def test_role_put_with_data_and_user(client, session):
from lemur.auth.service import create_token
user = UserFactory()
role = RoleFactory(users=[user])
role1 = RoleFactory()
user1 = UserFactory()
session.commit()
headers = {
'Authorization': 'Basic ' + create_token(user),
'Content-Type': 'application/json'
}
data = {
'users': [{
'id': user1.id
}, {
'id': user.id
}],
'id': role.id,
'name': role.name
}
assert client.put(api.url_for(Roles, role_id=role.id),
data=json.dumps(data),
headers=headers).status_code == 200
assert client.get(api.url_for(RolesList), data={},
headers=headers).json['total'] == 1
def test_user_role_changes(client, session):
user = UserFactory()
role1 = RoleFactory()
role2 = RoleFactory()
session.flush()
data = {
'active': True,
'id': user.id,
'username': user.username,
'email': user.email,
'roles': [
{'id': role1.id},
{'id': role2.id},
],
}
# PUT two roles
resp = client.put(api.url_for(Users, user_id=user.id), data=json.dumps(data), headers=VALID_ADMIN_HEADER_TOKEN)
assert resp.status_code == 200
assert len(resp.json['roles']) == 2
assert set(user.roles) == {role1, role2}
# Remove one role and PUT again
del data['roles'][1]
resp = client.put(api.url_for(Users, user_id=user.id), data=json.dumps(data), headers=VALID_ADMIN_HEADER_TOKEN)
assert resp.status_code == 200
assert len(resp.json['roles']) == 1
assert set(user.roles) == {role1}
def test_fetch_objects(session):
from lemur.roles.models import Role
from lemur.schemas import fetch_objects
role = RoleFactory()
role1 = RoleFactory()
session.commit()
data = {"id": role.id}
found_role = fetch_objects(Role, data)
assert found_role == role
data = {"name": role.name}
found_role = fetch_objects(Role, data)
assert found_role == role
data = [{"id": role.id}, {"id": role1.id}]
found_roles = fetch_objects(Role, data, many=True)
assert found_roles == [role, role1]
data = [{"name": role.name}, {"name": role1.name}]
found_roles = fetch_objects(Role, data, many=True)
assert found_roles == [role, role1]
with pytest.raises(ValidationError):
data = [{"name": "blah"}, {"name": role1.name}]
fetch_objects(Role, data, many=True)
with pytest.raises(ValidationError):
data = {"name": "nah"}
fetch_objects(Role, data)
def test_role_put_with_data_and_user(client, session):
from lemur.auth.service import create_token
user = UserFactory()
role = RoleFactory(users=[user])
role1 = RoleFactory()
user1 = UserFactory()
session.commit()
headers = {
"Authorization": "Basic " + create_token(user),
"Content-Type": "application/json",
}
data = {
"users": [{"id": user1.id}, {"id": user.id}],
"id": role.id,
"name": role.name,
}
assert (
client.put(
api.url_for(Roles, role_id=role.id), data=json.dumps(data), headers=headers
).status_code
== 200
)
assert (
client.get(api.url_for(RolesList), data={}, headers=headers).json["total"] > 1
)
def test_authority_roles(client, session, issuer_plugin):
auth = AuthorityFactory()
role = RoleFactory()
session.flush()
data = {
'owner': auth.owner,
'name': auth.name,
'description': auth.description,
'active': True,
'roles': [
{
'id': role.id
},
],
}
# Add role
resp = client.put(api.url_for(Authorities, authority_id=auth.id),
data=json.dumps(data),
headers=VALID_ADMIN_HEADER_TOKEN)
assert resp.status_code == 200
assert len(resp.json['roles']) == 1
assert set(auth.roles) == {role}
# Remove role
del data['roles'][0]
resp = client.put(api.url_for(Authorities, authority_id=auth.id),
data=json.dumps(data),
headers=VALID_ADMIN_HEADER_TOKEN)
assert resp.status_code == 200
assert len(resp.json['roles']) == 0
def test_authority_roles(client, session, issuer_plugin):
auth = AuthorityFactory()
role = RoleFactory()
session.flush()
data = {
"owner": auth.owner,
"name": auth.name,
"description": auth.description,
"active": True,
"roles": [{
"id": role.id
}],
}
# Add role
resp = client.put(
api.url_for(Authorities, authority_id=auth.id),
data=json.dumps(data),
headers=VALID_ADMIN_HEADER_TOKEN,
)
assert resp.status_code == 200
assert len(resp.json["roles"]) == 1
assert set(auth.roles) == {role}
# Remove role
del data["roles"][0]
resp = client.put(
api.url_for(Authorities, authority_id=auth.id),
data=json.dumps(data),
headers=VALID_ADMIN_HEADER_TOKEN,
)
assert resp.status_code == 200
assert len(resp.json["roles"]) == 0
def test_role_put_with_data(client, session, token, status):
user = UserFactory()
role = RoleFactory()
session.commit()
data = {'users': [{'id': user.id}], 'id': role.id, 'name': role.name}
assert client.put(api.url_for(Roles, role_id=role.id),
data=json.dumps(data),
headers=token).status_code == status
def test_user_role_changes(client, session):
user = UserFactory()
role1 = RoleFactory()
role2 = RoleFactory()
session.flush()
data = {
"active": True,
"id": user.id,
"username": user.username,
"email": user.email,
"roles": [{
"id": role1.id
}, {
"id": role2.id
}],
}
# PUT two roles
resp = client.put(
api.url_for(Users, user_id=user.id),
data=json.dumps(data),
headers=VALID_ADMIN_HEADER_TOKEN,
)
assert resp.status_code == 200
assert len(resp.json["roles"]) == 2
assert set(user.roles) == {role1, role2}
# Remove one role and PUT again
del data["roles"][1]
resp = client.put(
api.url_for(Users, user_id=user.id),
data=json.dumps(data),
headers=VALID_ADMIN_HEADER_TOKEN,
)
assert resp.status_code == 200
assert len(resp.json["roles"]) == 1
assert set(user.roles) == {role1}
def test_multiple_authority_certificate_association(session, client):
role = RoleFactory()
authority = AuthorityFactory()
certificate = CertificateFactory()
authority1 = AuthorityFactory()
certificate1 = CertificateFactory()
role.authorities.append(authority)
role.authorities.append(authority1)
role.certificates.append(certificate)
role.certificates.append(certificate1)
session.commit()
assert role.authorities[0].name == authority.name
assert role.authorities[1].name == authority1.name
assert role.certificates[0].name == certificate.name
assert role.certificates[1].name == certificate1.name
def test_create_authority(issuer_plugin, user):
from lemur.authorities.service import create
from lemur.tests.factories import RoleFactory
authority = create(
plugin={
"plugin_object": issuer_plugin,
"slug": issuer_plugin.slug
},
owner=user["user"].email,
type="root",
name="example authority",
creator=user["user"],
roles=[RoleFactory(name="new-role-test_create_authority")])
assert authority.authority_certificate
assert authority.owner == user["user"].email
assert len(authority.roles) == 3
for role in authority.roles:
assert role.name in [
user["user"].email, "test_example_authority_admin",
"new-role-test_create_authority"
]
assert "test_example_authority_admin" not in user["user"].roles
assert "new-role-test_create_authority" not in user["user"].roles