def createTwoUsersForOnePerson(self, userID1, userID2,
InternalAuthUsername, storeConnection):
masterTenant = GetTenant(masterTenantName,
storeConnection,
appObj=appObj)
CreateUser(appObj, {
"user_unique_identifier": userID1,
"known_as": userID1
}, masterTenantName, "test/createTwoUsersForOnePerson",
storeConnection)
CreateUser(appObj, {
"user_unique_identifier": userID2,
"known_as": userID2
}, masterTenantName, "test/createTwoUsersForOnePerson",
storeConnection)
authProvGUID = list(masterTenant.getAuthProviderGUIDList())[
0] #Just use first configured authProvider
person = CreatePerson(appObj, storeConnection, None, 'a', 'b', 'c')
authData = AddAuth(
appObj, masterTenantName, authProvGUID, {
"username": InternalAuthUsername,
"password": get_APIAPP_DEFAULTHOMEADMINPASSWORD_bytes()
}, person['guid'], storeConnection)
associateUserWithPerson(appObj, userID1, person['guid'],
storeConnection)
associateUserWithPerson(appObj, userID2, person['guid'],
storeConnection)
return {'authProvGUID': authProvGUID, 'person': person}
def fn(storeConnection):
tenant = GetTenant(tenantName, storeConnection, appObj=appObj)
CreateUser(appObj, {
"user_unique_identifier": userID,
"known_as": userID
}, tenantName, "test/createLoginForTenant", storeConnection)
##Don't know if this is needed
##AddUserRole(appObj, userID, tenantName, constants.DefaultHasAccountRole, storeConnection)
person = CreatePerson(appObj, storeConnection, None, 'a', 'b', 'c')
authProv = tenant.getSingleAuthProviderOfType(type="internal")
if authProv is None:
raise Exception("No internal auth prov")
authData = AddAuth(
appObj=appObj,
tenantName=tenantName,
authProviderGUID=authProv["guid"],
credentialDICT={
"username":
InternalAuthUsername,
"password":
getHashedPasswordUsingSameMethodAsJavascriptFrontendShouldUse(
username=InternalAuthUsername,
password=InternalAuthPassword,
tenantAuthProvSalt=authProv["guid"])
},
personGUID=person['guid'],
storeConnection=storeConnection)
associateUserWithPerson(appObj, userID, person['guid'],
storeConnection)
return None
def run(self, appObj, storeConnection):
tenantObj = GetTenant(self.tenantName, storeConnection, appObj=appObj)
if tenantObj is None:
raise Exception("AddInternalUserAccount: Tenant " +
self.tenantName + " does not exist")
authProvDict = tenantObj.getSingleAuthProviderOfType("internal")
if authProvDict is None:
raise Exception(
"AddInternalUserAccount: Tenant " + self.tenantName +
" does not have (exactly) one internal auth provider")
CreateUser(appObj, {
"user_unique_identifier": self.userID,
"known_as": self.Username
}, self.tenantName, 'autoConfigRunner/AddInternalUserAccount',
storeConnection)
person = CreatePerson(appObj, storeConnection, None, 'a', 'b', 'c')
credentialJSON = {
"username":
self.Username,
"password":
getHashedPasswordUsingSameMethodAsJavascriptFrontendShouldUse(
appObj, self.Username, self.Password,
authProvDict['saltForPasswordHashing'])
}
GetAuthProvider(appObj=appObj,
tenantName=self.tenantName,
authProviderGUID=authProvDict['guid'],
storeConnection=storeConnection,
tenantObj=tenantObj).AddAuth(
appObj,
credentialJSON,
person['guid'],
storeConnection,
associatePersonWithAuthCalledWhenAuthIsCreated=
associatePersonWithAuthCalledWhenAuthIsCreated)
associateUserWithPerson(appObj, self.userID, person['guid'],
storeConnection)
for curTenant in self.Roles:
for curRole in self.Roles[curTenant]:
AddUserRole(appObj, self.userID, curTenant, curRole,
storeConnection)
print("AddInternalUserAccount: Add " + self.Username + " to tenant " +
tenantObj.getName())
self.setPassed()
def RegisterUser(appObj, tenantObj, authProvGUID, credentialDICT, createdBy,
storeConnection, ticketObj, ticketTypeObj):
ticketAllowsUsToCreateAUser = False
if ticketObj is not None:
#If the ticket was for a different tenant then the ticket type would have
# come back as none and that is captured in the API code
if ticketObj.getUsable(ticketTypeObj=ticketTypeObj) != "USABLE":
raise ticketNotUsableException
ticketAllowsUsToCreateAUser = ticketTypeObj.getAllowUserCreation()
if not tenantObj.getAllowUserCreation():
if not ticketAllowsUsToCreateAUser:
raise userCreationNotAllowedException
authProvObj = _getAuthProvider(appObj, tenantObj.getName(), authProvGUID,
storeConnection, tenantObj)
if not authProvObj.getAllowUserCreation():
if not ticketAllowsUsToCreateAUser:
raise userCreationNotAllowedException
userData = authProvObj.getTypicalAuthData(credentialDICT)
CreateUser(appObj, userData, tenantObj.getName(), createdBy,
storeConnection)
person = CreatePerson(appObj, storeConnection, None, 'a', 'b', 'c')
authData = authProvObj.AddAuth(
appObj,
credentialDICT,
person['guid'],
storeConnection,
associatePersonWithAuthCalledWhenAuthIsCreated=
associatePersonWithAuthCalledWhenAuthIsCreated)
associateUserWithPerson(appObj, userData['user_unique_identifier'],
person['guid'], storeConnection)
userObj = GetUser(appObj, userData['user_unique_identifier'],
storeConnection)
if ticketObj is not None:
#This updates the existing userObj
# and saves to the database if change was made
appObj.TicketManager.executeTicketForUser(
appObj=appObj,
userObj=userObj,
ticketObj=ticketObj,
ticketTypeObj=ticketTypeObj,
storeConnection=storeConnection)
return userObj
def createLDAPUser(self,
username,
storeConnection,
authProvGUID,
appObj=appObj):
masterTenant = GetTenant(constants.masterTenantName,
storeConnection,
appObj=appObj)
CreateUser(appObj, {
"user_unique_identifier": username,
"known_as": username
}, constants.masterTenantName, "test/createLDAPUser", storeConnection)
person = CreatePerson(appObj, storeConnection, None, 'a', 'b', 'c')
authData = AddAuth(appObj, constants.masterTenantName, authProvGUID,
{"username": username}, person['guid'],
storeConnection)
associateUserWithPerson(appObj, username, person['guid'],
storeConnection)
return {'authProvGUID': authProvGUID, 'person': person}
def CreateMasterTenant(appObj, testingMode, storeConnection):
print("Creating master tenant")
_createTenant(
appObj,
masterTenantName,
masterTenantDefaultDescription,
False,
storeConnection,
JWTCollectionAllowedOriginList=list(
map(
lambda x: x.strip(),
appObj.
APIAPP_DEFAULTMASTERTENANTJWTCOLLECTIONALLOWEDORIGINFIELD.
split(","))),
TicketOverrideURL="",
SelectAuthMessage=constants.masterTenantDefaultSelectAuthMessage,
TenantBannerHTML=constants.masterTenantDefaultTenantBannerHTML)
masterTenantInternalAuthProvider = AddAuthProvider(
appObj, masterTenantName, masterTenantDefaultAuthProviderMenuText,
masterTenantDefaultAuthProviderMenuIconLink, "internal", False,
{"userSufix": "@internalDataStore"}, storeConnection, False, False,
constants.masterTenantDefaultAuthProviderMenuTextInternalAuthLinkText)
userID = appObj.defaultUserGUID
InternalAuthUsername = appObj.APIAPP_DEFAULTHOMEADMINUSERNAME
#User spercific creation
CreateUser(appObj, {
"user_unique_identifier": userID,
"known_as": InternalAuthUsername
}, masterTenantName, 'init/CreateMasterTenant', storeConnection)
AddUserRole(appObj, userID, masterTenantName,
constants.masterTenantDefaultSystemAdminRole, storeConnection)
AddUserRole(appObj, userID, masterTenantName,
constants.SecurityEndpointAccessRole, storeConnection)
person = None
if testingMode:
person = CreatePerson(appObj, storeConnection,
appObj.testingDefaultPersonGUID, 'a', 'b', 'c')
else:
person = CreatePerson(appObj, storeConnection, None, 'a', 'b', 'c')
credentialJSON = {
"username":
InternalAuthUsername,
"password":
getHashedPasswordUsingSameMethodAsJavascriptFrontendShouldUse(
appObj, InternalAuthUsername,
appObj.APIAPP_DEFAULTHOMEADMINPASSWORD,
masterTenantInternalAuthProvider['saltForPasswordHashing'])
}
authData = _getAuthProvider(
appObj, masterTenantName, masterTenantInternalAuthProvider['guid'],
storeConnection,
None).AddAuth(appObj,
credentialJSON,
person['guid'],
storeConnection,
associatePersonWithAuthCalledWhenAuthIsCreated=
associatePersonWithAuthCalledWhenAuthIsCreated)
#mainUserIdentity with authData
associateUserWithPerson(appObj, userID, person['guid'], storeConnection)
def someFn(connectionContext):
tenantJSON = self.createTenantForTesting(tenantWithNoAuthProviders)
testDateTime = datetime.now(pytz.timezone("UTC"))
appObj.setTestingDateTime(testDateTime)
userID1 = 'TestUser1'
userID2 = 'TestUser2'
userID3 = 'TestUser3InDifferentTenant'
InternalAuthUsername = '******'
res = self.createTwoUsersForOnePerson(userID1, userID2, InternalAuthUsername, connectionContext)
person = res['person']
CreateUser(appObj, {"user_unique_identifier": userID3, "known_as": userID3}, tenantWithNoAuthProviders["Name"], "test/getMutipleIdentityResponseOnlyReturnsUsersForThisTenant", connectionContext) #might fail if I require transaction in future
associateUserWithPerson(appObj, userID3, person['guid'], connectionContext)
result = self.testClient.get(
self.loginAPIPrefix + '/' + masterTenantName + '/authproviders',
headers={"Origin": httpOrigin}
)
self.assertEqual(result.status_code, 200)
resultJSON = json.loads(result.get_data(as_text=True))
masterAuthProviderGUID = resultJSON[ 'AuthProviders' ][0]['guid']
loginJSON = {
##"identityGUID": "string",
"authProviderGUID": masterAuthProviderGUID,
"credentialJSON": {
"username": InternalAuthUsername,
"password": env['APIAPP_DEFAULTHOMEADMINPASSWORD']
}
}
result2 = self.testClient.post(
self.loginAPIPrefix + '/' + masterTenantName + '/authproviders',
data=json.dumps(loginJSON),
content_type='application/json',
headers={"Origin": httpOrigin}
)
self.assertEqual(result2.status_code, 200)
result2JSON = json.loads(result2.get_data(as_text=True))
user1ExcpectedResult = {
"UserID": userID1,
"TenantRoles": [{
"TenantName": masterTenantName,
"ThisTenantRoles": [DefaultHasAccountRole]
}],
"known_as": userID1,
"other_data": {
"createdBy": "test/createTwoUsersForOnePerson"
},
"creationDateTime": testDateTime.isoformat(),
"lastUpdateDateTime": testDateTime.isoformat()
}
user2ExcpectedResult = {
"UserID": userID2,
"TenantRoles": [{
"TenantName": masterTenantName,
"ThisTenantRoles": [DefaultHasAccountRole]
}],
"known_as": userID2,
"other_data": {
"createdBy": "test/createTwoUsersForOnePerson"
},
"creationDateTime": testDateTime.isoformat(),
"lastUpdateDateTime": testDateTime.isoformat()
}
id1Found = False
id2Found = False
self.assertEqual(len(result2JSON['possibleUsers']), 2, msg="Wrong number of possible Users")
for resultUser in result2JSON['possibleUsers']:
if resultUser['UserID'] == userID1:
id1Found = True
self.assertJSONStringsEqualWithIgnoredKeys(resultUser, user1ExcpectedResult, [ 'guid', 'ObjectVersion', 'associatedPersonGUIDs' ], msg="Identity 1 result mismatch")
if resultUser['UserID'] == userID2:
id2Found = True
self.assertJSONStringsEqualWithIgnoredKeys(resultUser, user2ExcpectedResult, [ 'guid', 'ObjectVersion', 'associatedPersonGUIDs' ], msg="Identity 2 result mismatch")
self.assertTrue(id1Found, msg="Identity 1 not in response")
self.assertTrue(id2Found, msg="Identity 2 not in response")
def someFn(connectionContext):
masterTenant = GetTenant(masterTenantName,
connectionContext,
appObj=appObj)
userID = 'TestUser'
CreateUser(appObj, {
"user_unique_identifier": userID,
"known_as": userID
}, masterTenantName, 'test/CreateMasterTenant', connectionContext)
authProvGUID = list(masterTenant.getAuthProviderGUIDList())[
0] #Just use first configured authProvider
person1 = CreatePerson(appObj, connectionContext, None, 'a', 'b',
'c')
person2 = CreatePerson(appObj, connectionContext, None, 'a', 'b',
'c')
InternalAuthUsername1 = 'SomeLogin1'
InternalAuthUsername2 = 'SomeLogin2'
authData1 = AddAuth(
appObj, masterTenantName, authProvGUID, {
"username": InternalAuthUsername1,
"password": get_APIAPP_DEFAULTHOMEADMINPASSWORD_bytes()
}, person1['guid'], connectionContext)
authData2 = AddAuth(
appObj, masterTenantName, authProvGUID, {
"username": InternalAuthUsername2,
"password": get_APIAPP_DEFAULTHOMEADMINPASSWORD_bytes()
}, person2['guid'], connectionContext)
associateUserWithPerson(appObj, userID, person1['guid'],
connectionContext)
associateUserWithPerson(appObj, userID, person2['guid'],
connectionContext)
#Try and log in and make sure both people get access to the user
UserIDandRoles = Login(
appObj, masterTenantName, authProvGUID, {
'username': InternalAuthUsername1,
'password': get_APIAPP_DEFAULTHOMEADMINPASSWORD_bytes()
}, None, connectionContext, 'a', 'b', 'c')
expectedJSONResponse = {
'TenantRoles': {
"usersystem": [DefaultHasAccountRole]
},
'UserID':
userID,
"exp":
"xx",
"iss":
userID,
"authedPersonGuid":
person1['guid'],
"known_as":
userID,
"other_data": {
"createdBy": "test/CreateMasterTenant"
},
"currentlyUsedAuthKey":
InternalAuthUsername1 + "@internalDataStore_`@\\/'internal"
}
self.assertJSONStringsEqualWithIgnoredKeys(
self.decodeToken(UserIDandRoles['jwtData']['JWTToken']),
expectedJSONResponse,
['exp', 'associatedPersons', 'currentlyUsedAuthProviderGuid'],
msg="Failed to login to identity 1")
UserIDandRoles = Login(
appObj, masterTenantName, authProvGUID, {
'username': InternalAuthUsername2,
'password': get_APIAPP_DEFAULTHOMEADMINPASSWORD_bytes()
}, None, connectionContext, 'a', 'b', 'c')
expectedJSONResponse['authedPersonGuid'] = person2['guid']
expectedJSONResponse[
'currentlyUsedAuthKey'] = InternalAuthUsername2 + "@internalDataStore_`@\\/'internal"
self.assertJSONStringsEqualWithIgnoredKeys(
self.decodeToken(UserIDandRoles['jwtData']['JWTToken']),
expectedJSONResponse,
['exp', 'associatedPersons', 'currentlyUsedAuthProviderGuid'],
msg="Failed to login to identity 2")
def someFn(connectionContext):
return associateUserWithPerson(appObj,
content["UserID"],
content["personGUID"],
connectionContext)