def init_user_organization(self, options):
# Make a new user so that we have the credentials to log the user in.
# We use a randomly generated password so that even if the script is
# run on a non-test system and the test database creation somehow
# fails, we haven't left a User in the database with insecure
# credentials. The password will be thrown away when this process
# terminates.
self.temporary_user_random_password = get_random_string(24)
self.user = User.objects.create(username="******".format(
get_random_string(6)),
email="*****@*****.**")
self.user.set_password(self.temporary_user_random_password)
self.user.save()
# Create a new Organization with the temporary user as the org's admin.
self.org = Organization.create(subdomain="test-screenshots-" +
get_random_string(6).lower(),
name=options['org_name'],
admin_user=self.user)
# Add AppSources specified by the user.
for spec in (options['app_source'] or []):
import json
from guidedmodules.models import AppSource
try:
src_spec = json.loads(spec)
if not isinstance(src_spec, dict): raise ValueError()
except ValueError as e:
raise ValueError(
"Invalid value for --app-source '{}': {}".format(spec, e))
app_source = AppSource.objects.create(slug=src_spec.get("slug")
or get_random_string(8),
spec=src_spec)
print("Created AppSource", app_source, "=>",
app_source.get_description())
def init_user_organization(self, options):
# Make a new user so that we have the credentials to log the user in.
# We use a randomly generated password so that even if the script is
# run on a non-test system and the test database creation somehow
# fails, we haven't left a User in the database with insecure
# credentials. The password will be thrown away when this process
# terminates.
self.temporary_user_random_password = get_random_string(24)
self.user = User.objects.create(
username="******".format(get_random_string(6)),
email="*****@*****.**")
self.user.set_password(self.temporary_user_random_password)
self.user.save()
# Create a new Organization with the temporary user as the org's admin.
self.org = Organization.create(
subdomain="test-screenshots-"+get_random_string(6).lower(),
name=options['org_name'],
admin_user=self.user)
# Add an AppSource if the user specified one.
if options['app_source']:
import json
from guidedmodules.models import AppSource
src_spec = json.loads(options['app_source'])
self.app_source = AppSource.objects.create(
slug=get_random_string(8),
spec=src_spec
)
def setUp(self):
super().setUp()
# Load modules from the fixtures directory so that we have the required
# modules as well as a test project.
from guidedmodules.models import AppSource
from guidedmodules.management.commands.load_modules import Command as load_modules
AppSource.objects.create(slug="fixture",
spec={
"type": "local",
"path": "fixtures/modules/other",
})
load_modules().handle()
# Create a default user that is a member of the organization.
self.user_pw = get_random_string(4)
self.user = User.objects.create(username="******")
self.user.set_password(self.user_pw)
self.user.save()
# Create the Organization.
org = Organization.create(name="Our Organization",
subdomain="testorg",
admin_user=self.user)
def setUp(self):
super().setUp()
# Load modules from the fixtures directory so that we have the required
# modules as well as a test project.
from guidedmodules.models import AppSource
from guidedmodules.management.commands.load_modules import Command as load_modules
load_modules().handle() # load system modules
AppSource.objects.create(
slug="fixture",
spec={
"type": "local",
"path": "fixtures/modules/other",
}
)\
.add_app_to_catalog("simple_project")
# Create a default user that is a member of the organization.
self.user_pw = get_random_string(4)
self.user = User.objects.create(username="******")
self.user.set_password(self.user_pw)
self.user.save()
# Create the Organization.
org = Organization.create(name="Our Organization",
slug="testorg",
admin_user=self.user)
# Create a Portfolio and Grant Access
portfolio = Portfolio.objects.create(title=self.user.username)
portfolio.assign_owner_permissions(self.user)
def setUp(self):
super().setUp()
# Set screen resolution
capabilities = {"resolution": "1920x1080"}
# Load modules from the fixtures directory so that we have the required
# modules as well as a test project.
from guidedmodules.models import AppSource
from guidedmodules.management.commands.load_modules import Command as load_modules
AppSource.objects.all().delete()
AppSource.objects.get_or_create(
# this one exists on first db load because it's created by
# migrations, but because the testing framework seems to
# get rid of it after the first test in this class
slug="system",
is_system_source=True,
defaults={
"spec": { # required system projects
"type": "local",
"path": "fixtures/modules/system",
}
}
)
load_modules().handle() # load system modules
AppSource.objects.create(
slug="project",
spec={
"type": "local",
"path": "fixtures/modules/other",
}
)\
.add_app_to_catalog("simple_project")
# Create a default user that is a member of the organization.
self.user_pw = get_random_string(4)
self.user = User.objects.create(username="******")
self.user.set_password(self.user_pw)
# Grant user permission to view appsource
self.user.user_permissions.add(
Permission.objects.get(codename='view_appsource'))
self.user.save()
# Grant user permission to view appsource
self.user.user_permissions.add(
Permission.objects.get(codename='view_appsource'))
# Create the Organization.
org = Organization.create(name="Our Organization",
slug="testorg",
admin_user=self.user)
# Create a Portfolio and Grant Access
portfolio = Portfolio.objects.create(title=self.user.username)
portfolio.assign_owner_permissions(self.user)
def create_fixture(self, options):
# Create a user.
user = User()
user.username = "******"
user.set_password("1234")
user.save()
# Create an organization.
org = Organization.create(name="Test Organization",
subdomain="test",
allowed_modules=options["projects"],
admin_user=user)
# All Module and ModuleQuestion instances that are needed.
# If the Module has questions that depend on other modules,
# include those in the fixture too, recursively.
modules = []
def add_module(m):
if m in modules: return
print(m, file=sys.stderr)
modules.append(m)
for mq in m.questions.all():
modules.append(mq)
if mq.answer_type_module:
add_module(mq.answer_type_module)
required_projects = [
"system/account_settings_project", "system/organization/app"
]
for prj_module_key in required_projects + options["projects"]:
try:
m = Module.objects.get(key=prj_module_key,
visible=True,
superseded_by=None)
except Module.DoesNotExist:
print("Invalid module ID", prj_module_key, file=sys.stderr)
return
add_module(m)
# Ok, save.
from django.core import serializers
print(
serializers.serialize(
"json",
[
user, org,
org.get_organization_project(),
org.get_organization_project().root_task, pm
] + modules,
indent=2))
def setUp(self):
super().setUp()
# Load the Q modules from the fixtures directory.
from guidedmodules.models import AppSource
from guidedmodules.management.commands.load_modules import Command as load_modules
AppSource.objects.all().delete()
AppSource.objects.get_or_create(
# this one exists on first db load because it's created by
# migrations, but because the testing framework seems to
# get rid of it after the first test in this class
slug="system",
is_system_source=True,
defaults={
"spec": { # required system projects
"type": "local",
"path": "fixtures/modules/system",
}
}
)
AppSource.objects.create(
slug="project",
spec={ # contains a test project
"type": "local",
"path": "fixtures/modules/other",
},
trust_assets=True
)
load_modules().handle()
# Create a default user that is a member of the organization.
# Log the user into the test client, which is used for API
# tests. The Selenium tests require a separate log in via the
# headless browser.
from siteapp.models import User, ProjectMembership
self.user = User.objects.create(username="******",
email="*****@*****.**")
self.user.clear_password = get_random_string(16)
self.user.set_password(self.user.clear_password)
self.user.save()
self.user.reset_api_keys()
self.client.login(username=self.user.username,
password=self.user.clear_password)
# Create the Organization.
from siteapp.models import Organization
self.org = Organization.create(name="Our Organization",
subdomain="testorg",
admin_user=self.user)
# Grant the user permission to change the review state of answers.
self.org.reviewers.add(self.user)
def handle(self, *args, **options):
# Create the first user.
if not User.objects.filter(is_superuser=True).exists():
print(
"Let's create your first Q user. This user will have superuser privileges in the Q administrative interface."
)
call_command('createsuperuser')
# Create the first organization.
if not Organization.objects.exists():
print("Let's create your Q organization.")
name = Organization._meta.get_field("name")
get_input = createsuperuser.Command().get_input_data
name = get_input(name, "Organization Name: ", "Test Organization")
org = Organization.create(
name=name,
subdomain="main",
admin_user=User.objects.filter(is_superuser=True).first())
def get_compliance_apps_catalog_for_user(user):
# Each organization that the user is in sees a different set of compliance
# apps. Since a user may be a member of multiple organizations, merge the
# catalogs across all of the organizations they are a member of, but
# remember which organizations generated which apps.
from siteapp.models import Organization
catalog = {}
for org in Organization.get_all_readable_by(user):
apps = get_compliance_apps_catalog(org, user.id)
for app in apps:
# Add to merged catalog.
catalog.setdefault(app['key'], app)
# Merge organization list.
catalog[app["key"]]["organizations"].add(org)
# Turn the organization sets into a list because the templates use |first.
catalog = catalog.values()
for app in catalog:
# print("\n\n app",app)
app["organizations"] = sorted(app["organizations"],
key=lambda org: org.name)
return catalog
is_superuser=True,
is_staff=True)
password = User.objects.make_random_password(length=24)
user.set_password(password)
user.save()
print("Username:"******"Password:"******"API Key:", user.get_api_keys()['rw'])
# Set up a new Organization and make the user an admin of it.
#############################################################
print("Creating default organization...")
org = Organization.objects.filter(subdomain="main").first()
if not org:
org = Organization.create(name='Dept of Sobriety',
subdomain="main",
admin_user=user)
# Fill in this user's account profile in this organization.
###########################################################
user_profile = user.get_settings_task(org)
user_profile_name, _ = TaskAnswer.objects.get_or_create(
task=user_profile, question=user_profile.module.questions.get(key="name"))
user_profile_name.save_answer("Security Engineer", [], None, user, "web")
# Add an AppSource that holds the demonstration compliance apps.
################################################################
print("Adding TACR Demo Apps...")
appsrc, is_new = AppSource.objects.get_or_create(namespace="demo")
appsrc.spec = {
'type': "git",
def setUp(self):
super().setUp()
# Load the Q modules from the fixtures directory.
from guidedmodules.models import AppSource
from guidedmodules.management.commands.load_modules import Command as load_modules
AppSource.objects.all().delete()
AppSource.objects.get_or_create(
# this one exists on first db load because it's created by
# migrations, but because the testing framework seems to
# get rid of it after the first test in this class
slug="system",
is_system_source=True,
defaults={
"spec": { # required system projects
"type": "local",
"path": "fixtures/modules/system",
}
}
)
load_modules().handle() # load system modules
AppSource.objects.create(
slug="project",
spec={ # contains a test project
"type": "local",
"path": "fixtures/modules/other",
},
trust_assets=True
)\
.add_app_to_catalog("simple_project")
# Create a default user that is a member of the organization.
# Log the user into the test client, which is used for API
# tests. The Selenium tests require a separate log in via the
# headless browser.
self.user = User.objects.create(
username="******",
email="*****@*****.**",
is_staff=True
)
self.user.clear_password = get_random_string(16)
self.user.set_password(self.user.clear_password)
self.user.save()
self.user.reset_api_keys()
self.client.login(username=self.user.username, password=self.user.clear_password)
# Create a Portfolio and Grant Access
portfolio = Portfolio.objects.create(title=self.user.username)
portfolio.assign_owner_permissions(self.user)
# Create the Organization.
self.org = Organization.create(name="Our Organization", slug="testorg",
admin_user=self.user)
# Grant the user permission to change the review state of answers.
self.org.reviewers.add(self.user)
# create a second user
self.user2 = User.objects.create(
username="******",
email="*****@*****.**")
self.user2.clear_password = get_random_string(16)
self.user2.set_password(self.user2.clear_password)
self.user2.save()
self.user2.reset_api_keys()
self.client.login(username=self.user2.username, password=self.user2.clear_password)
portfolio = Portfolio.objects.create(title=self.user2.username)
portfolio.assign_owner_permissions(self.user2)
# create a third user
self.user3 = User.objects.create(
username="******",
email="*****@*****.**")
self.user3.clear_password = get_random_string(16)
self.user3.set_password(self.user3.clear_password)
self.user3.save()
self.user3.reset_api_keys()
self.client.login(username=self.user3.username, password=self.user3.clear_password)
portfolio = Portfolio.objects.create(title=self.user3.username)
portfolio.assign_owner_permissions(self.user3)
# Grant second user membership in the organization
# from https://github.com/GovReady/govready-q/blob/master/siteapp/admin.py#L41
mb, isnew = ProjectMembership.objects.get_or_create(
user=self.user2,
project=self.org.get_organization_project(),
)
def test_organizational_parameters_via_project(self):
# for this test, we need a Project, System, and Organization
# REMIND: it would be nice to refactor all this setup code so
# it could be easily reused ...
from guidedmodules.models import AppSource
from guidedmodules.management.commands.load_modules import Command as load_modules
AppSource.objects.all().delete()
AppSource.objects.get_or_create(
slug="system",
is_system_source=True,
defaults={
"spec": { # required system projects
"type": "local",
"path": "fixtures/modules/system",
}
}
)
load_modules().handle() # load system modules
AppSource.objects.create(
slug="project",
spec={ # contains a test project
"type": "local",
"path": "fixtures/modules/other",
},
trust_assets=True
)\
.add_app_to_catalog("simple_project")
user = User.objects.create(
username="******",
email="*****@*****.**",
is_staff=True
)
org = Organization.create(name="Our Organization", slug="testorg",
admin_user=user)
root_element = Element(name="My Root Element",
description="Description of my root element")
root_element.save()
system = System()
system.root_element = root_element
system.save()
project = org.get_organization_project()
project.system = system
project.save()
parameter_values = project.get_parameter_values(Catalogs.NIST_SP_800_53_rev4)
self.assertEquals(parameter_values["ac-1_prm_2"], "at least every 3 years")
# now, add an organizational setting and try again
OrganizationalSetting.objects.create(organization=org,
catalog_key=Catalogs.NIST_SP_800_53_rev4,
parameter_key="ac-1_prm_2",
value="at least every 100 years")
# we should now see the organizational setting override
parameter_values = project.get_parameter_values(Catalogs.NIST_SP_800_53_rev4)
self.assertEquals(parameter_values["ac-1_prm_2"], "at least every 100 years")
def handle(self, *args, **options):
# Sanity check that the database is available and ready --- make sure the system
# modules exist (since we need them before creating an Organization).
# Also useful in container deployments to make sure container fully deployed.
try:
if not Module.objects.filter(app__source__is_system_source=True,
app__appname="organization",
app__system_app=True,
module_name="app").exists():
raise OperationalError() # to trigger below
except OperationalError:
print("The database is not initialized yet.")
sys.exit(1)
# Create AppSources that we want.
if os.path.exists("/mnt/q-files-host"):
# For our docker image.
AppSource.objects.get_or_create(slug="host",
defaults={
"spec": {
"type": "local",
"path": "/mnt/q-files-host"
}
})
# Second, for 0.9.x startpack
# We can use forward slashes because we are storing the path in the database
# and the path will be applied correctly to the operating OS.
qfiles_path = 'q-files/vendors/govready/govready-q-files-startpack/q-files'
if os.path.exists(qfiles_path):
# For 0.9.x+.
AppSource.objects.get_or_create(
slug="govready-q-files-startpack",
defaults={"spec": {
"type": "local",
"path": qfiles_path
}})
# Load the AppSource's assessments (apps) we want
# We will do some hard-coding here temporarily
created_appsource = AppSource.objects.get(
slug="govready-q-files-startpack")
for appname in [
"System-Description-Demo", "PTA-Demo", "rules-of-behavior"
]:
print("Adding appname '{}' from AppSource '{}' to catalog.".
format(appname, created_appsource))
try:
appver = created_appsource.add_app_to_catalog(appname)
except Exception as e:
raise
# Finally, for authoring, create an AppSource to the stub file
qfiles_path = 'guidedmodules/stubs/q-files'
if os.path.exists(qfiles_path):
# For 0.9.x+.
AppSource.objects.get_or_create(
slug="govready-q-files-stubs",
defaults={"spec": {
"type": "local",
"path": qfiles_path
}})
print("Adding AppSource for authoring.")
# Create GovReady admin users, if specified in local/environment.json
if len(settings.GOVREADY_ADMINS):
for admin_user in settings.GOVREADY_ADMINS:
username = admin_user["username"]
if not User.objects.filter(username=username).exists():
user = User.objects.create(username=username,
is_superuser=True,
is_staff=True)
user.set_password(admin_user["password"])
user.email = admin_user["email"]
user.save()
print(
"Created administrator account: username '{}' with email '{}'."
.format(user.username, user.email))
else:
print(
"\n[WARNING] Skipping create admin account '{}' - username already exists.\n"
.format(username))
# Create the first user.
if not User.objects.filter(is_superuser=True).exists():
if not options['non_interactive']:
print(
"Let's create your first Q user. This user will have superuser privileges in the Q administrative interface."
)
call_command('createsuperuser')
else:
# Create an "admin" account with a random pwd and
# print it on stdout.
user = User.objects.create(username="******",
is_superuser=True,
is_staff=True)
password = User.objects.make_random_password(length=24)
user.set_password(password)
user.save()
print(
"Created administrator account (username: {}) with password: {}"
.format(user.username, password))
# Get the admin user - it was just created and should be the only admin user.
user = User.objects.filter(is_superuser=True).get()
# Create the first portfolio
portfolio = Portfolio.objects.create(title=user.username)
portfolio.assign_owner_permissions(user)
print("Created administrator portfolio {}".format(portfolio.title))
else:
# One or more superusers already exist
print(
"\n[WARNING] Superuser(s) already exist, not creating default admin superuser. Did you specify 'govready_admins' in 'local/environment.json'? Are you connecting to a persistent database?\n"
)
# Create the first organization.
if not Organization.objects.filter(slug="main").exists():
if not options['non_interactive']:
print("Let's create your organization.")
name = Organization._meta.get_field("name")
get_input = createsuperuser.Command().get_input_data
name = get_input(name, "Organization name: ",
"My Organization")
else:
name = "The Secure Organization"
org = Organization.create(name=name, slug="main", admin_user=user)
else:
org = Organization.objects.get(slug="main")
# Add the user to the org's help squad and reviewers lists.
try:
user
except NameError:
print("[WARNING] Admin already added to Help Squad and Reviewers")
else:
if user not in org.help_squad.all(): org.help_squad.add(user)
if user not in org.reviewers.all(): org.reviewers.add(user)
# Provide feedback to user
print("You can now login into GovReady-Q...")
def handle(self, *args, **options):
# Sanity check that the database is ready --- make sure the system
# modules exist (since we need them before creating an Organization).
try:
if not Module.objects.filter(app__source__is_system_source=True,
app__appname="organization",
app__system_app=True,
module_name="app").exists():
raise OperationalError() # to trigger below
except OperationalError:
print("The database is not initialized yet.")
sys.exit(1)
# Create AppSources that we want.
if os.path.exists("/mnt/apps"):
# For our docker image.
AppSource.objects.get_or_create(
slug="host",
defaults={"spec": {
"type": "local",
"path": "/mnt/apps"
}})
AppSource.objects.get_or_create(
slug="samples",
defaults={
"spec": {
"type": "git",
"url": "https://github.com/GovReady/govready-sample-apps"
}
})
# Create the first user.
if not User.objects.filter(is_superuser=True).exists():
if not options['non_interactive']:
print(
"Let's create your first Q user. This user will have superuser privileges in the Q administrative interface."
)
call_command('createsuperuser')
else:
# Create an "admin" account with a random password and
# print it on stdout.
user = User.objects.create(username="******",
is_superuser=True,
is_staff=True)
password = User.objects.make_random_password(length=24)
user.set_password(password)
user.save()
print(
"Created administrator account (username: {}) with password: {}"
.format(user.username, password))
# Get the admin user - it was just created and should be the only admin user.
user = User.objects.filter(is_superuser=True).get()
# Create the first organization.
if not Organization.objects.filter(subdomain="main").exists():
if not options['non_interactive']:
print("Let's create your Q organization.")
name = Organization._meta.get_field("name")
get_input = createsuperuser.Command().get_input_data
name = get_input(name, "Organization Name: ",
"Test Organization")
else:
name = "The Secure Company"
org = Organization.create(name=name,
subdomain="main",
admin_user=user)
else:
org = Organization.objects.get(subdomain="main")
# Add the user to the org's help squad and reviewers lists.
if user not in org.help_squad.all(): org.help_squad.add(user)
if user not in org.reviewers.all(): org.reviewers.add(user)
