def Create2HuntsForDifferentUsers(self): # Create 2 hunts. Hunt1 by "otheruser" and hunt2 by us. # Both hunts will be approved by user "approver". hunt1_id = self.CreateSampleHunt(token=access_control.ACLToken( username="******")) hunt2_id = self.CreateSampleHunt(token=access_control.ACLToken( username=self.token.username)) self.CreateAdminUser("approver") token = access_control.ACLToken(username="******") security.HuntApprovalRequestor(subject_urn=hunt1_id, reason=self.reason, approver="approver", token=token).Request() token = access_control.ACLToken(username=self.token.username) security.HuntApprovalRequestor(subject_urn=hunt2_id, reason=self.reason, approver="approver", token=token).Request() token = access_control.ACLToken(username="******") security.HuntApprovalGrantor(subject_urn=hunt1_id, reason=self.reason, delegate="otheruser", token=token).Grant() token = access_control.ACLToken(username="******") security.HuntApprovalGrantor(subject_urn=hunt2_id, reason=self.reason, delegate=self.token.username, token=token).Grant()
def Run(self): with test_lib.FakeTime(42): self.CreateAdminUser("approver") with self.CreateHunt(description="hunt1") as hunt_obj: hunt1_urn = hunt_obj.urn hunt1_id = hunt1_urn.Basename() with self.CreateHunt(description="hunt2") as hunt_obj: hunt2_urn = hunt_obj.urn hunt2_id = hunt2_urn.Basename() with test_lib.FakeTime(44): approval_urn = security.HuntApprovalRequestor( reason="foo", subject_urn=hunt1_urn, approver="approver", token=self.token).Request() approval1_id = approval_urn.Basename() with test_lib.FakeTime(45): approval_urn = security.HuntApprovalRequestor( reason="bar", subject_urn=hunt2_urn, approver="approver", token=self.token).Request() approval2_id = approval_urn.Basename() with test_lib.FakeTime(84): approver_token = access_control.ACLToken(username="******") security.HuntApprovalGrantor(reason="bar", delegate=self.token.username, subject_urn=hunt2_urn, token=approver_token).Grant() with test_lib.FakeTime(126): self.Check("GetHuntApproval", args=user_plugin.ApiGetHuntApprovalArgs( username=self.token.username, hunt_id=hunt1_id, approval_id=approval1_id), replace={ hunt1_id: "H:123456", approval1_id: "approval:111111" }) self.Check("GetHuntApproval", args=user_plugin.ApiGetHuntApprovalArgs( username=self.token.username, hunt_id=hunt2_id, approval_id=approval2_id), replace={ hunt2_id: "H:567890", approval2_id: "approval:222222" })
def Run(self): with test_lib.FakeTime(42): self.CreateAdminUser("requestor") with self.CreateHunt(description="a hunt") as hunt_obj: hunt_urn = hunt_obj.urn hunt_id = hunt_urn.Basename() with test_lib.FakeTime(44): requestor_token = access_control.ACLToken(username="******") approval_urn = security.HuntApprovalRequestor( reason="foo", subject_urn=hunt_urn, approver=self.token.username, token=requestor_token).Request() approval_id = approval_urn.Basename() with test_lib.FakeTime(126): self.Check("GrantHuntApproval", args=user_plugin.ApiGrantHuntApprovalArgs( hunt_id=hunt_id, approval_id=approval_id, username="******"), replace={ hunt_id: "H:123456", approval_id: "approval:111111" })
def testEmailHuntApprovalRequestLinkLeadsToACorrectPage(self): hunt_id = self.CreateSampleHunt() messages_sent = [] def SendEmailStub(unused_from_user, unused_to_user, unused_subject, message, **unused_kwargs): messages_sent.append(message) # Request client approval, it will trigger an email message. with utils.Stubber(email_alerts.EMAIL_ALERTER, "SendEmail", SendEmailStub): security.HuntApprovalRequestor( reason="Please please let me", subject_urn=hunt_id, approver=self.token.username, token=access_control.ACLToken( username="******", reason="test")).Request() self.assertEqual(len(messages_sent), 1) # Extract link from the message text and open it. m = re.search(r"href='(.+?)'", messages_sent[0], re.MULTILINE) link = urlparse.urlparse(m.group(1)) self.Open(link.path + "?" + link.query + "#" + link.fragment) # Check that requestor's username and reason are correctly displayed. self.WaitUntil(self.IsTextPresent, "iwantapproval") self.WaitUntil(self.IsTextPresent, "Please please let me") # Check that host information is displayed. self.WaitUntil(self.IsTextPresent, str(hunt_id)) self.WaitUntil(self.IsTextPresent, "SampleHunt")
def testRendersRequestedHuntAppoval(self): with implementation.GRRHunt.StartHunt( hunt_name=standard.SampleHunt.__name__, token=self.token) as hunt: pass aff4_security.HuntApprovalRequestor(reason=self.token.reason, subject_urn=hunt.urn, approver="approver", token=self.token).Request() args = user_plugin.ApiListHuntApprovalsArgs() result = self.handler.Handle(args, token=self.token) self.assertEqual(len(result.items), 1)
def GrantHuntApproval(self, hunt_urn, token=None): """Grants an approval for a given hunt.""" token = token or self.token # Create the approval and approve it. security.HuntApprovalRequestor(subject_urn=hunt_urn, reason=token.reason, approver="approver", token=token).Request() self.CreateAdminUser("approver") approver_token = access_control.ACLToken(username="******") security.HuntApprovalGrantor(subject_urn=hunt_urn, reason=token.reason, delegate=token.username, token=approver_token).Grant()
def Run(self): with test_lib.FakeTime(42): self.CreateAdminUser("approver") hunt = implementation.GRRHunt.StartHunt( hunt_name=standard.GenericHunt.__name__, token=self.token) with test_lib.FakeTime(43): approval_urn = security.HuntApprovalRequestor( reason=self.token.reason, subject_urn=hunt.urn, approver="approver", token=self.token).Request() approval_id = approval_urn.Basename() with test_lib.FakeTime(126): self.Check("ListHuntApprovals", replace={ hunt.urn.Basename(): "H:123456", approval_id: "approval:112233" })
def testCreatingApprovalCreatesSymlink(self): hunt_urn = rdfvalue.RDFURN("aff4:/hunts/H:ABCD1234") security.HuntApprovalRequestor(reason=self.token.reason, subject_urn=hunt_urn, approver="approver", token=self.token).Request() approval_id = list( aff4.FACTORY.ListChildren( "aff4:/users/test/approvals/hunt/H:ABCD1234", token=self.token))[0].Basename() self.assertTrue(approval_id.startswith("approval:")) fd = aff4.FACTORY.Open( "aff4:/users/test/approvals/hunt/H:ABCD1234/%s" % approval_id, follow_symlinks=False, mode="r", token=self.token) self.assertEqual(fd.Get(fd.Schema.TYPE), "AFF4Symlink") self.assertEqual(fd.Get(fd.Schema.SYMLINK_TARGET), "aff4:/ACL/hunts/H:ABCD1234/test/%s" % approval_id)