def add(ctx, username, password, role=[], **flags):
engine, _ = project_engine(ctx.obj["project"])
app = create_app({"SQLALCHEMY_DATABASE_URI": str(engine.url)})
from meltano.api.security import users
try:
with app.app_context():
# make sure our User doesn't already exist
if not flags["overwrite"] and users.get_user(username):
raise Exception(
f"User '{username}' already exists. Use --overwrite to update it."
)
# make sure all roles exists
roles = []
for role_name in role:
r = users.find_role(role_name)
if not r:
raise Exception(f"Role '{role_name}' does not exists.")
roles.append(r)
current_user = users.get_user(username) or users.create_user(
username=username
)
current_user.password = hash_password(password)
current_user.roles = roles
# for some reason the scoped_session doesn't trigger the commit
users.db.session.commit()
except Exception as err:
click.secho(f"Could not create user '{username}': {err}", fg="red")
click.Abort()
def test_assign_role(self, user, status_code, api, app, impersonate):
with app.test_request_context():
empty_user = users.create_user(username="******")
# save the new user
db.session.commit()
with impersonate(users.get_user(user)):
res = api.post(
url_for("settings.roles"),
json={"role": {"name": "pytest"}, "user": empty_user.username},
)
assert res.status_code == status_code, res.data
if status_code == 201:
db.session.add(empty_user)
assert "pytest" in empty_user.roles
def test_gitlab_token_identity_maps_user(self, gitlab, app):
token = {
"access_token": "thisisavalidtoken",
"id_token": "thisisavalidJWT",
"created_at": 1548789020,
}
# test automatic user mapping
with app.test_request_context("/oauth/authorize"):
# let's create a user with the same email, that is currently logged
user = users.create_user(email="*****@*****.**")
# but only if the user is currently logged (to prevent hi-jacking)
with pytest.raises(OAuthError):
identity = gitlab_token_identity(token)
# the new identity should be mapped to the existing user
login_user(user)
identity = gitlab_token_identity(token)
assert identity.user == user
def test_unassign_role(self, user, status_code, api, app, impersonate):
with app.test_request_context():
fake_role = users.find_or_create_role(name="pytest")
empty_user = users.create_user(username="******")
users.add_role_to_user(empty_user, fake_role)
# save the new user + role
db.session.commit()
# make sure the setup is valid
assert fake_role in empty_user.roles
with impersonate(users.get_user(user)):
res = api.delete(
url_for("settings.roles"),
json={"role": {"name": "pytest"}, "user": empty_user.username},
)
assert res.status_code == status_code, res.data
if res.status_code == 201:
# refresh the instance
empty_user = users.get_user(empty_user.username)
assert fake_role not in empty_user.roles