def add(ctx, username, password, role=[], **flags): engine, _ = project_engine(ctx.obj["project"]) app = create_app({"SQLALCHEMY_DATABASE_URI": str(engine.url)}) from meltano.api.security import users try: with app.app_context(): # make sure our User doesn't already exist if not flags["overwrite"] and users.get_user(username): raise Exception( f"User '{username}' already exists. Use --overwrite to update it." ) # make sure all roles exists roles = [] for role_name in role: r = users.find_role(role_name) if not r: raise Exception(f"Role '{role_name}' does not exists.") roles.append(r) current_user = users.get_user(username) or users.create_user( username=username ) current_user.password = hash_password(password) current_user.roles = roles # for some reason the scoped_session doesn't trigger the commit users.db.session.commit() except Exception as err: click.secho(f"Could not create user '{username}': {err}", fg="red") click.Abort()
def test_upgrade_authenticated(self, app, api, impersonate): with app.test_request_context(): with impersonate(users.get_user("alice")): res = api.post(url_for("api_root.upgrade")) assert res.status_code == 201 assert res.data == b"Meltano update in progress."
def test_bootstrap_authenticated(self, app, api, impersonate): with app.test_request_context(): with impersonate(users.get_user("alice")): res = api.get(url_for("root.bootstrap")) assert res.status_code == 302 assert res.location == url_for("root.default", _external=True)
def test_plugins_authenticated(self, app, api, impersonate): with app.test_request_context(): with impersonate(users.get_user("alice")): res = api.get(url_for("plugins.all")) assert res.status_code == 200 assert "extractors" in res.json
def test_upgrade_authenticated(self, app, api, impersonate): with app.test_request_context(): with impersonate(users.get_user("alice")): res = api.post(url_for("api_root.upgrade")) assert res.status_code == 499 assert b"read-only mode" in res.data
def test_delete_admin_role(self, user, status_code, api, app, impersonate): with app.test_request_context(): with impersonate(users.get_user(user)): res = api.delete( url_for("settings.roles"), json={"role": {"name": "admin"}} ) assert res.status_code == status_code, res.data
def test_identity_authenticated(self, app, api, impersonate): with app.test_request_context(): with impersonate(users.get_user("alice")): res = api.get(url_for("api_root.identity")) assert res.status_code == 200 assert res.json["username"] == "alice" assert res.json["anonymous"] == False assert res.json["can_sign_in"] == False
def test_get_embed_authenticated(self, app, api, impersonate): with app.test_request_context(): with mock.patch( "meltano.api.controllers.embeds_helper.EmbedsHelper.get_embed_from_token", return_value={"result": "true"}, ): with impersonate(users.get_user("alice")): res = api.get(url_for("embeds.get_embed", token="mytoken")) assert res.status_code == 200
def test_create_role(self, user, status_code, api, app, impersonate): with app.test_request_context(): with impersonate(users.get_user(user)): res = api.post( url_for("settings.roles"), json={"role": {"name": "pytest"}} ) assert res.status_code == status_code, res.data if status_code == 201: assert db.session.query(Role).filter_by(name="pytest").one()
def test_login_audit_columns(self, app): with app.test_request_context(): alice = users.get_user("alice") login_count = alice.login_count login_user(alice) # time is frozen, so it should work assert alice.last_login_at == datetime.utcnow() assert alice.login_count == login_count + 1
def test_bootstrap(self, app, api, impersonate): with app.test_request_context(): with impersonate(users.get_user("alice")): res = api.get(url_for("security.bootstrap_app")) url = urllib.parse.urlparse(res.location) query = urllib.parse.parse_qs(url.query) assert res.status_code == 302 assert url.netloc == "localhost" assert query["auth_token"]
def test_plugins_add_authenticated(self, app, api, impersonate): with app.test_request_context(): with impersonate(users.get_user("alice")): res = api.post( url_for("plugins.add"), json={ "plugin_type": "extractors", "name": "tap-gitlab" }, ) assert res.status_code == 200 assert res.json["name"] == "tap-gitlab"
def test_unassign_role(self, user, status_code, api, app, impersonate): with app.test_request_context(): fake_role = users.find_or_create_role(name="pytest") empty_user = users.create_user(username="******") users.add_role_to_user(empty_user, fake_role) # save the new user + role db.session.commit() # make sure the setup is valid assert fake_role in empty_user.roles with impersonate(users.get_user(user)): res = api.delete( url_for("settings.roles"), json={"role": {"name": "pytest"}, "user": empty_user.username}, ) assert res.status_code == status_code, res.data if res.status_code == 201: # refresh the instance empty_user = users.get_user(empty_user.username) assert fake_role not in empty_user.roles
def test_create_embed_authenticated(self, app, api, impersonate): with app.test_request_context(): with mock.patch( "meltano.api.controllers.embeds", return_value={"result": "embedsnippet"}, ): with impersonate(users.get_user("alice")): res = api.post( url_for("embeds.embed"), json={ "resource_id": "test", "resource_type": "report" }, ) assert res.status_code == 200
def post(self): payload = request.get_json() role = payload["role"] user = payload.get("user") try: role_name = role.pop("name") role = users.find_or_create_role(role_name, **role) if user: user = users.get_user(user) users.add_role_to_user(user, role_name) except KeyError: return "role.name must be set.", 400 db.session.commit() return role, 201
def test_assign_role(self, user, status_code, api, app, impersonate): with app.test_request_context(): empty_user = users.create_user(username="******") # save the new user db.session.commit() with impersonate(users.get_user(user)): res = api.post( url_for("settings.roles"), json={"role": {"name": "pytest"}, "user": empty_user.username}, ) assert res.status_code == status_code, res.data if status_code == 201: db.session.add(empty_user) assert "pytest" in empty_user.roles
def test_delete_role(self, user, status_code, api, app, impersonate): with app.test_request_context(): fake_role = users.find_or_create_role(name="pytest") # save the new role db.session.commit() assert db.session.query(Role).filter_by(name="pytest").first() with impersonate(users.get_user(user)): res = api.delete( url_for("settings.roles"), json={"role": {"name": "pytest"}} ) assert res.status_code == status_code, res.data if res.status_code == 201: assert not db.session.query(Role).filter_by(name="pytest").first()