def setUpBasicData(self): self.tag = Tag(name='tag') self.tag.save() self.cred = Cred(title='secret', username='******', password='******', group=self.group) self.cred.save() self.tagcred = Cred(title='tagged', password='******', group=self.group) self.tagcred.save() self.tagcred.tags.add(self.tag) self.tagcred.save() CredChangeQ.objects.add_to_changeq(self.cred) self.viewedcred = Cred(title='Viewed', password='******', group=self.group) self.viewedcred.save() self.changedcred = Cred(title='Changed', password='******', group=self.group) self.changedcred.save() CredAudit(audittype=CredAudit.CREDADD, cred=self.viewedcred, user=self.unorm).save() CredAudit(audittype=CredAudit.CREDADD, cred=self.changedcred, user=self.unorm).save() CredAudit(audittype=CredAudit.CREDVIEW, cred=self.viewedcred, user=self.unorm).save() CredAudit(audittype=CredAudit.CREDVIEW, cred=self.changedcred, user=self.unorm).save() CredAudit(audittype=CredAudit.CREDCHANGE, cred=self.changedcred, user=self.ustaff).save() self.logadd = CredAudit(audittype=CredAudit.CREDADD, cred=self.cred, user=self.ustaff) self.logview = CredAudit(audittype=CredAudit.CREDVIEW, cred=self.cred, user=self.ustaff) self.logadd.save() self.logview.save()
def setUp(self): self.group = Group(name="testgroup") self.group.save() self.othergroup = Group(name="othergroup") self.othergroup.save() self.unorm = User(username="******", email="*****@*****.**") self.unorm.set_password("password") self.unorm.save() self.unorm.groups.add(self.group) self.unorm.save() self.ustaff = User(username="******", email="*****@*****.**", is_staff=True) self.ustaff.set_password("password") self.ustaff.save() self.ustaff.groups.add(self.group) self.ustaff.save() self.norm = Client() self.norm.login(username="******", password="******") self.staff = Client() self.staff.login(username="******", password="******") self.viewedcred = Cred(title="Viewed", password="******", group=self.group) self.viewedcred.save() self.changedcred = Cred(title="Changed", password="******", group=self.group) self.changedcred.save() CredAudit(audittype=CredAudit.CREDADD, cred=self.viewedcred, user=self.unorm).save() CredAudit(audittype=CredAudit.CREDADD, cred=self.changedcred, user=self.unorm).save() CredAudit(audittype=CredAudit.CREDVIEW, cred=self.viewedcred, user=self.unorm).save() CredAudit(audittype=CredAudit.CREDVIEW, cred=self.changedcred, user=self.unorm).save() CredAudit(audittype=CredAudit.CREDCHANGE, cred=self.changedcred, user=self.ustaff).save()
def setUp(self): g = Group(name='h') g.save() c = Cred(title='testcred', password='******', group=g) c.save() self.c = c
class StaffChangeAdviceTest(TestCase): def setUp(self): self.group = Group(name="testgroup") self.group.save() self.othergroup = Group(name="othergroup") self.othergroup.save() self.unorm = User(username="******", email="*****@*****.**") self.unorm.set_password("password") self.unorm.save() self.unorm.groups.add(self.group) self.unorm.save() self.ustaff = User(username="******", email="*****@*****.**", is_staff=True) self.ustaff.set_password("password") self.ustaff.save() self.ustaff.groups.add(self.group) self.ustaff.save() self.norm = Client() self.norm.login(username="******", password="******") self.staff = Client() self.staff.login(username="******", password="******") self.viewedcred = Cred(title="Viewed", password="******", group=self.group) self.viewedcred.save() self.changedcred = Cred(title="Changed", password="******", group=self.group) self.changedcred.save() CredAudit(audittype=CredAudit.CREDADD, cred=self.viewedcred, user=self.unorm).save() CredAudit(audittype=CredAudit.CREDADD, cred=self.changedcred, user=self.unorm).save() CredAudit(audittype=CredAudit.CREDVIEW, cred=self.viewedcred, user=self.unorm).save() CredAudit(audittype=CredAudit.CREDVIEW, cred=self.changedcred, user=self.unorm).save() CredAudit(audittype=CredAudit.CREDCHANGE, cred=self.changedcred, user=self.ustaff).save() def test_disable_user(self): resp = self.staff.get(reverse("staff.views.change_advice_by_user", args=(self.unorm.id,))) self.assertEqual(resp.status_code, 200) credlist = resp.context["creds"] self.assertIn(self.viewedcred, credlist) self.assertNotIn(self.changedcred, credlist) def test_remove_group(self): resp = self.staff.get( reverse("staff.views.change_advice_by_user_and_group", args=(self.unorm.id, self.group.id)) ) self.assertEqual(resp.status_code, 200) credlist = resp.context["creds"] self.assertIn(self.viewedcred, credlist) self.assertNotIn(self.changedcred, credlist)
def setUp(self): self.group = Group(name="testgroup") self.group.save() self.othergroup = Group(name="othergroup") self.othergroup.save() self.tag = Tag(name="tag") self.tag.save() self.unorm = User(username="******", email="*****@*****.**") self.unorm.set_password("password") self.unorm.save() self.unorm.groups.add(self.group) self.unorm.save() self.ustaff = User(username="******", email="*****@*****.**", is_staff=True) self.ustaff.set_password("password") self.ustaff.save() self.ustaff.groups.add(self.group) self.ustaff.save() self.unobody = User(username="******", email="*****@*****.**") self.unobody.set_password("password") self.unobody.save() self.norm = Client() self.norm.login(username="******", password="******") self.staff = Client() self.staff.login(username="******", password="******") self.nobody = Client() self.nobody.login(username="******", password="******") self.cred = Cred(title="secret", password="******", group=self.group) self.cred.save() self.tagcred = Cred(title="tagged", password="******", group=self.group) self.tagcred.save() self.tagcred.tags.add(self.tag) self.tagcred.save() CredChangeQ.objects.add_to_changeq(self.cred) self.logadd = CredAudit(audittype=CredAudit.CREDADD, cred=self.cred, user=self.ustaff) self.logview = CredAudit(audittype=CredAudit.CREDVIEW, cred=self.cred, user=self.ustaff) self.logadd.save() self.logview.save()
def setUpBasicData(self): # Make a tag self.tag = Tag(name='tag') self.tag.save() # Make a simple credential self.cred = Cred(title='secret', username='******', password='******', group=self.group) self.cred.save() # Make a cred that'll be tagged self.tagcred = Cred(title='tagged', password='******', group=self.group) self.tagcred.save() self.tagcred.tags.add(self.tag) self.tagcred.save() # A cred that attempts script injection self.injectcred = Cred( title='<script>document.write("BADTITLE!")</script>Bold!', username='******', password='******', group=self.group ) self.injectcred.save() # A cred with markdown self.markdowncred = Cred( title='Markdown Cred', password='******', group=self.group, description='# Test', descriptionmarkdown=True, ) self.markdowncred.save() # Add a Unicode credential self.unicodecred = Cred( title='Unicode ‑ Cred', password='******', group=self.group, description='Γαζέες καὶ μυρτιὲς δὲν θὰ βρῶ πιὰ στὸ χρυσαφὶ ξέφωτο', ) self.unicodecred.save() CredChangeQ.objects.add_to_changeq(self.cred) self.viewedcred = Cred(title='Viewed', password='******', group=self.group) self.viewedcred.save() self.changedcred = Cred(title='Changed', password='******', group=self.group) self.changedcred.save() CredAudit(audittype=CredAudit.CREDADD, cred=self.viewedcred, user=self.unobody).save() CredAudit(audittype=CredAudit.CREDADD, cred=self.changedcred, user=self.unobody).save() CredAudit(audittype=CredAudit.CREDVIEW, cred=self.viewedcred, user=self.unorm).save() CredAudit(audittype=CredAudit.CREDVIEW, cred=self.changedcred, user=self.unorm).save() CredAudit(audittype=CredAudit.CREDCHANGE, cred=self.changedcred, user=self.ustaff).save() self.logadd = CredAudit(audittype=CredAudit.CREDADD, cred=self.cred, user=self.ustaff) self.logview = CredAudit(audittype=CredAudit.CREDVIEW, cred=self.cred, user=self.ustaff) self.logadd.save() self.logview.save()
class ApiTest(TestCase): def setUp(self): self.data = TestData() self.cred = Cred(title="one", username="******", password="******", group=self.data.group) self.cred.save() self.detail_url = reverse("api_dispatch_detail", kwargs={"resource_name": "cred", "api_name": "v1", "pk": self.cred.pk}) def test_cant_use_expired_key(self): res = self.data.norm.get(self.detail_url) data = json.loads(res.content) for key, val in [("title", "one"), ("username", "two"), ("password", "three")]: self.assertEqual(data[key], val) def test_can_post_ssh_key_into_cred(self): self.cred.ssh_key = None self.cred.save() res = self.data.norm.get(self.detail_url) data = json.loads(res.content) assert 'ssh_key' not in data with open(os.path.join(ssh_keys, "1.pem")) as fle: res = self.data.norm.post(self.detail_url, {'ssh_key': fle}) data = json.loads(res.content) with open(os.path.join(ssh_keys, "1.pem")) as fle: self.assertEqual(data['ssh_key'], fle.read()) res = self.data.norm.get(self.detail_url) data = json.loads(res.content) with open(os.path.join(ssh_keys, "1.pem")) as fle: self.assertEqual(data['ssh_key'], fle.read()) def test_it_complains_if_given_something_that_isnt_an_ssh_key(self): with a_temp_file() as filename: with open(filename, 'w') as fle: fle.write("blah") res = self.data.norm.post(self.detail_url, {"ssh_key": open(filename)}) self.assertEqual(res.status_code, 500) self.assertEqual(res.content, "not a valid RSA private key file")
def import_from_keepass(request): if request.method == 'POST': form = KeepassImportForm(request.user, request.POST, request.FILES) if form.is_valid(): group = form.cleaned_data['group'] for e in form.cleaned_data['db']['entries']: cred = Cred( title=e['title'], username=e['username'], password=e['password'], description=e['description'], group=group, ) cred.save() CredAudit(audittype=CredAudit.CREDADD, cred=cred, user=request.user).save() for t in e['tags']: (tag, create) = Tag.objects.get_or_create(name=t) cred.tags.add(tag) return HttpResponseRedirect(reverse('staff.views.home')) else: form = KeepassImportForm(request.user) return render(request, 'staff_keepassimport.html', {'form': form})
def setUpBasicData(self): self.tag = Tag(name="tag") self.tag.save() self.cred = Cred(title="secret", username="******", password="******", group=self.group) self.cred.save() self.tagcred = Cred(title="tagged", password="******", group=self.group) self.tagcred.save() self.tagcred.tags.add(self.tag) self.tagcred.save() self.injectcred = Cred( title='<script>document.write("BADTITLE!")</script>Bold!', username='******', password='******', group=self.group, ) self.injectcred.save() self.markdowncred = Cred( title="Markdown Cred", password="******", group=self.group, description="# Test", descriptionmarkdown=True ) self.markdowncred.save() CredChangeQ.objects.add_to_changeq(self.cred) self.viewedcred = Cred(title="Viewed", password="******", group=self.group) self.viewedcred.save() self.changedcred = Cred(title="Changed", password="******", group=self.group) self.changedcred.save() CredAudit(audittype=CredAudit.CREDADD, cred=self.viewedcred, user=self.unobody).save() CredAudit(audittype=CredAudit.CREDADD, cred=self.changedcred, user=self.unobody).save() CredAudit(audittype=CredAudit.CREDVIEW, cred=self.viewedcred, user=self.unorm).save() CredAudit(audittype=CredAudit.CREDVIEW, cred=self.changedcred, user=self.unorm).save() CredAudit(audittype=CredAudit.CREDCHANGE, cred=self.changedcred, user=self.ustaff).save() self.logadd = CredAudit(audittype=CredAudit.CREDADD, cred=self.cred, user=self.ustaff) self.logview = CredAudit(audittype=CredAudit.CREDVIEW, cred=self.cred, user=self.ustaff) self.logadd.save() self.logview.save()
def setUp(self): g = Group(name='h') g.save() c = Cred(title='testcred', password='******', group=g) c.save() d = Cred(title='todelete', password='******', group=g) d.save() d.delete() md = Cred(title='Markdown Cred', password='******', group=g, description='# Test') md.save() u = User(username='******') u.save() u.groups.add(g) u.save() f = User(username='******') f.save() s = User(username='******', is_staff=True) s.save() s.groups.add(g) s.save() self.c = c self.d = d self.u = u self.f = f self.s = s
class TestData: def __init__(self): if settings.LDAP_ENABLED: self.getLDAPAuthData() else: self.setUpAuthData() self.setUpBasicData() def loginLDAP(self, username, password): c = Client() loginurl = reverse('django.contrib.auth.views.login') c.post(loginurl, {'username': username, 'password': password}) return c def getLDAPAuthData(self): self.norm = self.loginLDAP(username='******', password='******') self.unorm = User.objects.get(username='******') self.normpass = '******' self.staff = self.loginLDAP(username='******', password='******') self.ustaff = User.objects.get(username='******') self.nobody = self.loginLDAP(username='******', password='******') self.unobody = User.objects.get(username='******') self.group = Group.objects.get(name='testgroup') self.othergroup = Group.objects.get(name='othergroup') def setUpAuthData(self): self.group = Group(name='testgroup') self.group.save() self.othergroup = Group(name='othergroup') self.othergroup.save() self.unorm = User(username='******', email='*****@*****.**') self.unorm.set_password('password') self.normpass = '******' self.unorm.save() self.unorm.groups.add(self.group) self.unorm.save() self.ustaff = User(username='******', email='*****@*****.**', is_staff=True) self.ustaff.set_password('password') self.ustaff.save() self.ustaff.groups.add(self.othergroup) self.ustaff.save() self.unobody = User(username='******', email='*****@*****.**') self.unobody.set_password('password') self.unobody.save() self.norm = Client() self.norm.login(username='******', password='******') self.staff = Client() self.staff.login(username='******', password='******') self.nobody = Client() self.nobody.login(username='******', password='******') def setUpBasicData(self): self.tag = Tag(name='tag') self.tag.save() self.cred = Cred(title='secret', username='******', password='******', group=self.group) self.cred.save() self.tagcred = Cred(title='tagged', password='******', group=self.group) self.tagcred.save() self.tagcred.tags.add(self.tag) self.tagcred.save() CredChangeQ.objects.add_to_changeq(self.cred) self.viewedcred = Cred(title='Viewed', password='******', group=self.group) self.viewedcred.save() self.changedcred = Cred(title='Changed', password='******', group=self.group) self.changedcred.save() CredAudit(audittype=CredAudit.CREDADD, cred=self.viewedcred, user=self.unorm).save() CredAudit(audittype=CredAudit.CREDADD, cred=self.changedcred, user=self.unorm).save() CredAudit(audittype=CredAudit.CREDVIEW, cred=self.viewedcred, user=self.unorm).save() CredAudit(audittype=CredAudit.CREDVIEW, cred=self.changedcred, user=self.unorm).save() CredAudit(audittype=CredAudit.CREDCHANGE, cred=self.changedcred, user=self.ustaff).save() self.logadd = CredAudit(audittype=CredAudit.CREDADD, cred=self.cred, user=self.ustaff) self.logview = CredAudit(audittype=CredAudit.CREDVIEW, cred=self.cred, user=self.ustaff) self.logadd.save() self.logview.save()
class StaffViewTests(TestCase): def setUp(self): self.group = Group(name="testgroup") self.group.save() self.othergroup = Group(name="othergroup") self.othergroup.save() self.tag = Tag(name="tag") self.tag.save() self.unorm = User(username="******", email="*****@*****.**") self.unorm.set_password("password") self.unorm.save() self.unorm.groups.add(self.group) self.unorm.save() self.ustaff = User(username="******", email="*****@*****.**", is_staff=True) self.ustaff.set_password("password") self.ustaff.save() self.ustaff.groups.add(self.group) self.ustaff.save() self.unobody = User(username="******", email="*****@*****.**") self.unobody.set_password("password") self.unobody.save() self.norm = Client() self.norm.login(username="******", password="******") self.staff = Client() self.staff.login(username="******", password="******") self.nobody = Client() self.nobody.login(username="******", password="******") self.cred = Cred(title="secret", password="******", group=self.group) self.cred.save() self.tagcred = Cred(title="tagged", password="******", group=self.group) self.tagcred.save() self.tagcred.tags.add(self.tag) self.tagcred.save() CredChangeQ.objects.add_to_changeq(self.cred) self.logadd = CredAudit(audittype=CredAudit.CREDADD, cred=self.cred, user=self.ustaff) self.logview = CredAudit(audittype=CredAudit.CREDVIEW, cred=self.cred, user=self.ustaff) self.logadd.save() self.logview.save() def test_home(self): resp = self.staff.get(reverse("staff.views.home")) self.assertEqual(resp.status_code, 200) userlist = resp.context["userlist"] grouplist = resp.context["grouplist"] self.assertIn(self.unorm, userlist) self.assertIn(self.ustaff, userlist) self.assertIn(self.unobody, userlist) self.assertIn(self.group, grouplist) self.assertIn(self.othergroup, grouplist) def test_view_trash(self): self.cred.is_deleted = True self.cred.save() resp = self.staff.get(reverse("staff.views.view_trash")) self.assertEqual(resp.status_code, 200) credlist = resp.context["credlist"].object_list self.assertIn(self.cred, credlist) self.assertNotIn(self.tagcred, credlist) def test_userdetail(self): resp = self.staff.get(reverse("staff.views.userdetail", args=(self.unobody.id,))) self.assertEqual(resp.status_code, 200) user = resp.context["viewuser"] self.assertEqual(self.unobody.id, user.id) def test_groupadd(self): resp = self.staff.get(reverse("staff.views.groupadd")) self.assertEqual(resp.status_code, 200) form = resp.context["form"] post = {} for i in form: if i.value() is not None: post[i.name] = i.value() post["name"] = "Test Group" resp = self.staff.post(reverse("staff.views.groupadd"), post, follow=True) self.assertEqual(resp.status_code, 200) newgroup = Group.objects.get(name="Test Group") def test_groupdetail(self): resp = self.staff.get(reverse("staff.views.groupdetail", args=(self.group.id,))) self.assertEqual(resp.status_code, 200) group = resp.context["group"] self.assertEqual(self.group.id, group.id) def test_groupdelete(self): resp = self.staff.get(reverse("staff.views.groupdelete", args=(self.othergroup.id,))) self.assertEqual(resp.status_code, 200) group = resp.context["group"] self.assertEqual(self.othergroup.id, group.id) resp = self.staff.post(reverse("staff.views.groupdelete", args=(self.othergroup.id,)), follow=True) with self.assertRaises(Group.DoesNotExist): delgroup = Group.objects.get(id=self.othergroup.id) def test_userdelete(self): resp = self.staff.get(reverse("staff.views.userdelete", args=(self.unobody.id,))) self.assertEqual(resp.status_code, 200) user = resp.context["viewuser"] self.assertEqual(self.unobody.id, user.id) resp = self.staff.post(reverse("staff.views.userdelete", args=(self.unobody.id,)), follow=True) self.assertEqual(resp.status_code, 200) with self.assertRaises(User.DoesNotExist): deluser = User.objects.get(id=self.unobody.id) def test_audit_by_cred(self): resp = self.staff.get(reverse("staff.views.audit_by_cred", args=(self.cred.id,))) self.assertEqual(resp.status_code, 200) cred = resp.context["cred"] loglist = resp.context["logs"].object_list self.assertEqual(self.cred.id, cred.id) self.assertEqual(resp.context["type"], "cred") self.assertIn(self.logadd, loglist) self.assertIn(self.logview, loglist) def test_audit_by_user(self): resp = self.staff.get(reverse("staff.views.audit_by_user", args=(self.ustaff.id,))) self.assertEqual(resp.status_code, 200) user = resp.context["loguser"] loglist = resp.context["logs"].object_list self.assertEqual(self.ustaff.id, user.id) self.assertEqual(resp.context["type"], "user") self.assertIn(self.logadd, loglist) self.assertIn(self.logview, loglist) def test_audit_by_days(self): resp = self.staff.get(reverse("staff.views.audit_by_days", args=(2,))) self.assertEqual(resp.status_code, 200) days_ago = resp.context["days_ago"] loglist = resp.context["logs"].object_list self.assertEqual(int(days_ago), 2) self.assertEqual(resp.context["type"], "time") self.assertIn(self.logadd, loglist) self.assertIn(self.logview, loglist) def test_NewUser(self): resp = self.staff.get(reverse("user_add")) self.assertEqual(resp.status_code, 200) form = resp.context["form"] post = {} for i in form: if i.value() is not None: post[i.name] = i.value() post["username"] = "******" post["email"] = "*****@*****.**" post["groups"] = self.othergroup.id post["newpass"] = "******" post["confirmpass"] = "******" resp = self.staff.post(reverse("user_add"), post, follow=True) with self.assertRaises(KeyError): print resp.context["form"].errors self.assertEqual(resp.status_code, 200) newuser = User.objects.get(username="******") self.assertEqual(newuser.email, "*****@*****.**") self.assertTrue(newuser.check_password("crazypass")) self.assertIn(self.othergroup, newuser.groups.all()) self.assertNotIn(self.group, newuser.groups.all()) def test_UpdateUser(self): resp = self.staff.get(reverse("user_edit", args=(self.unobody.id,))) self.assertEqual(resp.status_code, 200) form = resp.context["form"] post = {} for i in form: if i.value() is not None: post[i.name] = i.value() post["email"] = "*****@*****.**" post["newpass"] = "******" post["confirmpass"] = "******" resp = self.staff.post(reverse("user_edit", args=(self.unobody.id,)), post, follow=True) self.assertEqual(resp.status_code, 200) newuser = User.objects.get(id=self.unobody.id) self.assertEqual(newuser.email, "*****@*****.**") self.assertTrue(newuser.check_password("differentpass")) def test_import_from_keepass(self): gp = Group(name="KeepassImportTest") gp.save() self.ustaff.groups.add(gp) self.ustaff.save() resp = self.staff.get(reverse("staff.views.import_from_keepass")) self.assertEqual(resp.status_code, 200) form = resp.context["form"] post = {} for i in form: if i.value() is not None: post[i.name] = i.value() post["password"] = "******" post["group"] = gp.id with open("docs/keepass/test2.kdb") as fp: post["file"] = fp resp = self.staff.post(reverse("staff.views.import_from_keepass"), post, follow=True) self.assertEqual(resp.status_code, 200) newcred = Cred.objects.get(title="Google", group=gp) self.assertEqual(newcred.password, "Q5CLQhLqI3CtKgK") self.assertEqual(newcred.tags.all()[0].name, "Internet") def test_credundelete(self): self.cred.delete() resp = self.staff.get(reverse("staff.views.credundelete", args=(self.cred.id,))) self.assertEqual(resp.status_code, 200) self.assertEqual(resp.context["cred"], self.cred) resp = self.staff.post(reverse("staff.views.credundelete", args=(self.cred.id,)), follow=True) self.assertEqual(resp.status_code, 200) cred = Cred.objects.get(id=self.cred.id) self.assertFalse(cred.is_deleted)
def setUp(self): self.data = TestData() self.cred = Cred(title="one", username="******", password="******", group=self.data.group) self.cred.save() self.detail_url = reverse("api_dispatch_detail", kwargs={"resource_name": "cred", "api_name": "v1", "pk": self.cred.pk})
class TestData: def __init__(self): if settings.LDAP_ENABLED: self.getLDAPAuthData() else: self.setUpAuthData() self.setUpBasicData() def login(self, username, password): c = Client() loginurl = reverse('login') c.post(loginurl, { 'auth-username': username, 'auth-password': password, 'rattic_tfa_login_view-current_step': 'auth', }) return c def getLDAPAuthData(self): self.norm = self.login(username='******', password='******') self.unorm = User.objects.get(username='******') self.normpass = '******' self.staff = self.login(username='******', password='******') self.ustaff = User.objects.get(username='******') self.nobody = self.login(username='******', password='******') self.unobody = User.objects.get(username='******') self.group = Group.objects.get(name='testgroup') self.othergroup = Group.objects.get(name='othergroup') def setUpAuthData(self): self.group = Group(name='testgroup') self.group.save() self.othergroup = Group(name='othergroup') self.othergroup.save() self.unorm = User(username='******', email='*****@*****.**') self.unorm.set_password('password') self.normpass = '******' self.unorm.save() self.unorm.groups.add(self.group) self.unorm.save() self.ustaff = User(username='******', email='*****@*****.**', is_staff=True) self.ustaff.set_password('password') self.ustaff.save() self.ustaff.groups.add(self.othergroup) self.ustaff.save() self.unobody = User(username='******', email='*****@*****.**') self.unobody.set_password('password') self.unobody.save() self.norm = self.login(username='******', password='******') self.staff = self.login(username='******', password='******') self.nobody = self.login(username='******', password='******') def setUpBasicData(self): # Make a tag self.tag = Tag(name='tag') self.tag.save() # Make a simple credential self.cred = Cred(title='secret', username='******', password='******', group=self.group) self.cred.save() # Make a cred that'll be tagged self.tagcred = Cred(title='tagged', password='******', group=self.group) self.tagcred.save() self.tagcred.tags.add(self.tag) self.tagcred.save() # A cred that attempts script injection self.injectcred = Cred( title='<script>document.write("BADTITLE!")</script>Bold!', username='******', password='******', group=self.group ) self.injectcred.save() # A cred with markdown self.markdowncred = Cred( title='Markdown Cred', password='******', group=self.group, description='# Test', descriptionmarkdown=True, ) self.markdowncred.save() # Add a Unicode credential self.unicodecred = Cred( title='Unicode ‑ Cred', password='******', group=self.group, description='Γαζέες καὶ μυρτιὲς δὲν θὰ βρῶ πιὰ στὸ χρυσαφὶ ξέφωτο', ) self.unicodecred.save() CredChangeQ.objects.add_to_changeq(self.cred) self.viewedcred = Cred(title='Viewed', password='******', group=self.group) self.viewedcred.save() self.changedcred = Cred(title='Changed', password='******', group=self.group) self.changedcred.save() CredAudit(audittype=CredAudit.CREDADD, cred=self.viewedcred, user=self.unobody).save() CredAudit(audittype=CredAudit.CREDADD, cred=self.changedcred, user=self.unobody).save() CredAudit(audittype=CredAudit.CREDVIEW, cred=self.viewedcred, user=self.unorm).save() CredAudit(audittype=CredAudit.CREDVIEW, cred=self.changedcred, user=self.unorm).save() CredAudit(audittype=CredAudit.CREDCHANGE, cred=self.changedcred, user=self.ustaff).save() self.logadd = CredAudit(audittype=CredAudit.CREDADD, cred=self.cred, user=self.ustaff) self.logview = CredAudit(audittype=CredAudit.CREDVIEW, cred=self.cred, user=self.ustaff) self.logadd.save() self.logview.save()
except Exception as e: print(tag_name, e) print("=> import Entry") for entry in res.get("entries", []): try: kwargs = {} tags = [] for k, v in entry.items(): if k == "tags": tags = v continue if k in ["filename", "filecontent"]: continue kwargs[k] = v kwargs["group"] = owner_group cred = Cred(**kwargs) cred.save() for tag_name in tags: cred.tags.add(Tag.objects.get(name=tag_name)) cred.save() except IntegrityError as e: if e.message.endswith(" is not unique"): pass else: print(entry.get("title"), entry.get("name"), e) except Exception as e: print(entry.get("title"), entry.get("name"), e)
class TestData: def __init__(self): if settings.LDAP_ENABLED: self.getLDAPAuthData() else: self.setUpAuthData() self.setUpBasicData() def login(self, username, password): c = Client() loginurl = reverse("django.contrib.auth.views.login") c.post(loginurl, {"username": username, "password": password}) return c def getLDAPAuthData(self): self.norm = self.login(username="******", password="******") self.unorm = User.objects.get(username="******") self.normpass = "******" self.staff = self.login(username="******", password="******") self.ustaff = User.objects.get(username="******") self.nobody = self.login(username="******", password="******") self.unobody = User.objects.get(username="******") self.group = Group.objects.get(name="testgroup") self.othergroup = Group.objects.get(name="othergroup") def setUpAuthData(self): self.group = Group(name="testgroup") self.group.save() self.othergroup = Group(name="othergroup") self.othergroup.save() self.unorm = User(username="******", email="*****@*****.**") self.unorm.set_password("password") self.normpass = "******" self.unorm.save() self.unorm.groups.add(self.group) self.unorm.save() self.ustaff = User(username="******", email="*****@*****.**", is_staff=True) self.ustaff.set_password("password") self.ustaff.save() self.ustaff.groups.add(self.othergroup) self.ustaff.save() self.unobody = User(username="******", email="*****@*****.**") self.unobody.set_password("password") self.unobody.save() self.norm = self.login(username="******", password="******") self.staff = self.login(username="******", password="******") self.nobody = self.login(username="******", password="******") def setUpBasicData(self): self.tag = Tag(name="tag") self.tag.save() self.cred = Cred(title="secret", username="******", password="******", group=self.group) self.cred.save() self.tagcred = Cred(title="tagged", password="******", group=self.group) self.tagcred.save() self.tagcred.tags.add(self.tag) self.tagcred.save() self.injectcred = Cred( title='<script>document.write("BADTITLE!")</script>Bold!', username='******', password='******', group=self.group, ) self.injectcred.save() self.markdowncred = Cred( title="Markdown Cred", password="******", group=self.group, description="# Test", descriptionmarkdown=True ) self.markdowncred.save() CredChangeQ.objects.add_to_changeq(self.cred) self.viewedcred = Cred(title="Viewed", password="******", group=self.group) self.viewedcred.save() self.changedcred = Cred(title="Changed", password="******", group=self.group) self.changedcred.save() CredAudit(audittype=CredAudit.CREDADD, cred=self.viewedcred, user=self.unobody).save() CredAudit(audittype=CredAudit.CREDADD, cred=self.changedcred, user=self.unobody).save() CredAudit(audittype=CredAudit.CREDVIEW, cred=self.viewedcred, user=self.unorm).save() CredAudit(audittype=CredAudit.CREDVIEW, cred=self.changedcred, user=self.unorm).save() CredAudit(audittype=CredAudit.CREDCHANGE, cred=self.changedcred, user=self.ustaff).save() self.logadd = CredAudit(audittype=CredAudit.CREDADD, cred=self.cred, user=self.ustaff) self.logview = CredAudit(audittype=CredAudit.CREDVIEW, cred=self.cred, user=self.ustaff) self.logadd.save() self.logview.save()