예제 #1
0
    def decline_test(self):
        ns_inv_data = self.ns_inv_data
        test_ns = Nodespace.get_existing_nodespace(PGDB_TEST, TestData.NODESPACE_1["nodespace_name"])
        admin_user = User.get_existing_user_by_email(PGDB_TEST, TestData.USER_ADMIN["email_addr"])
        ns_inv_data["nodespace_id"] = test_ns.nodespace_id
        ns_inv_data["creator"] = admin_user.user_id

        with AutoRollbackTransaction() as test_trans:
            ns_invitation = NodespaceInvitation.create_new_invitation(
                PGDB_TEST,
                ns_inv_data["nodespace_invitation_code"],
                ns_inv_data["invitee_email_addr"],
                ns_inv_data["nodespace_id"],
                ns_inv_data["initial_nodespace_privileges"],
                ns_inv_data["invitation_msg"],
                ns_inv_data["creator"],
            )

            decision_date_lb = DateTimeUtil.datetime_now_utc_aware()
            ns_invitation.decline_invitation(PGDB_TEST)
            ns_invitation = NodespaceInvitation.get_existing_invitation(
                PGDB_TEST, ns_inv_data["nodespace_invitation_code"]
            )
            assert ns_invitation.was_accepted == False
            assert decision_date_lb <= ns_invitation.decision_date <= DateTimeUtil.datetime_now_utc_aware()
예제 #2
0
def NodespacePrivilegeChecker_tests():
    ns_inv_data = TestData.NS_INV_HORATIO
    test_ns = Nodespace.get_existing_nodespace(PGDB_TEST, TestData.NODESPACE_1["nodespace_name"])
    admin_user = User.get_existing_user_by_email(PGDB_TEST, TestData.USER_ADMIN["email_addr"])

    ns_inv_data["nodespace_id"] = test_ns.nodespace_id
    ns_inv_data["creator"] = admin_user.user_id

    with AutoRollbackTransaction() as test_trans:
        ns_invitation = NodespaceInvitation.create_new_invitation(
            PGDB_TEST,
            ns_inv_data["nodespace_invitation_code"],
            ns_inv_data["invitee_email_addr"],
            ns_inv_data["nodespace_id"],
            ns_inv_data["initial_nodespace_privileges"],
            ns_inv_data["invitation_msg"],
            ns_inv_data["creator"],
        )
        new_user = ns_invitation.create_user_and_accept_invitation(
            DB_TUPLE_PT_NM,
            ns_inv_data["invitee_username"],
            ns_inv_data["invitee_password"],
            ns_inv_data["invitee_user_statement"],
        )
        assert not NodespacePrivilegeChecker.is_allowed_to_do(
            DB_TUPLE_PT_NM, NodespacePrivilegeChecker.ALTER_NODESPACE_ACCESS_ACTION, test_ns, new_user, False
        )
예제 #3
0
    def accept_test(self):
        ns_inv_data = self.ns_inv_data
        test_ns = Nodespace.get_existing_nodespace(PGDB_TEST, TestData.NODESPACE_1["nodespace_name"])
        admin_user = User.get_existing_user_by_email(PGDB_TEST, TestData.USER_ADMIN["email_addr"])
        ns_inv_data["nodespace_id"] = test_ns.nodespace_id
        ns_inv_data["creator"] = admin_user.user_id

        with AutoRollbackTransaction() as test_trans:
            ns_invitation = NodespaceInvitation.create_new_invitation(
                PGDB_TEST,
                ns_inv_data["nodespace_invitation_code"],
                ns_inv_data["invitee_email_addr"],
                ns_inv_data["nodespace_id"],
                ns_inv_data["initial_nodespace_privileges"],
                ns_inv_data["invitation_msg"],
                ns_inv_data["creator"],
            )
            ns_inv_data["nodespace_invitation_id"] = ns_invitation.nodespace_invitation_id
            ns_inv_data["nodespace_invitation_code"] = ns_invitation.nodespace_invitation_code

            assert ns_inv_data["nodespace_invitation_code"] is not None
            for field_name in NodespaceInvitation.FIELD_NAMES:
                if field_name not in ["creation_date"]:
                    assert ns_inv_data[field_name] == vars(ns_invitation)[field_name]

            ns_invitation = NodespaceInvitation.get_existing_invitation(
                PGDB_TEST, ns_inv_data["nodespace_invitation_code"]
            )

            for field_name in NodespaceInvitation.FIELD_NAMES:
                if field_name not in ["creation_date"]:
                    assert ns_inv_data[field_name] == vars(ns_invitation)[field_name]

            decision_date_lb = DateTimeUtil.datetime_now_utc_aware()
            ns_invitation.create_user_and_accept_invitation(
                DB_TUPLE_PT_NM,
                ns_inv_data["invitee_username"],
                ns_inv_data["invitee_password"],
                ns_inv_data["invitee_user_statement"],
            )
            assert ns_invitation.was_accepted == True
            assert decision_date_lb <= ns_invitation.decision_date <= DateTimeUtil.datetime_now_utc_aware()

            new_user = User.get_existing_user_by_email(PGDB_TEST, ns_inv_data["invitee_email_addr"])
            assert new_user.user_id == ns_invitation.user_id
            assert new_user.check_password(ns_inv_data["invitee_password"]) == True
예제 #4
0
def setup_test_pgdb():
    # create the first user if they don't already exist
    admin_user = User.get_existing_user_by_email(PGDB_TEST, TestData.USER_ADMIN["email_addr"])
    if admin_user is None:
        admin_data = TestData.USER_ADMIN
        admin_user = User.create_new_user(
            DB_TUPLE_TEST,
            admin_data["email_addr"],
            admin_data["username"],
            admin_data["cleartext_password"],
            admin_data["user_statement"],
            admin_data["is_enabled"],
            admin_data["metaspace_privileges"],
            admin_data["creator"],
        )
        ns_data = TestData.NODESPACE_1
        Nodespace.create_new_nodespace(
            DB_TUPLE_TEST, ns_data["nodespace_name"], ns_data["nodespace_description"], admin_user.user_id
        )
예제 #5
0
def Nodespace_test():
    ns_data = TestData.NS_ARSFT
    admin_user = User.get_existing_user_by_email(PGDB_TEST, TestData.USER_ADMIN["email_addr"])
    ns_data["creator"] = admin_user.user_id

    with AutoRollbackTransaction() as test_trans:
        ns = Nodespace.create_new_nodespace(
            DB_TUPLE_PT_NM, ns_data["nodespace_name"], ns_data["nodespace_description"], ns_data["creator"]
        )
        ns_data["nodespace_id"] = ns.nodespace_id

        for field_name in Nodespace.FIELD_NAMES:
            if field_name not in ["creation_date"]:
                assert ns_data[field_name] == vars(ns)[field_name]

        ns = Nodespace.get_existing_nodespace(PGDB_TEST, ns_data["nodespace_name"])

        for field_name in Nodespace.FIELD_NAMES:
            if field_name not in ["creation_date"]:
                assert ns_data[field_name] == vars(ns)[field_name]

        assert Nodespace.is_valid_nodespace_name("_named_like-a-private-pyth0n-var")
        assert not Nodespace.is_valid_nodespace_name("")
예제 #6
0
    def accept_test(self):
        ms_inv_data = self.ms_inv_data
        admin_user = User.get_existing_user_by_email(PGDB_TEST, TestData.USER_ADMIN["email_addr"])
        ms_inv_data["creator"] = admin_user.user_id

        with AutoRollbackTransaction() as test_trans:
            creation_date_lb = DateTimeUtil.datetime_now_utc_aware()
            ms_invitation = MetaspaceInvitation.create_new_invitation(
                PGDB_TEST,
                ms_inv_data["metaspace_invitation_code"],
                ms_inv_data["invitee_email_addr"],
                ms_inv_data["initial_metaspace_privileges"],
                ms_inv_data["invitation_msg"],
                ms_inv_data["creator"],
            )
            creation_date_ub = DateTimeUtil.datetime_now_utc_aware()
            ms_inv_data["metaspace_invitation_id"] = ms_invitation.metaspace_invitation_id
            ms_inv_data["metaspace_invitation_code"] = ms_invitation.metaspace_invitation_code

            assert creation_date_lb <= ms_invitation.creation_date <= creation_date_ub
            assert ms_inv_data["metaspace_invitation_code"] is not None
            for field_name in MetaspaceInvitation.FIELD_NAMES:
                if field_name not in ["creation_date"]:
                    assert ms_inv_data[field_name] == vars(ms_invitation)[field_name]

            ms_invitation = MetaspaceInvitation.get_existing_invitation(
                PGDB_TEST, ms_inv_data["metaspace_invitation_code"]
            )

            for field_name in MetaspaceInvitation.FIELD_NAMES:
                if field_name not in ["creation_date"]:
                    assert ms_inv_data[field_name] == vars(ms_invitation)[field_name]

            decision_date_lb = DateTimeUtil.datetime_now_utc_aware()
            ms_invitation.create_user_and_accept_invitation(DB_TUPLE_PT_NM, "jasper", "passw0rd", "no comment")
            assert ms_invitation.was_accepted
            assert decision_date_lb <= ms_invitation.decision_date <= DateTimeUtil.datetime_now_utc_aware()
예제 #7
0
    def decline_test(self):
        ms_inv_data = self.ms_inv_data
        admin_user = User.get_existing_user_by_email(PGDB_TEST, TestData.USER_ADMIN["email_addr"])
        ms_inv_data["creator"] = admin_user.user_id

        with AutoRollbackTransaction() as test_trans:
            ms_invitation = MetaspaceInvitation.create_new_invitation(
                PGDB_TEST,
                ms_inv_data["metaspace_invitation_code"],
                ms_inv_data["invitee_email_addr"],
                ms_inv_data["initial_metaspace_privileges"],
                ms_inv_data["invitation_msg"],
                ms_inv_data["creator"],
            )

            decision_date_lb = DateTimeUtil.datetime_now_utc_aware()
            ms_invitation.decline_invitation(PGDB_TEST)
            assert not ms_invitation.was_accepted
            assert decision_date_lb <= ms_invitation.decision_date <= DateTimeUtil.datetime_now_utc_aware()

            ms_invitation = MetaspaceInvitation.get_existing_invitation(
                PGDB_TEST, ms_inv_data["metaspace_invitation_code"]
            )
            assert not ms_invitation.was_accepted
예제 #8
0
def MetaspaceSession_tests():
    user = User.get_existing_user_by_email(PGDB_TEST, TestData.USER_ADMIN["email_addr"])

    with AutoRollbackTransaction() as test_trans:
        creation_date_lb = DateTimeUtil.datetime_now_utc_aware()
        ms_session = MetaspaceSession.create_new_session(PGDB_TEST, user.user_id)
        creation_date_ub = DateTimeUtil.datetime_now_utc_aware()
        assert user.user_id == ms_session.user_id
        assert ms_session.is_session_valid()
        assert creation_date_lb <= ms_session.creation_date <= creation_date_ub

        last_visit_lb = DateTimeUtil.datetime_now_utc_aware()
        ms_session.touch_session(PGDB_TEST)
        last_visit_ub = DateTimeUtil.datetime_now_utc_aware()
        assert last_visit_lb <= ms_session.last_visit <= last_visit_ub

        ms_session = MetaspaceSession.get_existing_session(PGDB_TEST, ms_session.metaspace_session_id)
        assert user.user_id == ms_session.user_id
        assert ms_session.is_session_valid()
        assert creation_date_lb <= ms_session.creation_date <= creation_date_ub
        assert last_visit_lb <= ms_session.last_visit <= last_visit_ub

        # fake session expiry for idle time being exceeded
        old_ms_session_id = ms_session.metaspace_session_id
        upd_params = {
            "last_visit": web.SQLLiteral(
                "last_visit - (interval '%i seconds')" % (MetaspaceSession.MAX_SESSION_IDLE_TIME + 60)
            )
        }
        PGDB_TEST.update(
            MetaspaceSession.TABLE_NAME,
            where="metaspace_session_id = $metaspace_session_id",
            vars={"metaspace_session_id": ms_session.metaspace_session_id},
            **upd_params
        )
        ms_session = MetaspaceSession.get_existing_session(PGDB_TEST, ms_session.metaspace_session_id)
        assert not ms_session.is_session_valid()

        # force create a new session and see that it has the correct info
        creation_date_lb = DateTimeUtil.datetime_now_utc_aware()
        ms_session = MetaspaceSession.force_create_new_session(PGDB_TEST, user.user_id)
        creation_date_ub = DateTimeUtil.datetime_now_utc_aware()
        # there is actually a fleeting chance of the same session id, but it's exceedingly unlikely
        assert ms_session.metaspace_session_id != old_ms_session_id
        assert user.user_id == ms_session.user_id
        assert ms_session.is_session_valid()
        assert creation_date_lb <= ms_session.creation_date <= creation_date_ub

        # fake session expiry for overall age
        upd_params = {
            "creation_date": web.SQLLiteral(
                "creation_date - (interval '%i seconds')" % (MetaspaceSession.MAX_SESSION_AGE + 60)
            )
        }
        PGDB_TEST.update(
            MetaspaceSession.TABLE_NAME,
            where="metaspace_session_id = $metaspace_session_id",
            vars={"metaspace_session_id": ms_session.metaspace_session_id},
            **upd_params
        )
        ms_session = MetaspaceSession.get_existing_session(PGDB_TEST, ms_session.metaspace_session_id)
        assert not ms_session.is_session_valid()

        # test killing the expired session, which should blank out the existing object and remove the session from the db
        old_ms_session_id = ms_session.metaspace_session_id
        ms_session.kill_session(PGDB_TEST)
        assert ms_session.metaspace_session_id is None
        assert MetaspaceSession.get_existing_session(PGDB_TEST, old_ms_session_id) is None
예제 #9
0
def MetaspacePrivilegeChecker_tests():
    super_user = User()
    super_user.user_id = -1
    super_user.metaspace_privileges = MetaspacePrivilegeSet.create_from_list_of_strings([MetaspacePrivilegeSet.SUPER])
    user_creator_user = User()
    user_creator_user.user_id = -2
    user_creator_user.metaspace_privileges = MetaspacePrivilegeSet.create_from_list_of_strings(
        [MetaspacePrivilegeSet.CREATE_USER]
    )
    space_creator_user = User()
    space_creator_user.user_id = -3
    space_creator_user.metaspace_privileges = MetaspacePrivilegeSet.create_from_list_of_strings(
        [MetaspacePrivilegeSet.CREATE_SPACE]
    )
    target_user = User()
    target_user.user_id = -4
    target_user.metaspace_privileges = MetaspacePrivilegeSet()

    for temp_user in [super_user, user_creator_user, space_creator_user, target_user]:
        setattr(temp_user, "email_addr", "*****@*****.**" % temp_user.user_id)

    assert MetaspacePrivilegeChecker.is_allowed_to_do(
        DB_TUPLE_PT_NM, MetaspacePrivilegeChecker.CREATE_USER_ACTION, None, super_user
    )
    assert MetaspacePrivilegeChecker.is_allowed_to_do(
        DB_TUPLE_PT_NM, MetaspacePrivilegeChecker.CREATE_USER_ACTION, None, user_creator_user
    )
    assert MetaspacePrivilegeChecker.is_allowed_to_do(
        DB_TUPLE_PT_NM, MetaspacePrivilegeChecker.ALTER_USER_INFO_ACTION, target_user, super_user
    )
    assert MetaspacePrivilegeChecker.is_allowed_to_do(
        DB_TUPLE_PT_NM, MetaspacePrivilegeChecker.ALTER_USER_INFO_ACTION, target_user, target_user
    )
    assert not MetaspacePrivilegeChecker.is_allowed_to_do(
        DB_TUPLE_PT_NM, MetaspacePrivilegeChecker.ALTER_USER_INFO_ACTION, target_user, user_creator_user, False
    )
    assert not MetaspacePrivilegeChecker.is_allowed_to_do(
        DB_TUPLE_PT_NM, MetaspacePrivilegeChecker.ALTER_USER_ACCESS_ACTION, target_user, user_creator_user, False
    )
    assert not MetaspacePrivilegeChecker.is_allowed_to_do(
        DB_TUPLE_PT_NM, MetaspacePrivilegeChecker.CREATE_USER_ACTION, None, space_creator_user, False
    )
    with AssertExceptionThrown(PrivilegeChecker.InsufficientPrivilegesException):
        MetaspacePrivilegeChecker.is_allowed_to_do(
            DB_TUPLE_PT_NM, MetaspacePrivilegeChecker.CREATE_USER_ACTION, None, space_creator_user
        )
    assert MetaspacePrivilegeChecker.is_allowed_to_do(
        DB_TUPLE_PT_NM, MetaspacePrivilegeChecker.CREATE_SPACE_ACTION, None, space_creator_user
    )
예제 #10
0
def User_create_and_retrieve_test():
    hans_data = TestData.USER_HANS
    admin_user = User.get_existing_user_by_email(PGDB_TEST, TestData.USER_ADMIN["email_addr"])
    hans_data["creator"] = admin_user.user_id

    with AutoRollbackTransaction() as test_trans:
        creation_date_lb = DateTimeUtil.datetime_now_utc_aware()
        hans = User.create_new_user(
            DB_TUPLE_PT_NM,
            hans_data["email_addr"],
            hans_data["username"],
            hans_data["cleartext_password"],
            hans_data["user_statement"],
            hans_data["is_enabled"],
            hans_data["metaspace_privileges"],
            hans_data["creator"],
        )
        creation_date_ub = DateTimeUtil.datetime_now_utc_aware()

        hans_data["user_id"] = hans.user_id
        hans_data["encrypted_password"] = hans.encrypted_password

        assert creation_date_lb <= hans.creation_date <= creation_date_ub
        for field_name in User.FIELD_NAMES:
            if field_name not in ["creation_date"]:
                assert hans_data[field_name] == vars(hans)[field_name]
        assert hans.check_password(hans_data["cleartext_password"]) == True
        assert hans.check_password(hans_data["new_cleartext_password"]) == False

        hans_data["old_encrypted_password"] = hans_data["encrypted_password"]
        hans_data["modifier"] = hans_data["creator"]
        hans.set_and_save_user_info(
            PGDB_TEST,
            hans_data["new_username"],
            hans_data["new_email_addr"],
            hans_data["new_user_statement"],
            hans_data["modifier"],
        )
        modification_date_lb = DateTimeUtil.datetime_now_utc_aware()
        hans.set_and_save_metaspace_access(
            PGDB_TEST, hans_data["new_is_enabled"], hans_data["new_metaspace_privileges"], hans_data["modifier"]
        )
        hans.set_and_save_encrypted_password(PGDB_TEST, hans_data["new_cleartext_password"], hans_data["modifier"])
        modification_date_ub = DateTimeUtil.datetime_now_utc_aware()

        hans = User.get_existing_user_by_email(PGDB_TEST, hans_data["new_email_addr"])
        hans_data["encrypted_password"] = hans.encrypted_password

        hans_by_id = User.get_existing_user_by_id(PGDB_TEST, hans.user_id)
        for field_name in User.FIELD_NAMES:
            assert getattr(hans, field_name) == getattr(hans_by_id, field_name)

        assert modification_date_lb <= hans.modification_date <= modification_date_ub
        assert hans.username == hans_data["new_username"]
        assert hans.email_addr == hans_data["new_email_addr"]
        assert hans.user_statement == hans_data["new_user_statement"]
        assert hans.metaspace_privileges == hans_data["new_metaspace_privileges"]
        assert hans.modifier == hans_data["modifier"]
        assert hans.check_password(hans_data["new_cleartext_password"]) == True
        assert hans.check_password(hans_data["cleartext_password"]) == False
        assert hans_data["encrypted_password"] != hans_data["old_encrypted_password"]

        latest_pw_chg_audit_entry = PasswordChangeAuditEntry.get_audit_log_entries_for_user(PGDB_TEST, hans.user_id)[0]
        latest_ms_priv_audit_entry = MetaspacePrivilegeAuditEntry.get_audit_log_entries_for_user(
            PGDB_TEST, hans.user_id
        )[0]

        assert latest_pw_chg_audit_entry.updated_user == hans.user_id
        assert latest_pw_chg_audit_entry.updating_user == hans.modifier
        assert modification_date_lb <= latest_pw_chg_audit_entry.passwd_chg_date <= modification_date_ub
        assert latest_ms_priv_audit_entry.updated_user == hans.user_id
        assert latest_ms_priv_audit_entry.updating_user == hans.modifier
        assert latest_ms_priv_audit_entry.new_privileges == hans.metaspace_privileges
        assert modification_date_lb <= latest_ms_priv_audit_entry.ms_priv_chg_date <= modification_date_ub

    # the following lines are more testing AutoRollbackTransaction
    hans = User.get_existing_user_by_email(PGDB_TEST, hans_data["email_addr"])
    assert hans == None
    hans = User.get_existing_user_by_email(PGDB_TEST, hans_data["new_email_addr"])
    assert hans == None