 #2
0
ファイル: tests.py プロジェクト: luodongfu/XLS_BigData_Hue
def test_ensure_home_directory():
  raise SkipTest

  reset_all_users()
  reset_all_groups()

  useradmin.conf.PASSWORD_POLICY.IS_ENABLED.set_for_testing(False)
  reset_password_policy()

  # Cluster and client for home directory creation
  cluster = pseudo_hdfs4.shared_cluster()
  c = make_logged_in_client(cluster.superuser, is_superuser=True, groupname='test1')
  cluster.fs.setuser(cluster.superuser)

  # Create a user with a home directory
  assert_false(cluster.fs.exists('/user/test1'))
  response = c.post('/useradmin/users/new', dict(username="******", password1='test', password2='test', ensure_home_directory=True))
  assert_true(cluster.fs.exists('/user/test1'))
  dir_stat = cluster.fs.stats('/user/test1')
  assert_equal('test1', dir_stat.user)
  assert_equal('test1', dir_stat.group)
  assert_equal('40755', '%o' % dir_stat.mode)

  # Create a user, then add their home directory
  assert_false(cluster.fs.exists('/user/test2'))
  response = c.post('/useradmin/users/new', dict(username="******", password1='test', password2='test'))
  assert_false(cluster.fs.exists('/user/test2'))
  response = c.post('/useradmin/users/edit/%s' % "test2", dict(username="******", password1='test', password2='test', password_old="test", ensure_home_directory=True))
  assert_true(cluster.fs.exists('/user/test2'))
  dir_stat = cluster.fs.stats('/user/test2')
  assert_equal('test2', dir_stat.user)
  assert_equal('test2', dir_stat.group)
  assert_equal('40755', '%o' % dir_stat.mode)
コード例 #3
0
ファイル: tests.py プロジェクト: antbell/hue
    def test_ensure_home_directory(self):
        raise SkipTest

        resets = [useradmin.conf.PASSWORD_POLICY.IS_ENABLED.set_for_testing(False)]

        try:
            reset_password_policy()

            # Cluster and client for home directory creation
            cluster = pseudo_hdfs4.shared_cluster()
            c = make_logged_in_client(cluster.superuser, is_superuser=True, groupname="test1")
            cluster.fs.setuser(cluster.superuser)

            # Create a user with a home directory
            assert_false(cluster.fs.exists("/user/test1"))
            response = c.post(
                "/useradmin/users/new",
                dict(username="******", password1="test", password2="test", ensure_home_directory=True),
            )
            assert_true(cluster.fs.exists("/user/test1"))
            dir_stat = cluster.fs.stats("/user/test1")
            assert_equal("test1", dir_stat.user)
            assert_equal("test1", dir_stat.group)
            assert_equal("40755", "%o" % dir_stat.mode)

            # Create a user, then add their home directory
            assert_false(cluster.fs.exists("/user/test2"))
            response = c.post("/useradmin/users/new", dict(username="******", password1="test", password2="test"))
            assert_false(cluster.fs.exists("/user/test2"))
            response = c.post(
                "/useradmin/users/edit/%s" % "test2",
                dict(
                    username="******",
                    password1="test",
                    password2="test",
                    password_old="test",
                    ensure_home_directory=True,
                ),
            )
            assert_true(cluster.fs.exists("/user/test2"))
            dir_stat = cluster.fs.stats("/user/test2")
            assert_equal("test2", dir_stat.user)
            assert_equal("test2", dir_stat.group)
            assert_equal("40755", "%o" % dir_stat.mode)
        finally:
            for reset in resets:
                reset()
コード例 #4
0
ファイル: tests.py プロジェクト: venkatsambath/hue
    def test_user_admin(self):
        FUNNY_NAME = '~`!@#$%^&*()_-+={}[]|\;"<>?/,.'
        FUNNY_NAME_QUOTED = urllib.quote(FUNNY_NAME)

        resets = [
            useradmin.conf.DEFAULT_USER_GROUP.set_for_testing('test_default'),
            useradmin.conf.PASSWORD_POLICY.IS_ENABLED.set_for_testing(False),
        ]

        try:
            reset_password_policy()

            c = make_logged_in_client('test', is_superuser=True)
            user = User.objects.get(username='******')

            # Test basic output.
            response = c.get('/useradmin/')
            assert_true(len(response.context["users"]) > 0)
            assert_true("Hue Users" in response.content)

            # Test editing a superuser
            # Just check that this comes back
            response = c.get('/useradmin/users/edit/test')
            # Edit it, to add a first and last name
            response = c.post('/useradmin/users/edit/test',
                              dict(username="******",
                                   first_name=u"Inglés",
                                   last_name=u"Español",
                                   is_superuser="******",
                                   is_active="True"),
                              follow=True)
            assert_true(
                "User information updated" in response.content,
                "Notification should be displayed in: %s" % response.content)
            # Edit it, can't change username
            response = c.post('/useradmin/users/edit/test',
                              dict(username="******",
                                   first_name=u"Inglés",
                                   last_name=u"Español",
                                   is_superuser="******",
                                   is_active="True"),
                              follow=True)
            assert_true("You cannot change a username" in response.content)
            # Now make sure that those were materialized
            response = c.get('/useradmin/users/edit/test')
            assert_equal(smart_unicode("Inglés"),
                         response.context["form"].instance.first_name)
            assert_true("Español" in response.content)
            # Shouldn't be able to demote to non-superuser
            response = c.post(
                '/useradmin/users/edit/test',
                dict(username="******",
                     first_name=u"Inglés",
                     last_name=u"Español",
                     is_superuser=False,
                     is_active=True))
            assert_true("You cannot remove" in response.content,
                        "Shouldn't be able to remove the last superuser")
            # Shouldn't be able to delete oneself
            response = c.post('/useradmin/users/delete',
                              {u'user_ids': [user.id]})
            assert_true("You cannot remove yourself" in response.content,
                        "Shouldn't be able to delete the last superuser")

            # Let's try changing the password
            response = c.post(
                '/useradmin/users/edit/test',
                dict(username="******",
                     first_name="Tom",
                     last_name="Tester",
                     is_superuser=True,
                     password1="foo",
                     password2="foobar"))
            assert_equal(["Passwords do not match."],
                         response.context["form"]["password2"].errors,
                         "Should have complained about mismatched password")
            # Old password not confirmed
            response = c.post(
                '/useradmin/users/edit/test',
                dict(username="******",
                     first_name="Tom",
                     last_name="Tester",
                     password1="foo",
                     password2="foo",
                     is_active=True,
                     is_superuser=True))
            assert_equal(
                ["The old password does not match the current password."],
                response.context["form"]["password_old"].errors,
                "Should have complained about old password")
            # Good now
            response = c.post(
                '/useradmin/users/edit/test',
                dict(username="******",
                     first_name="Tom",
                     last_name="Tester",
                     password1="foo",
                     password2="foo",
                     password_old="test",
                     is_active=True,
                     is_superuser=True))
            assert_true(User.objects.get(username="******").is_superuser)
            assert_true(
                User.objects.get(username="******").check_password("foo"))
            # Change it back!
            response = c.post(
                '/useradmin/users/edit/test',
                dict(username="******",
                     first_name="Tom",
                     last_name="Tester",
                     password1="test",
                     password2="test",
                     password_old="foo",
                     is_active="True",
                     is_superuser="******"))
            assert_true(
                User.objects.get(username="******").check_password("test"))
            assert_true(
                make_logged_in_client(username="******", password="******"),
                "Check that we can still login.")

            # Check new user form for default group
            group = get_default_user_group()
            response = c.get('/useradmin/users/new')
            assert_true(response)
            assert_true(('<option value="%s" selected="selected">%s</option>' %
                         (group.id, group.name)) in str(response))

            # Create a new regular user (duplicate name)
            response = c.post(
                '/useradmin/users/new',
                dict(username="******", password1="test", password2="test"))
            assert_equal(
                {'username': ["User with this Username already exists."]},
                response.context["form"].errors)

            # Create a new regular user (for real)
            response = c.post(
                '/useradmin/users/new',
                dict(username=FUNNY_NAME,
                     password1="test",
                     password2="test",
                     is_active="True"))
            response = c.get('/useradmin/')
            assert_true(FUNNY_NAME_QUOTED in response.content)
            assert_true(len(response.context["users"]) > 1)
            assert_true("Hue Users" in response.content)
            # Validate profile is created.
            assert_true(
                UserProfile.objects.filter(user__username=FUNNY_NAME).exists())

            # Need to give access to the user for the rest of the test
            group = Group.objects.create(name="test-group")
            perm = HuePermission.objects.get(app='useradmin', action='access')
            GroupPermission.objects.create(group=group, hue_permission=perm)

            # Verify that we can modify user groups through the user admin pages
            response = c.post(
                '/useradmin/users/new',
                dict(username="******",
                     password1="test",
                     password2="test",
                     groups=[group.pk]))
            User.objects.get(username='******')
            assert_true(
                User.objects.get(username='******').groups.filter(
                    name='test-group').exists())
            response = c.post('/useradmin/users/edit/group_member',
                              dict(username="******", groups=[]))
            assert_false(
                User.objects.get(username='******').groups.filter(
                    name='test-group').exists())

            # Check permissions by logging in as the new user
            c_reg = make_logged_in_client(username=FUNNY_NAME, password="******")
            test_user = User.objects.get(username=FUNNY_NAME)
            test_user.groups.add(Group.objects.get(name="test-group"))
            test_user.save()

            # Regular user should be able to modify oneself
            response = c_reg.post(
                '/useradmin/users/edit/%s' % (FUNNY_NAME_QUOTED, ),
                dict(username=FUNNY_NAME,
                     first_name="Hello",
                     is_active=True,
                     groups=[group.id for group in test_user.groups.all()]),
                follow=True)
            assert_equal(response.status_code, 200)
            response = c_reg.get('/useradmin/users/edit/%s' %
                                 (FUNNY_NAME_QUOTED, ),
                                 follow=True)
            assert_equal(response.status_code, 200)
            assert_equal("Hello", response.context["form"].instance.first_name)
            funny_user = User.objects.get(username=FUNNY_NAME)
            # Can't edit other people.
            response = c_reg.post("/useradmin/users/delete",
                                  {u'user_ids': [funny_user.id]})
            assert_true("You must be a superuser" in response.content,
                        "Regular user can't edit other people")

            # Revert to regular "test" user, that has superuser powers.
            c_su = make_logged_in_client()
            # Inactivate FUNNY_NAME
            c_su.post(
                '/useradmin/users/edit/%s' % (FUNNY_NAME_QUOTED, ),
                dict(username=FUNNY_NAME, first_name="Hello", is_active=False))
            # Now make sure FUNNY_NAME can't log back in
            response = c_reg.get('/useradmin/users/edit/%s' %
                                 (FUNNY_NAME_QUOTED, ))
            assert_true(
                response.status_code == 302
                and "login" in response["location"],
                "Inactivated user gets redirected to login page")

            # Delete that regular user
            funny_profile = get_profile(test_user)
            response = c_su.post('/useradmin/users/delete',
                                 {u'user_ids': [funny_user.id]})
            assert_equal(302, response.status_code)
            assert_false(User.objects.filter(username=FUNNY_NAME).exists())
            assert_false(
                UserProfile.objects.filter(id=funny_profile.id).exists())

            # Bulk delete users
            u1 = User.objects.create(username='******', password="******")
            u2 = User.objects.create(username='******', password="******")
            assert_equal(
                User.objects.filter(username__in=['u1', 'u2']).count(), 2)
            response = c_su.post('/useradmin/users/delete',
                                 {u'user_ids': [u1.id, u2.id]})
            assert_equal(
                User.objects.filter(username__in=['u1', 'u2']).count(), 0)

            # Make sure that user deletion works if the user has never performed a request.
            funny_user = User.objects.create(username=FUNNY_NAME,
                                             password='******')
            assert_true(User.objects.filter(username=FUNNY_NAME).exists())
            assert_false(
                UserProfile.objects.filter(user__username=FUNNY_NAME).exists())
            response = c_su.post('/useradmin/users/delete',
                                 {u'user_ids': [funny_user.id]})
            assert_equal(302, response.status_code)
            assert_false(User.objects.filter(username=FUNNY_NAME).exists())
            assert_false(
                UserProfile.objects.filter(user__username=FUNNY_NAME).exists())

            # You shouldn't be able to create a user without a password
            response = c_su.post('/useradmin/users/new', dict(username="******"))
            assert_true("You must specify a password when creating a new user."
                        in response.content)
        finally:
            for reset in resets:
                reset()
コード例 #5
0
ファイル: tests.py プロジェクト: venkatsambath/hue
    def test_user_admin_password_policy(self):
        # Set up password policy
        password_hint = password_error_msg = (
            "The password must be at least 8 characters long, "
            "and must contain both uppercase and lowercase letters, "
            "at least one number, and at least one special character.")
        password_rule = "^(?=.*?[A-Z])(?=(.*[a-z]){1,})(?=(.*[\d]){1,})(?=(.*[\W_]){1,}).{8,}$"

        resets = [
            useradmin.conf.PASSWORD_POLICY.IS_ENABLED.set_for_testing(True),
            useradmin.conf.PASSWORD_POLICY.PWD_RULE.set_for_testing(
                password_rule),
            useradmin.conf.PASSWORD_POLICY.PWD_HINT.set_for_testing(
                password_hint),
            useradmin.conf.PASSWORD_POLICY.PWD_ERROR_MESSAGE.set_for_testing(
                password_error_msg),
        ]

        try:
            reset_password_policy()

            # Test first-ever login with password policy enabled
            c = Client()

            response = c.get('/accounts/login/')
            assert_equal(200, response.status_code)
            assert_true(response.context['first_login_ever'])

            response = c.post(
                '/accounts/login/',
                dict(username="******", password="******"))
            assert_true(response.context['first_login_ever'])
            assert_equal([password_error_msg],
                         response.context["form"]["password"].errors)

            response = c.post('/accounts/login/',
                              dict(username="******",
                                   password="******"),
                              follow=True)
            assert_equal(200, response.status_code)
            assert_true(
                User.objects.get(username="******").is_superuser)
            assert_true(
                User.objects.get(username="******").check_password(
                    "foobarTest1["))

            c.get('/accounts/logout')

            # Test changing a user's password
            c = make_logged_in_client('superuser', is_superuser=True)

            # Test password hint is displayed
            response = c.get('/useradmin/users/edit/superuser')
            assert_true(password_hint in response.content)

            # Password is less than 8 characters
            response = c.post(
                '/useradmin/users/edit/superuser',
                dict(username="******",
                     is_superuser=True,
                     password1="foo",
                     password2="foo"))
            assert_equal([password_error_msg],
                         response.context["form"]["password1"].errors)

            # Password is more than 8 characters long but does not have a special character
            response = c.post(
                '/useradmin/users/edit/superuser',
                dict(username="******",
                     is_superuser=True,
                     password1="foobarTest1",
                     password2="foobarTest1"))
            assert_equal([password_error_msg],
                         response.context["form"]["password1"].errors)

            # Password1 and Password2 are valid but they do not match
            response = c.post(
                '/useradmin/users/edit/superuser',
                dict(username="******",
                     is_superuser=True,
                     password1="foobarTest1??",
                     password2="foobarTest1?",
                     password_old="foobarTest1[",
                     is_active=True))
            assert_equal(["Passwords do not match."],
                         response.context["form"]["password2"].errors)

            # Password is valid now
            c.post(
                '/useradmin/users/edit/superuser',
                dict(username="******",
                     is_superuser=True,
                     password1="foobarTest1[",
                     password2="foobarTest1[",
                     password_old="test",
                     is_active=True))
            assert_true(User.objects.get(username="******").is_superuser)
            assert_true(
                User.objects.get(
                    username="******").check_password("foobarTest1["))

            # Test creating a new user
            response = c.get('/useradmin/users/new')
            assert_true(password_hint in response.content)

            # Password is more than 8 characters long but does not have a special character
            response = c.post(
                '/useradmin/users/new',
                dict(username="******",
                     is_superuser=False,
                     password1="foo",
                     password2="foo"))
            assert_equal(
                {
                    'password1': [password_error_msg],
                    'password2': [password_error_msg]
                }, response.context["form"].errors)

            # Password is more than 8 characters long but does not have a special character
            response = c.post(
                '/useradmin/users/new',
                dict(username="******",
                     is_superuser=False,
                     password1="foobarTest1",
                     password2="foobarTest1"))

            assert_equal(
                {
                    'password1': [password_error_msg],
                    'password2': [password_error_msg]
                }, response.context["form"].errors)

            # Password1 and Password2 are valid but they do not match
            response = c.post(
                '/useradmin/users/new',
                dict(username="******",
                     is_superuser=False,
                     password1="foobarTest1[",
                     password2="foobarTest1?"))
            assert_equal({'password2': ["Passwords do not match."]},
                         response.context["form"].errors)

            # Password is valid now
            c.post(
                '/useradmin/users/new',
                dict(username="******",
                     is_superuser=False,
                     password1="foobarTest1[",
                     password2="foobarTest1[",
                     is_active=True))
            assert_false(User.objects.get(username="******").is_superuser)
            assert_true(
                User.objects.get(
                    username="******").check_password("foobarTest1["))
        finally:
            for reset in resets:
                reset()
コード例 #6
0
ファイル: tests.py プロジェクト: hwl-py/hue
def test_user_admin():
  FUNNY_NAME = '~`!@#$%^&*()_-+={}[]|\;"<>?/,.'
  FUNNY_NAME_QUOTED = urllib.quote(FUNNY_NAME)

  reset_all_users()
  reset_all_groups()
  useradmin.conf.DEFAULT_USER_GROUP.set_for_testing('test_default')

  useradmin.conf.PASSWORD_POLICY.IS_ENABLED.set_for_testing(False)
  reset_password_policy()

  c = make_logged_in_client('test', is_superuser=True)
  user = User.objects.get(username='******')

  # Test basic output.
  response = c.get('/useradmin/')
  assert_true(len(response.context["users"]) > 0)
  assert_true("Hue Users" in response.content)

  # Test editing a superuser
  # Just check that this comes back
  response = c.get('/useradmin/users/edit/test')
  # Edit it, to add a first and last name
  response = c.post('/useradmin/users/edit/test',
                    dict(username="******",
                         first_name=u"Inglés",
                         last_name=u"Español",
                         is_superuser="******",
                         is_active="True"),
                    follow=True)
  assert_true("User information updated" in response.content,
              "Notification should be displayed in: %s" % response.content)
  # Edit it, can't change username
  response = c.post('/useradmin/users/edit/test',
                    dict(username="******",
                         first_name=u"Inglés",
                         last_name=u"Español",
                         is_superuser="******",
                         is_active="True"),
                    follow=True)
  assert_true("You cannot change a username" in response.content)
  # Now make sure that those were materialized
  response = c.get('/useradmin/users/edit/test')
  assert_equal(smart_unicode("Inglés"), response.context["form"].instance.first_name)
  assert_true("Español" in response.content)
  # Shouldn't be able to demote to non-superuser
  response = c.post('/useradmin/users/edit/test', dict(username="******",
                        first_name=u"Inglés", last_name=u"Español",
                        is_superuser=False, is_active=True))
  assert_true("You cannot remove" in response.content,
              "Shouldn't be able to remove the last superuser")
  # Shouldn't be able to delete oneself
  response = c.post('/useradmin/users/delete', {u'user_ids': [user.id]})
  assert_true("You cannot remove yourself" in response.content,
              "Shouldn't be able to delete the last superuser")

  # Let's try changing the password
  response = c.post('/useradmin/users/edit/test', dict(username="******", first_name="Tom", last_name="Tester", is_superuser=True, password1="foo", password2="foobar"))
  assert_equal(["Passwords do not match."], response.context["form"]["password2"].errors, "Should have complained about mismatched password")
  # Old password not confirmed
  response = c.post('/useradmin/users/edit/test', dict(username="******", first_name="Tom", last_name="Tester", password1="foo", password2="foo", is_active=True, is_superuser=True))
  assert_equal(["The old password does not match the current password."], response.context["form"]["password_old"].errors, "Should have complained about old password")
  # Good now
  response = c.post('/useradmin/users/edit/test', dict(username="******", first_name="Tom", last_name="Tester", password1="foo", password2="foo", password_old="test", is_active=True, is_superuser=True))
  assert_true(User.objects.get(username="******").is_superuser)
  assert_true(User.objects.get(username="******").check_password("foo"))
  # Change it back!
  response = c.post('/useradmin/users/edit/test', dict(username="******", first_name="Tom", last_name="Tester", password1="test", password2="test", password_old="foo", is_active="True", is_superuser="******"))
  assert_true(User.objects.get(username="******").check_password("test"))
  assert_true(make_logged_in_client(username = "******", password = "******"), "Check that we can still login.")

  # Check new user form for default group
  group = get_default_user_group()
  response = c.get('/useradmin/users/new')
  assert_true(response)
  assert_true(('<option value="1" selected="selected">%s</option>' % group) in str(response))

  # Create a new regular user (duplicate name)
  response = c.post('/useradmin/users/new', dict(username="******", password1="test", password2="test"))
  assert_equal({ 'username': ["User with this Username already exists."]}, response.context["form"].errors)

  # Create a new regular user (for real)
  response = c.post('/useradmin/users/new', dict(username=FUNNY_NAME,
                                           password1="test",
                                           password2="test",
                                           is_active="True"))
  response = c.get('/useradmin/')
  assert_true(FUNNY_NAME_QUOTED in response.content)
  assert_true(len(response.context["users"]) > 1)
  assert_true("Hue Users" in response.content)
  # Validate profile is created.
  assert_true(UserProfile.objects.filter(user__username=FUNNY_NAME).exists())

  # Need to give access to the user for the rest of the test
  group = Group.objects.create(name="test-group")
  perm = HuePermission.objects.get(app='useradmin', action='access')
  GroupPermission.objects.create(group=group, hue_permission=perm)

  # Verify that we can modify user groups through the user admin pages
  response = c.post('/useradmin/users/new', dict(username="******", password1="test", password2="test", groups=[group.pk]))
  User.objects.get(username='******')
  assert_true(User.objects.get(username='******').groups.filter(name='test-group').exists())
  response = c.post('/useradmin/users/edit/group_member', dict(username="******", groups=[]))
  assert_false(User.objects.get(username='******').groups.filter(name='test-group').exists())

  # Check permissions by logging in as the new user
  c_reg = make_logged_in_client(username=FUNNY_NAME, password="******")
  test_user = User.objects.get(username=FUNNY_NAME)
  test_user.groups.add(Group.objects.get(name="test-group"))
  test_user.save()

  # Regular user should be able to modify oneself
  response = c_reg.post('/useradmin/users/edit/%s' % (FUNNY_NAME_QUOTED,),
                        dict(username = FUNNY_NAME,
                             first_name = "Hello",
                             is_active = True,
                             groups=[group.id for group in test_user.groups.all()]), follow=True)
  assert_equal(response.status_code, 200)
  response = c_reg.get('/useradmin/users/edit/%s' % (FUNNY_NAME_QUOTED,), follow=True)
  assert_equal(response.status_code, 200)
  assert_equal("Hello", response.context["form"].instance.first_name)
  funny_user = User.objects.get(username=FUNNY_NAME)
  # Can't edit other people.
  response = c_reg.post("/useradmin/users/delete", {u'user_ids': [funny_user.id]})
  assert_true("You must be a superuser" in response.content,
              "Regular user can't edit other people")

  # Revert to regular "test" user, that has superuser powers.
  c_su = make_logged_in_client()
  # Inactivate FUNNY_NAME
  c_su.post('/useradmin/users/edit/%s' % (FUNNY_NAME_QUOTED,),
                        dict(username = FUNNY_NAME,
                             first_name = "Hello",
                             is_active = False))
  # Now make sure FUNNY_NAME can't log back in
  response = c_reg.get('/useradmin/users/edit/%s' % (FUNNY_NAME_QUOTED,))
  assert_true(response.status_code == 302 and "login" in response["location"],
              "Inactivated user gets redirected to login page")

  # Delete that regular user
  funny_profile = get_profile(test_user)
  response = c_su.post('/useradmin/users/delete', {u'user_ids': [funny_user.id]})
  assert_equal(302, response.status_code)
  assert_false(User.objects.filter(username=FUNNY_NAME).exists())
  assert_false(UserProfile.objects.filter(id=funny_profile.id).exists())

  # Bulk delete users
  u1 = User.objects.create(username='******', password="******")
  u2 = User.objects.create(username='******', password="******")
  assert_equal(User.objects.filter(username__in=['u1', 'u2']).count(), 2)
  response = c_su.post('/useradmin/users/delete', {u'user_ids': [u1.id, u2.id]})
  assert_equal(User.objects.filter(username__in=['u1', 'u2']).count(), 0)

  # Make sure that user deletion works if the user has never performed a request.
  funny_user = User.objects.create(username=FUNNY_NAME, password='******')
  assert_true(User.objects.filter(username=FUNNY_NAME).exists())
  assert_false(UserProfile.objects.filter(user__username=FUNNY_NAME).exists())
  response = c_su.post('/useradmin/users/delete', {u'user_ids': [funny_user.id]})
  assert_equal(302, response.status_code)
  assert_false(User.objects.filter(username=FUNNY_NAME).exists())
  assert_false(UserProfile.objects.filter(user__username=FUNNY_NAME).exists())

  # You shouldn't be able to create a user without a password
  response = c_su.post('/useradmin/users/new', dict(username="******"))
  assert_true("You must specify a password when creating a new user." in response.content)
コード例 #7
0
ファイル: tests.py プロジェクト: hwl-py/hue
def test_user_admin_password_policy():
  reset_all_users()
  reset_all_groups()

  # Set up password policy
  password_hint = password_error_msg = ("The password must be at least 8 characters long, "
                                        "and must contain both uppercase and lowercase letters, "
                                        "at least one number, and at least one special character.")
  password_rule = "^(?=.*?[A-Z])(?=(.*[a-z]){1,})(?=(.*[\d]){1,})(?=(.*[\W_]){1,}).{8,}$"

  useradmin.conf.PASSWORD_POLICY.IS_ENABLED.set_for_testing(True)
  useradmin.conf.PASSWORD_POLICY.PWD_RULE.set_for_testing(password_rule)
  useradmin.conf.PASSWORD_POLICY.PWD_HINT.set_for_testing(password_hint)
  useradmin.conf.PASSWORD_POLICY.PWD_ERROR_MESSAGE.set_for_testing(password_error_msg)
  reset_password_policy()

  # Test first-ever login with password policy enabled
  c = Client()

  response = c.get('/accounts/login/')
  assert_equal(200, response.status_code)
  assert_true(response.context['first_login_ever'])

  response = c.post('/accounts/login/', dict(username="******", password="******"))
  assert_true(response.context['first_login_ever'])
  assert_equal([password_error_msg], response.context["form"]["password"].errors)

  response = c.post('/accounts/login/', dict(username="******", password="******"), follow=True)
  assert_equal(200, response.status_code)
  assert_true(User.objects.get(username="******").is_superuser)
  assert_true(User.objects.get(username="******").check_password("foobarTest1["))

  c.get('/accounts/logout')

  # Test changing a user's password
  c = make_logged_in_client('superuser', is_superuser=True)

  # Test password hint is displayed
  response = c.get('/useradmin/users/edit/superuser')
  assert_true(password_hint in response.content)

  # Password is less than 8 characters
  response = c.post('/useradmin/users/edit/superuser',
                    dict(username="******",
                         is_superuser=True,
                         password1="foo",
                         password2="foo"))
  assert_equal([password_error_msg], response.context["form"]["password1"].errors)

  # Password is more than 8 characters long but does not have a special character
  response = c.post('/useradmin/users/edit/superuser',
                    dict(username="******",
                         is_superuser=True,
                         password1="foobarTest1",
                         password2="foobarTest1"))
  assert_equal([password_error_msg], response.context["form"]["password1"].errors)

  # Password1 and Password2 are valid but they do not match
  response = c.post('/useradmin/users/edit/superuser',
                    dict(username="******",
                         is_superuser=True,
                         password1="foobarTest1??",
                         password2="foobarTest1?",
                         password_old="foobarTest1[",
                         is_active=True))
  assert_equal(["Passwords do not match."], response.context["form"]["password2"].errors)

  # Password is valid now
  c.post('/useradmin/users/edit/superuser',
         dict(username="******",
              is_superuser=True,
              password1="foobarTest1[",
              password2="foobarTest1[",
              password_old="test",
              is_active=True))
  assert_true(User.objects.get(username="******").is_superuser)
  assert_true(User.objects.get(username="******").check_password("foobarTest1["))

  # Test creating a new user
  response = c.get('/useradmin/users/new')
  assert_true(password_hint in response.content)

  # Password is more than 8 characters long but does not have a special character
  response = c.post('/useradmin/users/new',
                    dict(username="******",
                         is_superuser=False,
                         password1="foo",
                         password2="foo"))
  assert_equal({'password1': [password_error_msg], 'password2': [password_error_msg]},
               response.context["form"].errors)

  # Password is more than 8 characters long but does not have a special character
  response = c.post('/useradmin/users/new',
                    dict(username="******",
                         is_superuser=False,
                         password1="foobarTest1",
                         password2="foobarTest1"))

  assert_equal({'password1': [password_error_msg], 'password2': [password_error_msg]},
               response.context["form"].errors)

  # Password1 and Password2 are valid but they do not match
  response = c.post('/useradmin/users/new',
                    dict(username="******",
                         is_superuser=False,
                         password1="foobarTest1[",
                         password2="foobarTest1?"))
  assert_equal({'password2': ["Passwords do not match."]}, response.context["form"].errors)

  # Password is valid now
  c.post('/useradmin/users/new',
         dict(username="******",
              is_superuser=False,
              password1="foobarTest1[",
              password2="foobarTest1[", is_active=True))
  assert_false(User.objects.get(username="******").is_superuser)
  assert_true(User.objects.get(username="******").check_password("foobarTest1["))
コード例 #8
0
  def test_ensure_home_directory(self):
    if not is_live_cluster():
      raise SkipTest

    resets = [
      useradmin.conf.PASSWORD_POLICY.IS_ENABLED.set_for_testing(False),
    ]

    try:
      reset_password_policy()

      # Cluster and client for home directory creation
      cluster = pseudo_hdfs4.shared_cluster()
      c = make_logged_in_client(cluster.superuser, is_superuser=True, groupname='test1')
      cluster.fs.setuser(cluster.superuser)

      # Create a user with a home directory
      if cluster.fs.exists('/user/test1'):
        cluster.fs.do_as_superuser(cluster.fs.rmtree, '/user/test1')
      assert_false(cluster.fs.exists('/user/test1'))
      response = c.post('/useradmin/users/new', dict(username="******", password1='test', password2='test', ensure_home_directory=True))
      assert_true(cluster.fs.exists('/user/test1'))
      dir_stat = cluster.fs.stats('/user/test1')
      assert_equal('test1', dir_stat.user)
      assert_equal('test1', dir_stat.group)
      assert_equal('40755', '%o' % dir_stat.mode)

      # Create a user, then add their home directory
      if cluster.fs.exists('/user/test2'):
        cluster.fs.do_as_superuser(cluster.fs.rmtree, '/user/test2')
      assert_false(cluster.fs.exists('/user/test2'))
      response = c.post('/useradmin/users/new', dict(username="******", password1='test', password2='test'))
      assert_false(cluster.fs.exists('/user/test2'))
      response = c.post('/useradmin/users/edit/%s' % "test2", dict(username="******", password1='test', password2='test', password_old="test", ensure_home_directory=True))
      assert_true(cluster.fs.exists('/user/test2'))
      dir_stat = cluster.fs.stats('/user/test2')
      assert_equal('test2', dir_stat.user)
      assert_equal('test2', dir_stat.group)
      assert_equal('40755', '%o' % dir_stat.mode)

      # Ignore domain in username when importing LDAP users
      # eg: Ignore '@ad.sec.cloudera.com' when importing '*****@*****.**'
      resets.append(desktop.conf.LDAP.LDAP_URL.set_for_testing('default.example.com'))
      if cluster.fs.exists('/user/[email protected]'):
        cluster.fs.do_as_superuser(cluster.fs.rmtree, '/user/[email protected]')
      if cluster.fs.exists('/user/test3'):
        cluster.fs.do_as_superuser(cluster.fs.rmtree, '/user/test3')
      assert_false(cluster.fs.exists('/user/test3'))
      response = c.post('/useradmin/users/new', dict(username="******", password1='test', password2='test', ensure_home_directory=True))
      assert_false(cluster.fs.exists('/user/[email protected]'))
      assert_true(cluster.fs.exists('/user/test3'))

      dir_stat = cluster.fs.stats('/user/test3')
      assert_equal('test3', dir_stat.user)
      assert_equal('test3', dir_stat.group)
      assert_not_equal('*****@*****.**', dir_stat.user)
      assert_not_equal('*****@*****.**', dir_stat.group)
      assert_equal('40755', '%o' % dir_stat.mode)
    finally:
      for reset in resets:
        reset()