def test_ensure_home_directory():
raise SkipTest
reset_all_users()
reset_all_groups()
useradmin.conf.PASSWORD_POLICY.IS_ENABLED.set_for_testing(False)
reset_password_policy()
# Cluster and client for home directory creation
cluster = pseudo_hdfs4.shared_cluster()
c = make_logged_in_client(cluster.superuser, is_superuser=True, groupname='test1')
cluster.fs.setuser(cluster.superuser)
# Create a user with a home directory
assert_false(cluster.fs.exists('/user/test1'))
response = c.post('/useradmin/users/new', dict(username="******", password1='test', password2='test', ensure_home_directory=True))
assert_true(cluster.fs.exists('/user/test1'))
dir_stat = cluster.fs.stats('/user/test1')
assert_equal('test1', dir_stat.user)
assert_equal('test1', dir_stat.group)
assert_equal('40755', '%o' % dir_stat.mode)
# Create a user, then add their home directory
assert_false(cluster.fs.exists('/user/test2'))
response = c.post('/useradmin/users/new', dict(username="******", password1='test', password2='test'))
assert_false(cluster.fs.exists('/user/test2'))
response = c.post('/useradmin/users/edit/%s' % "test2", dict(username="******", password1='test', password2='test', password_old="test", ensure_home_directory=True))
assert_true(cluster.fs.exists('/user/test2'))
dir_stat = cluster.fs.stats('/user/test2')
assert_equal('test2', dir_stat.user)
assert_equal('test2', dir_stat.group)
assert_equal('40755', '%o' % dir_stat.mode)
def test_ensure_home_directory():
raise SkipTest
reset_all_users()
reset_all_groups()
useradmin.conf.PASSWORD_POLICY.IS_ENABLED.set_for_testing(False)
reset_password_policy()
# Cluster and client for home directory creation
cluster = pseudo_hdfs4.shared_cluster()
c = make_logged_in_client(cluster.superuser, is_superuser=True, groupname='test1')
cluster.fs.setuser(cluster.superuser)
# Create a user with a home directory
assert_false(cluster.fs.exists('/user/test1'))
response = c.post('/useradmin/users/new', dict(username="******", password1='test', password2='test', ensure_home_directory=True))
assert_true(cluster.fs.exists('/user/test1'))
dir_stat = cluster.fs.stats('/user/test1')
assert_equal('test1', dir_stat.user)
assert_equal('test1', dir_stat.group)
assert_equal('40755', '%o' % dir_stat.mode)
# Create a user, then add their home directory
assert_false(cluster.fs.exists('/user/test2'))
response = c.post('/useradmin/users/new', dict(username="******", password1='test', password2='test'))
assert_false(cluster.fs.exists('/user/test2'))
response = c.post('/useradmin/users/edit/%s' % "test2", dict(username="******", password1='test', password2='test', password_old="test", ensure_home_directory=True))
assert_true(cluster.fs.exists('/user/test2'))
dir_stat = cluster.fs.stats('/user/test2')
assert_equal('test2', dir_stat.user)
assert_equal('test2', dir_stat.group)
assert_equal('40755', '%o' % dir_stat.mode)
def test_ensure_home_directory(self):
raise SkipTest
resets = [useradmin.conf.PASSWORD_POLICY.IS_ENABLED.set_for_testing(False)]
try:
reset_password_policy()
# Cluster and client for home directory creation
cluster = pseudo_hdfs4.shared_cluster()
c = make_logged_in_client(cluster.superuser, is_superuser=True, groupname="test1")
cluster.fs.setuser(cluster.superuser)
# Create a user with a home directory
assert_false(cluster.fs.exists("/user/test1"))
response = c.post(
"/useradmin/users/new",
dict(username="******", password1="test", password2="test", ensure_home_directory=True),
)
assert_true(cluster.fs.exists("/user/test1"))
dir_stat = cluster.fs.stats("/user/test1")
assert_equal("test1", dir_stat.user)
assert_equal("test1", dir_stat.group)
assert_equal("40755", "%o" % dir_stat.mode)
# Create a user, then add their home directory
assert_false(cluster.fs.exists("/user/test2"))
response = c.post("/useradmin/users/new", dict(username="******", password1="test", password2="test"))
assert_false(cluster.fs.exists("/user/test2"))
response = c.post(
"/useradmin/users/edit/%s" % "test2",
dict(
username="******",
password1="test",
password2="test",
password_old="test",
ensure_home_directory=True,
),
)
assert_true(cluster.fs.exists("/user/test2"))
dir_stat = cluster.fs.stats("/user/test2")
assert_equal("test2", dir_stat.user)
assert_equal("test2", dir_stat.group)
assert_equal("40755", "%o" % dir_stat.mode)
finally:
for reset in resets:
reset()
def test_user_admin(self):
FUNNY_NAME = '~`!@#$%^&*()_-+={}[]|\;"<>?/,.'
FUNNY_NAME_QUOTED = urllib.quote(FUNNY_NAME)
resets = [
useradmin.conf.DEFAULT_USER_GROUP.set_for_testing('test_default'),
useradmin.conf.PASSWORD_POLICY.IS_ENABLED.set_for_testing(False),
]
try:
reset_password_policy()
c = make_logged_in_client('test', is_superuser=True)
user = User.objects.get(username='******')
# Test basic output.
response = c.get('/useradmin/')
assert_true(len(response.context["users"]) > 0)
assert_true("Hue Users" in response.content)
# Test editing a superuser
# Just check that this comes back
response = c.get('/useradmin/users/edit/test')
# Edit it, to add a first and last name
response = c.post('/useradmin/users/edit/test',
dict(username="******",
first_name=u"Inglés",
last_name=u"Español",
is_superuser="******",
is_active="True"),
follow=True)
assert_true(
"User information updated" in response.content,
"Notification should be displayed in: %s" % response.content)
# Edit it, can't change username
response = c.post('/useradmin/users/edit/test',
dict(username="******",
first_name=u"Inglés",
last_name=u"Español",
is_superuser="******",
is_active="True"),
follow=True)
assert_true("You cannot change a username" in response.content)
# Now make sure that those were materialized
response = c.get('/useradmin/users/edit/test')
assert_equal(smart_unicode("Inglés"),
response.context["form"].instance.first_name)
assert_true("Español" in response.content)
# Shouldn't be able to demote to non-superuser
response = c.post(
'/useradmin/users/edit/test',
dict(username="******",
first_name=u"Inglés",
last_name=u"Español",
is_superuser=False,
is_active=True))
assert_true("You cannot remove" in response.content,
"Shouldn't be able to remove the last superuser")
# Shouldn't be able to delete oneself
response = c.post('/useradmin/users/delete',
{u'user_ids': [user.id]})
assert_true("You cannot remove yourself" in response.content,
"Shouldn't be able to delete the last superuser")
# Let's try changing the password
response = c.post(
'/useradmin/users/edit/test',
dict(username="******",
first_name="Tom",
last_name="Tester",
is_superuser=True,
password1="foo",
password2="foobar"))
assert_equal(["Passwords do not match."],
response.context["form"]["password2"].errors,
"Should have complained about mismatched password")
# Old password not confirmed
response = c.post(
'/useradmin/users/edit/test',
dict(username="******",
first_name="Tom",
last_name="Tester",
password1="foo",
password2="foo",
is_active=True,
is_superuser=True))
assert_equal(
["The old password does not match the current password."],
response.context["form"]["password_old"].errors,
"Should have complained about old password")
# Good now
response = c.post(
'/useradmin/users/edit/test',
dict(username="******",
first_name="Tom",
last_name="Tester",
password1="foo",
password2="foo",
password_old="test",
is_active=True,
is_superuser=True))
assert_true(User.objects.get(username="******").is_superuser)
assert_true(
User.objects.get(username="******").check_password("foo"))
# Change it back!
response = c.post(
'/useradmin/users/edit/test',
dict(username="******",
first_name="Tom",
last_name="Tester",
password1="test",
password2="test",
password_old="foo",
is_active="True",
is_superuser="******"))
assert_true(
User.objects.get(username="******").check_password("test"))
assert_true(
make_logged_in_client(username="******", password="******"),
"Check that we can still login.")
# Check new user form for default group
group = get_default_user_group()
response = c.get('/useradmin/users/new')
assert_true(response)
assert_true(('<option value="%s" selected="selected">%s</option>' %
(group.id, group.name)) in str(response))
# Create a new regular user (duplicate name)
response = c.post(
'/useradmin/users/new',
dict(username="******", password1="test", password2="test"))
assert_equal(
{'username': ["User with this Username already exists."]},
response.context["form"].errors)
# Create a new regular user (for real)
response = c.post(
'/useradmin/users/new',
dict(username=FUNNY_NAME,
password1="test",
password2="test",
is_active="True"))
response = c.get('/useradmin/')
assert_true(FUNNY_NAME_QUOTED in response.content)
assert_true(len(response.context["users"]) > 1)
assert_true("Hue Users" in response.content)
# Validate profile is created.
assert_true(
UserProfile.objects.filter(user__username=FUNNY_NAME).exists())
# Need to give access to the user for the rest of the test
group = Group.objects.create(name="test-group")
perm = HuePermission.objects.get(app='useradmin', action='access')
GroupPermission.objects.create(group=group, hue_permission=perm)
# Verify that we can modify user groups through the user admin pages
response = c.post(
'/useradmin/users/new',
dict(username="******",
password1="test",
password2="test",
groups=[group.pk]))
User.objects.get(username='******')
assert_true(
User.objects.get(username='******').groups.filter(
name='test-group').exists())
response = c.post('/useradmin/users/edit/group_member',
dict(username="******", groups=[]))
assert_false(
User.objects.get(username='******').groups.filter(
name='test-group').exists())
# Check permissions by logging in as the new user
c_reg = make_logged_in_client(username=FUNNY_NAME, password="******")
test_user = User.objects.get(username=FUNNY_NAME)
test_user.groups.add(Group.objects.get(name="test-group"))
test_user.save()
# Regular user should be able to modify oneself
response = c_reg.post(
'/useradmin/users/edit/%s' % (FUNNY_NAME_QUOTED, ),
dict(username=FUNNY_NAME,
first_name="Hello",
is_active=True,
groups=[group.id for group in test_user.groups.all()]),
follow=True)
assert_equal(response.status_code, 200)
response = c_reg.get('/useradmin/users/edit/%s' %
(FUNNY_NAME_QUOTED, ),
follow=True)
assert_equal(response.status_code, 200)
assert_equal("Hello", response.context["form"].instance.first_name)
funny_user = User.objects.get(username=FUNNY_NAME)
# Can't edit other people.
response = c_reg.post("/useradmin/users/delete",
{u'user_ids': [funny_user.id]})
assert_true("You must be a superuser" in response.content,
"Regular user can't edit other people")
# Revert to regular "test" user, that has superuser powers.
c_su = make_logged_in_client()
# Inactivate FUNNY_NAME
c_su.post(
'/useradmin/users/edit/%s' % (FUNNY_NAME_QUOTED, ),
dict(username=FUNNY_NAME, first_name="Hello", is_active=False))
# Now make sure FUNNY_NAME can't log back in
response = c_reg.get('/useradmin/users/edit/%s' %
(FUNNY_NAME_QUOTED, ))
assert_true(
response.status_code == 302
and "login" in response["location"],
"Inactivated user gets redirected to login page")
# Delete that regular user
funny_profile = get_profile(test_user)
response = c_su.post('/useradmin/users/delete',
{u'user_ids': [funny_user.id]})
assert_equal(302, response.status_code)
assert_false(User.objects.filter(username=FUNNY_NAME).exists())
assert_false(
UserProfile.objects.filter(id=funny_profile.id).exists())
# Bulk delete users
u1 = User.objects.create(username='******', password="******")
u2 = User.objects.create(username='******', password="******")
assert_equal(
User.objects.filter(username__in=['u1', 'u2']).count(), 2)
response = c_su.post('/useradmin/users/delete',
{u'user_ids': [u1.id, u2.id]})
assert_equal(
User.objects.filter(username__in=['u1', 'u2']).count(), 0)
# Make sure that user deletion works if the user has never performed a request.
funny_user = User.objects.create(username=FUNNY_NAME,
password='******')
assert_true(User.objects.filter(username=FUNNY_NAME).exists())
assert_false(
UserProfile.objects.filter(user__username=FUNNY_NAME).exists())
response = c_su.post('/useradmin/users/delete',
{u'user_ids': [funny_user.id]})
assert_equal(302, response.status_code)
assert_false(User.objects.filter(username=FUNNY_NAME).exists())
assert_false(
UserProfile.objects.filter(user__username=FUNNY_NAME).exists())
# You shouldn't be able to create a user without a password
response = c_su.post('/useradmin/users/new', dict(username="******"))
assert_true("You must specify a password when creating a new user."
in response.content)
finally:
for reset in resets:
reset()
def test_user_admin_password_policy(self):
# Set up password policy
password_hint = password_error_msg = (
"The password must be at least 8 characters long, "
"and must contain both uppercase and lowercase letters, "
"at least one number, and at least one special character.")
password_rule = "^(?=.*?[A-Z])(?=(.*[a-z]){1,})(?=(.*[\d]){1,})(?=(.*[\W_]){1,}).{8,}$"
resets = [
useradmin.conf.PASSWORD_POLICY.IS_ENABLED.set_for_testing(True),
useradmin.conf.PASSWORD_POLICY.PWD_RULE.set_for_testing(
password_rule),
useradmin.conf.PASSWORD_POLICY.PWD_HINT.set_for_testing(
password_hint),
useradmin.conf.PASSWORD_POLICY.PWD_ERROR_MESSAGE.set_for_testing(
password_error_msg),
]
try:
reset_password_policy()
# Test first-ever login with password policy enabled
c = Client()
response = c.get('/accounts/login/')
assert_equal(200, response.status_code)
assert_true(response.context['first_login_ever'])
response = c.post(
'/accounts/login/',
dict(username="******", password="******"))
assert_true(response.context['first_login_ever'])
assert_equal([password_error_msg],
response.context["form"]["password"].errors)
response = c.post('/accounts/login/',
dict(username="******",
password="******"),
follow=True)
assert_equal(200, response.status_code)
assert_true(
User.objects.get(username="******").is_superuser)
assert_true(
User.objects.get(username="******").check_password(
"foobarTest1["))
c.get('/accounts/logout')
# Test changing a user's password
c = make_logged_in_client('superuser', is_superuser=True)
# Test password hint is displayed
response = c.get('/useradmin/users/edit/superuser')
assert_true(password_hint in response.content)
# Password is less than 8 characters
response = c.post(
'/useradmin/users/edit/superuser',
dict(username="******",
is_superuser=True,
password1="foo",
password2="foo"))
assert_equal([password_error_msg],
response.context["form"]["password1"].errors)
# Password is more than 8 characters long but does not have a special character
response = c.post(
'/useradmin/users/edit/superuser',
dict(username="******",
is_superuser=True,
password1="foobarTest1",
password2="foobarTest1"))
assert_equal([password_error_msg],
response.context["form"]["password1"].errors)
# Password1 and Password2 are valid but they do not match
response = c.post(
'/useradmin/users/edit/superuser',
dict(username="******",
is_superuser=True,
password1="foobarTest1??",
password2="foobarTest1?",
password_old="foobarTest1[",
is_active=True))
assert_equal(["Passwords do not match."],
response.context["form"]["password2"].errors)
# Password is valid now
c.post(
'/useradmin/users/edit/superuser',
dict(username="******",
is_superuser=True,
password1="foobarTest1[",
password2="foobarTest1[",
password_old="test",
is_active=True))
assert_true(User.objects.get(username="******").is_superuser)
assert_true(
User.objects.get(
username="******").check_password("foobarTest1["))
# Test creating a new user
response = c.get('/useradmin/users/new')
assert_true(password_hint in response.content)
# Password is more than 8 characters long but does not have a special character
response = c.post(
'/useradmin/users/new',
dict(username="******",
is_superuser=False,
password1="foo",
password2="foo"))
assert_equal(
{
'password1': [password_error_msg],
'password2': [password_error_msg]
}, response.context["form"].errors)
# Password is more than 8 characters long but does not have a special character
response = c.post(
'/useradmin/users/new',
dict(username="******",
is_superuser=False,
password1="foobarTest1",
password2="foobarTest1"))
assert_equal(
{
'password1': [password_error_msg],
'password2': [password_error_msg]
}, response.context["form"].errors)
# Password1 and Password2 are valid but they do not match
response = c.post(
'/useradmin/users/new',
dict(username="******",
is_superuser=False,
password1="foobarTest1[",
password2="foobarTest1?"))
assert_equal({'password2': ["Passwords do not match."]},
response.context["form"].errors)
# Password is valid now
c.post(
'/useradmin/users/new',
dict(username="******",
is_superuser=False,
password1="foobarTest1[",
password2="foobarTest1[",
is_active=True))
assert_false(User.objects.get(username="******").is_superuser)
assert_true(
User.objects.get(
username="******").check_password("foobarTest1["))
finally:
for reset in resets:
reset()
def test_user_admin():
FUNNY_NAME = '~`!@#$%^&*()_-+={}[]|\;"<>?/,.'
FUNNY_NAME_QUOTED = urllib.quote(FUNNY_NAME)
reset_all_users()
reset_all_groups()
useradmin.conf.DEFAULT_USER_GROUP.set_for_testing('test_default')
useradmin.conf.PASSWORD_POLICY.IS_ENABLED.set_for_testing(False)
reset_password_policy()
c = make_logged_in_client('test', is_superuser=True)
user = User.objects.get(username='******')
# Test basic output.
response = c.get('/useradmin/')
assert_true(len(response.context["users"]) > 0)
assert_true("Hue Users" in response.content)
# Test editing a superuser
# Just check that this comes back
response = c.get('/useradmin/users/edit/test')
# Edit it, to add a first and last name
response = c.post('/useradmin/users/edit/test',
dict(username="******",
first_name=u"Inglés",
last_name=u"Español",
is_superuser="******",
is_active="True"),
follow=True)
assert_true("User information updated" in response.content,
"Notification should be displayed in: %s" % response.content)
# Edit it, can't change username
response = c.post('/useradmin/users/edit/test',
dict(username="******",
first_name=u"Inglés",
last_name=u"Español",
is_superuser="******",
is_active="True"),
follow=True)
assert_true("You cannot change a username" in response.content)
# Now make sure that those were materialized
response = c.get('/useradmin/users/edit/test')
assert_equal(smart_unicode("Inglés"), response.context["form"].instance.first_name)
assert_true("Español" in response.content)
# Shouldn't be able to demote to non-superuser
response = c.post('/useradmin/users/edit/test', dict(username="******",
first_name=u"Inglés", last_name=u"Español",
is_superuser=False, is_active=True))
assert_true("You cannot remove" in response.content,
"Shouldn't be able to remove the last superuser")
# Shouldn't be able to delete oneself
response = c.post('/useradmin/users/delete', {u'user_ids': [user.id]})
assert_true("You cannot remove yourself" in response.content,
"Shouldn't be able to delete the last superuser")
# Let's try changing the password
response = c.post('/useradmin/users/edit/test', dict(username="******", first_name="Tom", last_name="Tester", is_superuser=True, password1="foo", password2="foobar"))
assert_equal(["Passwords do not match."], response.context["form"]["password2"].errors, "Should have complained about mismatched password")
# Old password not confirmed
response = c.post('/useradmin/users/edit/test', dict(username="******", first_name="Tom", last_name="Tester", password1="foo", password2="foo", is_active=True, is_superuser=True))
assert_equal(["The old password does not match the current password."], response.context["form"]["password_old"].errors, "Should have complained about old password")
# Good now
response = c.post('/useradmin/users/edit/test', dict(username="******", first_name="Tom", last_name="Tester", password1="foo", password2="foo", password_old="test", is_active=True, is_superuser=True))
assert_true(User.objects.get(username="******").is_superuser)
assert_true(User.objects.get(username="******").check_password("foo"))
# Change it back!
response = c.post('/useradmin/users/edit/test', dict(username="******", first_name="Tom", last_name="Tester", password1="test", password2="test", password_old="foo", is_active="True", is_superuser="******"))
assert_true(User.objects.get(username="******").check_password("test"))
assert_true(make_logged_in_client(username = "******", password = "******"), "Check that we can still login.")
# Check new user form for default group
group = get_default_user_group()
response = c.get('/useradmin/users/new')
assert_true(response)
assert_true(('<option value="1" selected="selected">%s</option>' % group) in str(response))
# Create a new regular user (duplicate name)
response = c.post('/useradmin/users/new', dict(username="******", password1="test", password2="test"))
assert_equal({ 'username': ["User with this Username already exists."]}, response.context["form"].errors)
# Create a new regular user (for real)
response = c.post('/useradmin/users/new', dict(username=FUNNY_NAME,
password1="test",
password2="test",
is_active="True"))
response = c.get('/useradmin/')
assert_true(FUNNY_NAME_QUOTED in response.content)
assert_true(len(response.context["users"]) > 1)
assert_true("Hue Users" in response.content)
# Validate profile is created.
assert_true(UserProfile.objects.filter(user__username=FUNNY_NAME).exists())
# Need to give access to the user for the rest of the test
group = Group.objects.create(name="test-group")
perm = HuePermission.objects.get(app='useradmin', action='access')
GroupPermission.objects.create(group=group, hue_permission=perm)
# Verify that we can modify user groups through the user admin pages
response = c.post('/useradmin/users/new', dict(username="******", password1="test", password2="test", groups=[group.pk]))
User.objects.get(username='******')
assert_true(User.objects.get(username='******').groups.filter(name='test-group').exists())
response = c.post('/useradmin/users/edit/group_member', dict(username="******", groups=[]))
assert_false(User.objects.get(username='******').groups.filter(name='test-group').exists())
# Check permissions by logging in as the new user
c_reg = make_logged_in_client(username=FUNNY_NAME, password="******")
test_user = User.objects.get(username=FUNNY_NAME)
test_user.groups.add(Group.objects.get(name="test-group"))
test_user.save()
# Regular user should be able to modify oneself
response = c_reg.post('/useradmin/users/edit/%s' % (FUNNY_NAME_QUOTED,),
dict(username = FUNNY_NAME,
first_name = "Hello",
is_active = True,
groups=[group.id for group in test_user.groups.all()]), follow=True)
assert_equal(response.status_code, 200)
response = c_reg.get('/useradmin/users/edit/%s' % (FUNNY_NAME_QUOTED,), follow=True)
assert_equal(response.status_code, 200)
assert_equal("Hello", response.context["form"].instance.first_name)
funny_user = User.objects.get(username=FUNNY_NAME)
# Can't edit other people.
response = c_reg.post("/useradmin/users/delete", {u'user_ids': [funny_user.id]})
assert_true("You must be a superuser" in response.content,
"Regular user can't edit other people")
# Revert to regular "test" user, that has superuser powers.
c_su = make_logged_in_client()
# Inactivate FUNNY_NAME
c_su.post('/useradmin/users/edit/%s' % (FUNNY_NAME_QUOTED,),
dict(username = FUNNY_NAME,
first_name = "Hello",
is_active = False))
# Now make sure FUNNY_NAME can't log back in
response = c_reg.get('/useradmin/users/edit/%s' % (FUNNY_NAME_QUOTED,))
assert_true(response.status_code == 302 and "login" in response["location"],
"Inactivated user gets redirected to login page")
# Delete that regular user
funny_profile = get_profile(test_user)
response = c_su.post('/useradmin/users/delete', {u'user_ids': [funny_user.id]})
assert_equal(302, response.status_code)
assert_false(User.objects.filter(username=FUNNY_NAME).exists())
assert_false(UserProfile.objects.filter(id=funny_profile.id).exists())
# Bulk delete users
u1 = User.objects.create(username='******', password="******")
u2 = User.objects.create(username='******', password="******")
assert_equal(User.objects.filter(username__in=['u1', 'u2']).count(), 2)
response = c_su.post('/useradmin/users/delete', {u'user_ids': [u1.id, u2.id]})
assert_equal(User.objects.filter(username__in=['u1', 'u2']).count(), 0)
# Make sure that user deletion works if the user has never performed a request.
funny_user = User.objects.create(username=FUNNY_NAME, password='******')
assert_true(User.objects.filter(username=FUNNY_NAME).exists())
assert_false(UserProfile.objects.filter(user__username=FUNNY_NAME).exists())
response = c_su.post('/useradmin/users/delete', {u'user_ids': [funny_user.id]})
assert_equal(302, response.status_code)
assert_false(User.objects.filter(username=FUNNY_NAME).exists())
assert_false(UserProfile.objects.filter(user__username=FUNNY_NAME).exists())
# You shouldn't be able to create a user without a password
response = c_su.post('/useradmin/users/new', dict(username="******"))
assert_true("You must specify a password when creating a new user." in response.content)
def test_user_admin_password_policy():
reset_all_users()
reset_all_groups()
# Set up password policy
password_hint = password_error_msg = ("The password must be at least 8 characters long, "
"and must contain both uppercase and lowercase letters, "
"at least one number, and at least one special character.")
password_rule = "^(?=.*?[A-Z])(?=(.*[a-z]){1,})(?=(.*[\d]){1,})(?=(.*[\W_]){1,}).{8,}$"
useradmin.conf.PASSWORD_POLICY.IS_ENABLED.set_for_testing(True)
useradmin.conf.PASSWORD_POLICY.PWD_RULE.set_for_testing(password_rule)
useradmin.conf.PASSWORD_POLICY.PWD_HINT.set_for_testing(password_hint)
useradmin.conf.PASSWORD_POLICY.PWD_ERROR_MESSAGE.set_for_testing(password_error_msg)
reset_password_policy()
# Test first-ever login with password policy enabled
c = Client()
response = c.get('/accounts/login/')
assert_equal(200, response.status_code)
assert_true(response.context['first_login_ever'])
response = c.post('/accounts/login/', dict(username="******", password="******"))
assert_true(response.context['first_login_ever'])
assert_equal([password_error_msg], response.context["form"]["password"].errors)
response = c.post('/accounts/login/', dict(username="******", password="******"), follow=True)
assert_equal(200, response.status_code)
assert_true(User.objects.get(username="******").is_superuser)
assert_true(User.objects.get(username="******").check_password("foobarTest1["))
c.get('/accounts/logout')
# Test changing a user's password
c = make_logged_in_client('superuser', is_superuser=True)
# Test password hint is displayed
response = c.get('/useradmin/users/edit/superuser')
assert_true(password_hint in response.content)
# Password is less than 8 characters
response = c.post('/useradmin/users/edit/superuser',
dict(username="******",
is_superuser=True,
password1="foo",
password2="foo"))
assert_equal([password_error_msg], response.context["form"]["password1"].errors)
# Password is more than 8 characters long but does not have a special character
response = c.post('/useradmin/users/edit/superuser',
dict(username="******",
is_superuser=True,
password1="foobarTest1",
password2="foobarTest1"))
assert_equal([password_error_msg], response.context["form"]["password1"].errors)
# Password1 and Password2 are valid but they do not match
response = c.post('/useradmin/users/edit/superuser',
dict(username="******",
is_superuser=True,
password1="foobarTest1??",
password2="foobarTest1?",
password_old="foobarTest1[",
is_active=True))
assert_equal(["Passwords do not match."], response.context["form"]["password2"].errors)
# Password is valid now
c.post('/useradmin/users/edit/superuser',
dict(username="******",
is_superuser=True,
password1="foobarTest1[",
password2="foobarTest1[",
password_old="test",
is_active=True))
assert_true(User.objects.get(username="******").is_superuser)
assert_true(User.objects.get(username="******").check_password("foobarTest1["))
# Test creating a new user
response = c.get('/useradmin/users/new')
assert_true(password_hint in response.content)
# Password is more than 8 characters long but does not have a special character
response = c.post('/useradmin/users/new',
dict(username="******",
is_superuser=False,
password1="foo",
password2="foo"))
assert_equal({'password1': [password_error_msg], 'password2': [password_error_msg]},
response.context["form"].errors)
# Password is more than 8 characters long but does not have a special character
response = c.post('/useradmin/users/new',
dict(username="******",
is_superuser=False,
password1="foobarTest1",
password2="foobarTest1"))
assert_equal({'password1': [password_error_msg], 'password2': [password_error_msg]},
response.context["form"].errors)
# Password1 and Password2 are valid but they do not match
response = c.post('/useradmin/users/new',
dict(username="******",
is_superuser=False,
password1="foobarTest1[",
password2="foobarTest1?"))
assert_equal({'password2': ["Passwords do not match."]}, response.context["form"].errors)
# Password is valid now
c.post('/useradmin/users/new',
dict(username="******",
is_superuser=False,
password1="foobarTest1[",
password2="foobarTest1[", is_active=True))
assert_false(User.objects.get(username="******").is_superuser)
assert_true(User.objects.get(username="******").check_password("foobarTest1["))
def test_ensure_home_directory(self):
if not is_live_cluster():
raise SkipTest
resets = [
useradmin.conf.PASSWORD_POLICY.IS_ENABLED.set_for_testing(False),
]
try:
reset_password_policy()
# Cluster and client for home directory creation
cluster = pseudo_hdfs4.shared_cluster()
c = make_logged_in_client(cluster.superuser, is_superuser=True, groupname='test1')
cluster.fs.setuser(cluster.superuser)
# Create a user with a home directory
if cluster.fs.exists('/user/test1'):
cluster.fs.do_as_superuser(cluster.fs.rmtree, '/user/test1')
assert_false(cluster.fs.exists('/user/test1'))
response = c.post('/useradmin/users/new', dict(username="******", password1='test', password2='test', ensure_home_directory=True))
assert_true(cluster.fs.exists('/user/test1'))
dir_stat = cluster.fs.stats('/user/test1')
assert_equal('test1', dir_stat.user)
assert_equal('test1', dir_stat.group)
assert_equal('40755', '%o' % dir_stat.mode)
# Create a user, then add their home directory
if cluster.fs.exists('/user/test2'):
cluster.fs.do_as_superuser(cluster.fs.rmtree, '/user/test2')
assert_false(cluster.fs.exists('/user/test2'))
response = c.post('/useradmin/users/new', dict(username="******", password1='test', password2='test'))
assert_false(cluster.fs.exists('/user/test2'))
response = c.post('/useradmin/users/edit/%s' % "test2", dict(username="******", password1='test', password2='test', password_old="test", ensure_home_directory=True))
assert_true(cluster.fs.exists('/user/test2'))
dir_stat = cluster.fs.stats('/user/test2')
assert_equal('test2', dir_stat.user)
assert_equal('test2', dir_stat.group)
assert_equal('40755', '%o' % dir_stat.mode)
# Ignore domain in username when importing LDAP users
# eg: Ignore '@ad.sec.cloudera.com' when importing '*****@*****.**'
resets.append(desktop.conf.LDAP.LDAP_URL.set_for_testing('default.example.com'))
if cluster.fs.exists('/user/[email protected]'):
cluster.fs.do_as_superuser(cluster.fs.rmtree, '/user/[email protected]')
if cluster.fs.exists('/user/test3'):
cluster.fs.do_as_superuser(cluster.fs.rmtree, '/user/test3')
assert_false(cluster.fs.exists('/user/test3'))
response = c.post('/useradmin/users/new', dict(username="******", password1='test', password2='test', ensure_home_directory=True))
assert_false(cluster.fs.exists('/user/[email protected]'))
assert_true(cluster.fs.exists('/user/test3'))
dir_stat = cluster.fs.stats('/user/test3')
assert_equal('test3', dir_stat.user)
assert_equal('test3', dir_stat.group)
assert_not_equal('*****@*****.**', dir_stat.user)
assert_not_equal('*****@*****.**', dir_stat.group)
assert_equal('40755', '%o' % dir_stat.mode)
finally:
for reset in resets:
reset()