def test_bad_token(self): """The change password request has a bad authentication token.""" # Create a user and log them in. create_and_login() # Try changing the password. response = \ self.client.post( PASSWORD_URL, json.dumps({"username": TEST_USER[0], "current_password": TEST_USER[2], "new_password": "******"}), content_type="application/json", HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % BAD_TOKEN) # pylint: disable=E1101 self.assertEqual(response.status_code, HTTP_401_UNAUTHORIZED) # Test logging in using the old password. login(TEST_USER[0], TEST_USER[2]) # Verify that we can't log in using the new password. response = self.client.post(LOGIN_URL, { "username": TEST_USER[0], "password": "******" }) self.assertContains(response, CONTENT_NON_FIELD_ERRORS, status_code=HTTP_400_BAD_REQUEST)
def test_bad_token(self): """We're logged in but present a bogus token.""" create_and_login() for method in (self.client.get, self.client.post): response = \ method(SEARCH_URL, HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % BAD_TOKEN) self.assertContains(response, CONTENT_BAD_TOKEN, status_code=HTTP_401_UNAUTHORIZED) for method in (self.client.get, self.client.put, self.client.patch, self.client.delete): for url in [SEARCH_UUID_URL, SEARCH_UUID_RESULTS_URL]: response = \ method(url % BAD_UUID, HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % BAD_TOKEN) self.assertContains(response, CONTENT_BAD_TOKEN, status_code=HTTP_401_UNAUTHORIZED)
def test_bad_token(self): """We're logged in but present a bogus token.""" create_and_login() for method in (self.client.get, self.client.post): response = \ method(SEARCH_URL, HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % BAD_TOKEN) self.assertContains(response, CONTENT_BAD_TOKEN, status_code=HTTP_401_UNAUTHORIZED) for method in (self.client.get, self.client.put, self.client.patch, self.client.delete): # we dont have a results() or get_by_uuid() for alerts for url in [SEARCH_UUID_URL]: response = \ method(url % BAD_UUID, HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % BAD_TOKEN) self.assertContains(response, CONTENT_BAD_TOKEN, status_code=HTTP_401_UNAUTHORIZED)
def test_bad_token(self): """The change password request has a bad authentication token.""" # Create a user and log them in. create_and_login() # Try changing the password. response = \ self.client.post( PASSWORD_URL, json.dumps({"username": TEST_USER[0], "current_password": TEST_USER[2], "new_password": "******"}), content_type="application/json", HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % BAD_TOKEN) # pylint: disable=E1101 self.assertEqual(response.status_code, HTTP_401_UNAUTHORIZED) # Test logging in using the old password. login(TEST_USER[0], TEST_USER[2]) # Verify that we can't log in using the new password. response = self.client.post(LOGIN_URL, {"username": TEST_USER[0], "password": "******"}) self.assertContains(response, CONTENT_NON_FIELD_ERRORS, status_code=HTTP_400_BAD_REQUEST)
def test_login_already_logged_in(self): # pylint: disable=R0201 """Logging in when the user is already logged in. The user should remain logged in. """ create_and_login() login(TEST_USER[0], TEST_USER[2])
def test_loggedin_get_badtoken(self): """Getting while logged in, using a bad token.""" # Create a user. create_and_login() response = self.client.get( USER_URL, HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % BAD_TOKEN) self.assertContains(response, CONTENT_BAD_TOKEN, status_code=HTTP_401_UNAUTHORIZED)
def test_loggedin_get_badtoken(self): """Getting while logged in, using a bad token.""" # Create a user. create_and_login() response = self.client.get(USER_URL, HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % BAD_TOKEN) self.assertContains(response, CONTENT_BAD_TOKEN, status_code=HTTP_401_UNAUTHORIZED)
def test_allgood(self): """Some add-ons are installed, and all are good.""" # Create three Addon rows. AddonTable.objects.create(name="test1", version="1.001", manufacturer="Foonly, Inc.", url_root="dolphin", notes="test application") AddonTable.objects.create(name="test2", version="2.a(4)", manufacturer="Solinea", url_root="test2", notes="another test application") AddonTable.objects.create(name="test3", version="45", manufacturer="Mozilla", url_root="test3", notes="the real mccoy") # Make all of them "good" apps by mocking out the Django URL resolver. mock_resolver = Mock() # Create a user. token = create_and_login() with patch("goldstone.addons.models.resolve", mock_resolver): response = self.client.get( VERIFY_URL, HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % token) # Test the result. No bad rows = empty list returned. self.assertContains(response, "[]", status_code=HTTP_200_OK)
def test_delete_not_member(self): """Try deleting a user of another tenant.""" # Make two tenants. tenant = Tenant.objects.create(name="tenant", owner="John", owner_contact="206.867.5309") tenant_2 = Tenant.objects.create(name="tenant_2", owner="John", owner_contact="206.867.5309") # Create a tenant_admin, default_tenant_admin, and a normal user of # another tenant. token = create_and_login(tenant=tenant) default_tenant_admin = get_user_model().objects.create_user(username="******", password="******") default_tenant_admin.tenant = tenant default_tenant_admin.default_tenant_admin = True default_tenant_admin.save() user = get_user_model().objects.create_user(username="******", password="******", tenant=tenant_2) # Try DELETE on the normal user. response = self.client.delete( TENANTS_ID_USERS_ID_URL % (tenant.uuid, user.uuid), HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % token ) self.assertContains(response, CONTENT_PERMISSION_DENIED, status_code=HTTP_403_FORBIDDEN) # Ensure we have the right number of user accounts self.assertEqual(get_user_model().objects.count(), 3)
def test_put(self): """Update a user in a tenant.""" # Expected response, sans uuid. EXPECTED_RESPONSE = { "username": "******", "first_name": "1", "last_name": "2", "email": "*****@*****.**", "tenant_admin": False, "is_superuser": False, "default_tenant_admin": False, } # Make a tenant. tenant = Tenant.objects.create(name="tenant", owner="John", owner_contact="206.867.5309") # Create a tenant_admin of the tenant, and a normal user of the tenant. token = create_and_login(tenant=tenant) user = get_user_model().objects.create_user(username="******", password="******") user.tenant = tenant user.save() # Try PUTing to the user. response = self.client.put( TENANTS_ID_USERS_ID_URL % (tenant.uuid, user.uuid), json.dumps({"username": "******", "first_name": "1", "last_name": "2", "email": "*****@*****.**"}), content_type="application/json", HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % token, ) check_response_without_uuid(response, HTTP_200_OK, EXPECTED_RESPONSE, extra_keys=["last_login", "date_joined"])
def test_put_badtoken(self): """Putting (trying to change user attributes) while logged in, but using a bad token.""" # Create a user. create_and_login() response = self.client.put(USER_URL, json.dumps({"first_name": "Dirk"}), content_type="application/json", HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % BAD_TOKEN) self.assertContains(response, CONTENT_BAD_TOKEN, status_code=HTTP_401_UNAUTHORIZED)
def test_allbad(self): """Some add-ons are installed, and they all are bad.""" # Create two Addon rows. app1 = AddonTable.objects.create(name="test1", version="1.001", manufacturer="Foonly, Inc.", url_root="dolphin", notes="test application") app2 = AddonTable.objects.create(name="test2", version="2.a(4)", manufacturer="Solinea", url_root="test2", notes="another test application") # Create a user. token = create_and_login() response = self.client.get( VERIFY_URL, HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % token) # values. pylint: disable=E1101 self.assertEqual(response.status_code, HTTP_400_BAD_REQUEST) content = json.loads(response.content) self.assertEqual(2, len(content)) self.assertIn(str(app1), content) self.assertIn(str(app2), content)
def test_get(self): """Get a user.""" # Expected results, sans uuid keys. EXPECTED_RESULTS = [ { "username": "******", "first_name": "", "last_name": "", "email": "*****@*****.**", "tenant_admin": True, "is_superuser": False, "tenant_name": "tennent", "default_tenant_admin": False }, { "username": "******", "first_name": "", "last_name": "", "email": '', "tenant_admin": False, "is_superuser": False, "default_tenant_admin": False }, ] # Make a tenant. tenant = Tenant.objects.create(name='tennent', owner='John', owner_contact='206.867.5309') # Create a tenant_admin of the tenant. token = create_and_login(tenant=tenant) user = get_user_model().objects.get(username=TEST_USER[0]) # Try GETing the tenant admin. response = self.client.get( TENANTS_ID_USERS_ID_URL % (tenant.uuid, user.uuid), HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % token) check_response_without_uuid(response, HTTP_200_OK, EXPECTED_RESULTS[0], extra_keys=["last_login", "date_joined"]) # Add another user to the tenant, and get her. user = get_user_model().objects.create_user(username="******", password='******') user.tenant = tenant user.save() # Try GETing the second user. response = self.client.get( TENANTS_ID_USERS_ID_URL % (tenant.uuid, user.uuid), HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % token) check_response_without_uuid(response, HTTP_200_OK, EXPECTED_RESULTS[1], extra_keys=["last_login", "date_joined"])
def test_no_tenant(self): """Get or change Cloud data when there's no Goldstone tenant.""" expected_content = deepcopy(EXPECTED_CONTENT) expected_content["tenant_admin"] = True # Make a tenant tenant = Tenant.objects.create(name='hellothere', owner='John', owner_contact='206.867.5309') # Create a tenant_admin of the tenant. Then nullify the Tenant field. token = create_and_login(tenant=tenant) user = get_user_model().objects.all()[0] user.tenant = None user.save() response = self.client.get(USER_URL, HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % token) check_response_without_uuid(response, HTTP_200_OK, expected_content, extra_keys=["last_login", "date_joined"])
def test_post(self): """Create an OpenStack cloud in a tenant.""" # The clouds in this test. TENANT_CLOUD = [{"tenant_name": 'a', "username": '******', "password": '******', "auth_url": "http://d.com"}, {"tenant_name": "ee", "username": "******", "password": "******", "auth_url": "http://route66.com"}, ] # Make a tenant tenant = Tenant.objects.create(name='tenant', owner='John', owner_contact='206.867.5309') # Create a user who's the tenant_admin of this tenant, and log him in. token = create_and_login(tenant=tenant) # Create OpenStack clouds in this tenant, and check the results. for entry in TENANT_CLOUD: response = self.client.post( TENANTS_ID_CLOUD_URL % tenant.uuid, json.dumps(entry), content_type="application/json", HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % token) check_response_without_uuid(response, HTTP_201_CREATED, entry)
def test_delete_default_tnnt_admin(self): """Try deleting the system's default tenant admin.""" # Make a tenant. tenant = Tenant.objects.create(name='tenant', owner='John', owner_contact='206.867.5309') # Create a tenant_admin, default_tenant_admin, and a normal user. token = create_and_login(tenant=tenant) default_tenant_admin = \ get_user_model().objects.create_user(username="******", password="******") default_tenant_admin.tenant = tenant default_tenant_admin.default_tenant_admin = True default_tenant_admin.save() get_user_model().objects.create_user(username="******", password='******', tenant=tenant) # Try to DELETE the default_admin_user. response = self.client.delete( TENANTS_ID_USERS_ID_URL % (tenant.uuid, default_tenant_admin.uuid), HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % token) self.assertContains(response, CONTENT_PERMISSION_DENIED, status_code=HTTP_403_FORBIDDEN) # Ensure we have the right number of user accounts self.assertEqual(get_user_model().objects.count(), 3)
def test_no_tenant(self): """Get or change Cloud data when there's no Goldstone tenant.""" expected_content = deepcopy(EXPECTED_CONTENT) expected_content["tenant_admin"] = True # Make a tenant tenant = Tenant.objects.create(name='hellothere', owner='John', owner_contact='206.867.5309') # Create a tenant_admin of the tenant. Then nullify the Tenant field. token = create_and_login(tenant=tenant) user = get_user_model().objects.all()[0] user.tenant = None user.save() response = self.client.get( USER_URL, HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % token) check_response_without_uuid(response, HTTP_200_OK, expected_content, extra_keys=["last_login", "date_joined"])
def test_get_restricted_fields(self): """Try getting fields that are restricted to tenant_admins.""" cloud_fields = {"tenant_name": "cloud name 0", "username": "******", "password": "******", "auth_url": "http://10.11.12.13:5000/v3/"} # Make a tenant, and one Cloud under it. tenant = Tenant.objects.create(name='hellothere', owner='John', owner_contact='206.867.5309') cloud_fields["tenant"] = tenant Cloud.objects.create(**cloud_fields) # Create a normal user. token = create_and_login() response = self.client.get( USER_URL, HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % token) # None of the Tenant or Cloud fields should be in the response. check_response_without_uuid(response, HTTP_200_OK, EXPECTED_CONTENT, extra_keys=["last_login", "date_joined"])
def test_change_some_fields(self): """Get data from an account, after we've modified some fields.""" expected_content = deepcopy(EXPECTED_CONTENT) expected_content["first_name"] = "Dirk" expected_content["last_name"] = "Diggler" # Create a user and get their authorization token. token = create_and_login() # Change some attributes from the default. Note, the username is # required by djoser UserView/PUT. response = self.client.put( USER_URL, json.dumps({"username": TEST_USER[0], "first_name": "Dirk", "last_name": "Diggler"}), content_type="application/json", HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % token) # pylint: disable=E1101 self.assertEqual(response.status_code, HTTP_200_OK) # Now get the account attributes and see if they've changed. response = self.client.get( USER_URL, HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % token) check_response_without_uuid(response, HTTP_200_OK, expected_content, extra_keys=["last_login", "date_joined"])
def test_no_tenant(self): """Getting a cloud, updating a cloud, or deleting a cloud, when the tenant doesn't exist.""" # Make a tenant, put an OpenStack cloud in it. tenant = Tenant.objects.create(name='tenant 1', owner='John', owner_contact='206.867.5309') cloud = Cloud.objects.create(tenant_name="ee", username="******", password="******", auth_url="http://route66.com", tenant=tenant) # Create a tenant_admin of the tenant. token = create_and_login(tenant=tenant) # Try GET, PUT, and DELETE to a nonexistent tenant. responses = [ self.client.get(TENANTS_ID_CLOUD_ID_URL % (BAD_UUID, cloud.uuid), HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % token), self.client.put(TENANTS_ID_CLOUD_ID_URL % (BAD_UUID, cloud.uuid), json.dumps({"password": "******"}), content_type="application/json", HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % token), self.client.delete( TENANTS_ID_CLOUD_ID_URL % (BAD_UUID, cloud.uuid), HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % token), ] for response in responses: self.assertContains(response, CONTENT_PERMISSION_DENIED, status_code=HTTP_403_FORBIDDEN)
def test_get_pages(self): """Good GET request using pages.""" # We'll ask for the last page of single-entry pages. super(GetPostTests, self).create_store_alert_search_object() expected_rows = AlertSearch.objects.all().count() if expected_rows > 10: expected_rows = 10 # we are expected to get only 1 row for now, so skip prev-page tests # expected_prev = expected_rows - 1 token = create_and_login() response = self.client.get( SEARCH_URL + "?page_size=1&page=%d" % expected_rows, HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % token) # pylint: disable=E1101 self.assertEqual(response.status_code, HTTP_200_OK) response_content = json.loads(response.content) self.assertEqual(expected_rows, response_content["count"]) self.assertIsNone(response_content["next"]) self.assertEqual(1, len(response_content["results"]))
def test_delete_django_admin(self): """Try deleting a Django admin, a.k.a. Goldstone system admin.""" # Make a tenant. tenant = Tenant.objects.create(name='tenant', owner='John', owner_contact='206.867.5309') # Log in as the tenant admin. token = create_and_login(tenant=tenant) # Create a Django admin who's a member of the tenant. django_admin = \ get_user_model().objects.create_superuser("Amber", "*****@*****.**", "xxx", tenant=tenant) # Try DELETE on the Django admin. response = self.client.delete( TENANTS_ID_USERS_ID_URL % (tenant.uuid, django_admin.uuid), HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % token) self.assertContains(response, CONTENT_PERMISSION_DENIED, status_code=HTTP_403_FORBIDDEN) # Ensure we have the right number of user accounts self.assertEqual(get_user_model().objects.count(), 2)
def test_put_badtoken(self): """Putting (trying to change user attributes) while logged in, but using a bad token.""" # Create a user. create_and_login() response = self.client.put( USER_URL, json.dumps({"first_name": "Dirk"}), content_type="application/json", HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % BAD_TOKEN) self.assertContains(response, CONTENT_BAD_TOKEN, status_code=HTTP_401_UNAUTHORIZED)
def test_get_django_admin(self): """Get a tenant list when tenants exist, as a Django admin.""" # The expected content, sans uuids. EXPECTED_CONTENT = \ {'count': 2, 'next': None, 'previous': None, 'results': [{'name': 'tenant 1', 'owner': 'John', 'owner_contact': ''}, {'name': 'tenant 2', 'owner': 'Alex', 'owner_contact': '867-5309'}]} # Create a Django admin user and log her in. token = create_and_login(is_superuser=True) # Make two tenants. Tenant.objects.create(name=EXPECTED_CONTENT["results"][0]["name"], owner=EXPECTED_CONTENT["results"][0]["owner"]) Tenant.objects.create( name=EXPECTED_CONTENT["results"][1]["name"], owner=EXPECTED_CONTENT["results"][1]["owner"], owner_contact=EXPECTED_CONTENT["results"][1]["owner_contact"]) # Try getting the list, then check the results. response = self.client.get( TENANTS_URL, HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % token) check_response_without_uuid(response, HTTP_200_OK, EXPECTED_CONTENT, True)
def test_get_restricted_fields(self): """Try getting fields that are restricted to tenant_admins.""" cloud_fields = { "tenant_name": "cloud name 0", "username": "******", "password": "******", "auth_url": "http://10.11.12.13:5000/v3/" } # Make a tenant, and one Cloud under it. tenant = Tenant.objects.create(name='hellothere', owner='John', owner_contact='206.867.5309') cloud_fields["tenant"] = tenant Cloud.objects.create(**cloud_fields) # Create a normal user. token = create_and_login() response = self.client.get(USER_URL, HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % token) # None of the Tenant or Cloud fields should be in the response. check_response_without_uuid(response, HTTP_200_OK, EXPECTED_CONTENT, extra_keys=["last_login", "date_joined"])
def test_post_missing_fields(self): """Try creating a tenant without some required fields.""" # The expected content, sans uuids. TEST = [{'owner': 'John', 'owner_contact': 'eight six seven'}, {'name': 'tenant 2', 'owner_contact': 'five three oh niiieeiiiin...'}, {'owner_contact': '(666)666-6666'}] # Create a user, save the authorization token, and make the user a # Django admin. token = create_and_login(is_superuser=True) # Create another user, and make them the default_tenant_admin. get_user_model().objects.create_user("Julianne", "*****@*****.**", "bueno", default_tenant_admin=True) # Make the tenants, and check each POST's response. for entry in TEST: response = self.client.post( TENANTS_URL, json.dumps(entry), content_type="application/json", HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % token) self.assertContains(response, ':["This field is required."]}', status_code=HTTP_400_BAD_REQUEST)
def test_no_tenant(self): """Getting a tenant list, changing a tenant's attributes, or deleting a tenant, when the tenant doesn't exist.""" # Create a Django admin user. token = create_and_login(is_superuser=True) # Make a tenant, save its uuid, then delete it. tenant = Tenant.objects.create(name='tenant', owner='John', owner_contact='206.867.5309') uuid = tenant.uuid tenant.delete() # Try getting, putting, and deleting a tenant that doesn't exist. responses = [ self.client.get( TENANTS_ID_URL % uuid, HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % token), self.client.put( TENANTS_ID_URL % uuid, json.dumps({"name": "foobar"}), content_type="application/json", HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % token), self.client.delete( TENANTS_ID_URL % uuid, HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % token) ] for response in responses: self.assertContains(response, CONTENT_PERMISSION_DENIED, status_code=HTTP_403_FORBIDDEN)
def test_delete(self): """Delete a tenant, Django admin is not in the tenant.""" # Create a Django admin user, and a tenant, and a tenant_admin. token = create_and_login(is_superuser=True) tenant = Tenant.objects.create(name='tenant', owner='John', owner_contact='206.867.5309') user = get_user_model().objects.create_user(username="******", password="******") user.tenant = tenant user.tenant_admin = True user.save() # Delete the tenant. This will also delete the users who belong to the # tenant. response = self.client.delete( TENANTS_ID_URL % tenant.uuid, HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % token) # pylint: disable=E1101 self.assertEqual(response.status_code, HTTP_204_NO_CONTENT) # Make sure the tenant and tenant_admin no longer exist, and the Django # admin still does. self.assertEqual(Tenant.objects.count(), 0) self.assertFalse(get_user_model().objects .filter(username="******").exists()) self.assertTrue(get_user_model().objects .filter(username=TEST_USER_1[0]).exists())
def test_expiration(self): """The authorization tokens expire.""" from .tasks import expire_auth_tokens # Create a user. token = create_and_login() # Confirm we can make an API call now. # Mock out resource_types so that it has no nodes or edges. mock_rt_graph = Types() mock_rt_graph.graph.clear() with patch("goldstone.core.resource.types", mock_rt_graph): response = self.client.get( RESTYPE_URL, HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % token) # pylint: disable=E1101 self.assertEqual(response.status_code, HTTP_200_OK) # Call the token-expiration task, then try to do an API call again. It # should fail because of the tokens' expiration. expire_auth_tokens() with patch("goldstone.core.resource.types", mock_rt_graph): response = self.client.get( RESTYPE_URL, HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % token) self.assertEqual(response.status_code, HTTP_401_UNAUTHORIZED)
def test_change_password(self): """Change the current user's password.""" # Create a user. token = create_and_login() # Try changing the password. response = self.client.post( PASSWORD_URL, json.dumps({"current_password": TEST_USER[2], "new_password": "******"}), content_type="application/json", HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % token) # pylint: disable=E1101 self.assertEqual(response.status_code, HTTP_200_OK) # Test logging in using the new password. login(TEST_USER[0], "boom") # Verify that we can't log in using the old password. response = self.client.post(LOGIN_URL, {"username": TEST_USER[0], "password": TEST_USER[2]}) self.assertContains(response, CONTENT_NON_FIELD_ERRORS, status_code=HTTP_400_BAD_REQUEST)
def test_bad_email(self, send_email): """The reset-password password request has a bad email. The server returns a 200 status code, but does not send any email. """ # Create a user and log them out. token = create_and_login() response = self.client.post( LOGOUT_URL, HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % token) self.assertContains(response, '', status_code=HTTP_200_OK) # Now try resetting the password. response = \ self.client.post(PASSWORD_RESET_URL, json.dumps({"email": "*****@*****.**"}), content_type="application/json") # pylint: disable=E1101 self.assertEqual(response.status_code, HTTP_200_OK) # Test that send_email was not called. self.assertEqual(send_email.call_count, 0)
def test_no_access(self): """Getting a tenant list, or creating a tenant, as a normal user.""" # Create a user and get the authorization token. token = create_and_login() # Try getting a tenant list. response = self.client.get( TENANTS_URL, HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % token) self.assertContains(response, CONTENT_NO_PERMISSION, status_code=HTTP_403_FORBIDDEN) # Try creating a tenant. response = self.client.post( TENANTS_URL, json.dumps({"name": "foobar", "owner": "Debra Winger"}), content_type="application/json", HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % token) self.assertContains(response, CONTENT_NO_PERMISSION, status_code=HTTP_403_FORBIDDEN)
def test_delete(self): """Delete a user in a tenant.""" # Make a tenant. tenant = Tenant.objects.create(name='tenant', owner='John', owner_contact='206.867.5309') # Create a tenant_admin, default_tenant_admin, and a normal user. token = create_and_login(tenant=tenant) default_tenant_admin = \ get_user_model().objects.create_user(username="******", password="******") default_tenant_admin.tenant = tenant default_tenant_admin.default_tenant_admin = True default_tenant_admin.save() user = get_user_model().objects.create_user(username="******", password='******', tenant=tenant) # Try to DELETE the normal user. response = self.client.delete( TENANTS_ID_USERS_ID_URL % (tenant.uuid, user.uuid), HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % token) self.assertContains(response, '', status_code=HTTP_204_NO_CONTENT) # Ensure we have the right number of user accounts self.assertEqual(get_user_model().objects.count(), 2)
def test_logged_in(self, send_email): """The user is logged in. No authentication token is needed. """ # Create a user create_and_login() # Try resetting the password. response = self.client.post(PASSWORD_RESET_URL, json.dumps({"email": TEST_USER[1]}), content_type="application/json") self._check_response(response, send_email)
def test_login_another_logged_in(self): # pylint: disable=R0201 """Logging in when another user is logged in. The second user should be logged in normally. """ # Create user 1 and user 2. User 2 is just user 1 with the username and # password swapped. create_and_login() get_user_model().objects.create_user(TEST_USER[2], TEST_USER[1], TEST_USER[0]) # Login user 1, then login user 2. login(TEST_USER[0], TEST_USER[2]) login(TEST_USER[2], TEST_USER[0])
def test_put(self): """Update an Openstack cloud in a tenant.""" # The cloud in this test. TENANT_CLOUD = {"tenant_name": 'a', "username": '******', "password": '******', "auth_url": "http://d.com"} EXPECTED_RESPONSE = TENANT_CLOUD.copy() EXPECTED_RESPONSE["password"] = "******" # Make a tenant, put an OpenStack cloud in it. tenant = Tenant.objects.create(name='tenant 1', owner='John', owner_contact='206.867.5309') cloud = Cloud.objects.create(tenant=tenant, **TENANT_CLOUD) # Create a tenant_admin of the tenant. token = create_and_login(tenant=tenant) # Try PUTing to the cloud. response = self.client.put( TENANTS_ID_CLOUD_ID_URL % (tenant.uuid, cloud.uuid), json.dumps(EXPECTED_RESPONSE), content_type="application/json", HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % token) check_response_without_uuid(response, HTTP_200_OK, EXPECTED_RESPONSE) # Double-check that the Cloud row was updated. self.assertEqual(Cloud.objects.count(), 1) self.assertEqual(Cloud.objects.all()[0].password, EXPECTED_RESPONSE["password"])
def test_no_tenant(self): """Getting a tenant, or creating a cloud in a tenant, when the tenant doesn't exist.""" # Create a Django admin user. token = create_and_login(is_superuser=True) # Make a tenant, then delete it. tenant = Tenant.objects.create(name='tenant', owner='John', owner_contact='206.867.5309') tenant.delete() # Try the GET and POST to a tenant that doesn't exist. responses = [ self.client.get( TENANTS_ID_CLOUD_URL % tenant.uuid, HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % token), self.client.post( TENANTS_ID_CLOUD_URL % tenant.uuid, json.dumps({"tenant_name": 'a', "username": '******', "password": '******', "auth_url": "http://d.com"}), content_type="application/json", HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % token)] for response in responses: self.assertContains(response, CONTENT_PERMISSION_DENIED, status_code=HTTP_403_FORBIDDEN)
def test_no_tenant(self): """Getting a tenant, or creating a user of a tenant, when the tenant doesn't exist.""" # Create a Django admin user. token = create_and_login(is_superuser=True) # Make a tenant, then delete it. tenant = Tenant.objects.create(name='tenant', owner='John', owner_contact='206.867.5309') tenant.delete() # Try the GET and POST to a tenant that doesn't exist. responses = [ self.client.get( TENANTS_ID_USERS_URL % tenant.uuid, HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % token), self.client.post( TENANTS_ID_USERS_URL % tenant.uuid, json.dumps({"username": "******", "password": "******", "email": "*****@*****.**"}), content_type="application/json", HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % token)] for response in responses: self.assertContains(response, CONTENT_PERMISSION_DENIED, status_code=HTTP_403_FORBIDDEN)
def test_get(self): """Get a specific OpenStack cloud from a tenant.""" # The clouds in this test. TENANT_CLOUD = [{"tenant_name": 'a', "username": '******', "password": '******', "auth_url": "http://d.com"}, {"tenant_name": "ee", "username": "******", "password": "******", "auth_url": "http://route66.com"}, ] # Make a tenant. tenant = Tenant.objects.create(name='tenant 1', owner='John', owner_contact='206.867.5309') # Create a tenant_admin of the tenant. token = create_and_login(tenant=tenant) # For every test cloud... for entry in TENANT_CLOUD: # Make it. cloud = Cloud.objects.create(tenant=tenant, **entry) # Try GETting it. response = self.client.get( TENANTS_ID_CLOUD_ID_URL % (tenant.uuid, cloud.uuid), HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % token) check_response_without_uuid(response, HTTP_200_OK, entry)
def test_no_access(self): """Getting the tenant clouds, or creating a tenant cloud, without being a tenant admin.""" # Make a tenant. tenant = Tenant.objects.create(name='tenant 1', owner='John', owner_contact='206.867.5309') # Create a normal user who's a member of the tenant, but *not* a # tenant_admin token = create_and_login() user = get_user_model().objects.get(username=TEST_USER[0]) user.tenant = tenant user.save() # Try the GET and POST. responses = [ self.client.get( TENANTS_ID_CLOUD_URL % tenant.uuid, HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % token), self.client.post( TENANTS_ID_CLOUD_URL % tenant.uuid, json.dumps({"tenant_name": 'a', "username": '******', "password": '******', "auth_url": "http://d.com"}), content_type="application/json", HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % token)] for response in responses: self.assertContains(response, CONTENT_PERMISSION_DENIED, status_code=HTTP_403_FORBIDDEN)
def test_change_password(self): """Change the current user's password.""" # Create a user. token = create_and_login() # Try changing the password. response = self.client.post(PASSWORD_URL, json.dumps({ "current_password": TEST_USER[2], "new_password": "******" }), content_type="application/json", HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % token) # pylint: disable=E1101 self.assertEqual(response.status_code, HTTP_200_OK) # Test logging in using the new password. login(TEST_USER[0], "boom") # Verify that we can't log in using the old password. response = self.client.post(LOGIN_URL, { "username": TEST_USER[0], "password": TEST_USER[2] }) self.assertContains(response, CONTENT_NON_FIELD_ERRORS, status_code=HTTP_400_BAD_REQUEST)
def test_no_tenant(self): """Getting a tenant, or creating a user of a tenant, or deleting a user, when the tenant doesn't exist.""" # Make a tenant. tenant = Tenant.objects.create(name='tenant', owner='John', owner_contact='206.867.5309') # Create a tenant_admin of the tenant. token = create_and_login(tenant=tenant) user = get_user_model().objects.get(username=TEST_USER_1[0]) # Try GET, PUT, and DELETE to a nonexistent tenant. responses = [ self.client.get( TENANTS_ID_USERS_ID_URL % (BAD_UUID, user.uuid), HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % token), self.client.put( TENANTS_ID_USERS_ID_URL % (BAD_UUID, user.uuid), json.dumps({"username": "******", "password": "******", "email": "*****@*****.**"}), content_type="application/json", HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % token), self.client.delete( TENANTS_ID_USERS_ID_URL % (BAD_UUID, user.uuid), HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % token), ] for response in responses: self.assertContains(response, CONTENT_PERMISSION_DENIED, status_code=HTTP_403_FORBIDDEN)
def test_no_access(self): """Getting the tenant users, or creating a tenant user, without being an authorized user.""" # Make a tenant. tenant = Tenant.objects.create(name='tenant 1', owner='John', owner_contact='206.867.5309') # Create a normal user who's a member of the tenant, but *not* a # tenant_admin token = create_and_login() user = get_user_model().objects.get(username=TEST_USER_1[0]) user.tenant = tenant user.save() # Try the GET and POST. responses = [ self.client.get( TENANTS_ID_USERS_URL % tenant.uuid, HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % token), self.client.post( TENANTS_ID_USERS_URL % tenant.uuid, json.dumps({"username": "******", "password": "******", "email": "*****@*****.**"}), content_type="application/json", HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % token)] for response in responses: self.assertContains(response, CONTENT_PERMISSION_DENIED, status_code=HTTP_403_FORBIDDEN)
def test_bad_email(self, send_email): """The reset-password password request has a bad email. The server returns a 200 status code, but does not send any email. """ # Create a user and log them out. token = create_and_login() response = self.client.post(LOGOUT_URL, HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % token) self.assertContains(response, '', status_code=HTTP_200_OK) # Now try resetting the password. response = \ self.client.post(PASSWORD_RESET_URL, json.dumps({"email": "*****@*****.**"}), content_type="application/json") # pylint: disable=E1101 self.assertEqual(response.status_code, HTTP_200_OK) # Test that send_email was not called. self.assertEqual(send_email.call_count, 0)
def test_change_some_fields(self): """Get data from an account, after we've modified some fields.""" expected_content = deepcopy(EXPECTED_CONTENT) expected_content["first_name"] = "Dirk" expected_content["last_name"] = "Diggler" # Create a user and get their authorization token. token = create_and_login() # Change some attributes from the default. Note, the username is # required by djoser UserView/PUT. response = self.client.put(USER_URL, json.dumps({ "username": TEST_USER[0], "first_name": "Dirk", "last_name": "Diggler" }), content_type="application/json", HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % token) # pylint: disable=E1101 self.assertEqual(response.status_code, HTTP_200_OK) # Now get the account attributes and see if they've changed. response = self.client.get(USER_URL, HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % token) check_response_without_uuid(response, HTTP_200_OK, expected_content, extra_keys=["last_login", "date_joined"])