def test_get_for_admin(self):
user = factory.make_User()
admin = factory.make_admin()
handler = UserHandler(admin, {}, None)
self.assertEqual(
self.dehydrate_user(user),
handler.get({"id": user.id}))
def test_update_as_admin_event_log(self):
admin_user = factory.make_admin()
handler = UserHandler(admin_user, {}, None)
user = factory.make_User()
params = make_user_attribute_params(user)
params.update({
"id":
user.id,
"last_name":
factory.make_name("Newname"),
"email":
"new-{}@example.com".format(factory.make_string()),
"is_superuser":
True,
"username":
factory.make_name("newname"),
})
handler.update(params)
event = Event.objects.get(type__level=AUDIT)
self.assertIsNotNone(event)
self.assertEqual(
event.description,
("Updated user profile (username: {username}, "
"full name: {last_name}, "
"email: {email}, administrator: True)").format(**params),
)
def test_delete_as_unprivileged(self):
unpriv_user = factory.make_User()
handler = UserHandler(unpriv_user, {}, None)
user = factory.make_User()
with self.assertRaises(HandlerPermissionError):
handler.delete({"id": user.id})
def test_get_for_user_getting_self(self):
user = factory.make_User()
handler = UserHandler(user, {}, None)
self.assertEqual(
self.dehydrate_user(user, for_self=True),
handler.get({"id": user.id}),
)
def test_list_for_standard_user(self):
user = factory.make_User()
handler = UserHandler(user, {})
# Other users
for _ in range(3):
factory.make_User()
self.assertItemsEqual([self.dehydrate_user(user)], handler.list({}))
def test_delete_as_admin(self):
admin_user = factory.make_admin()
handler = UserHandler(admin_user, {}, None)
user = factory.make_User()
handler.delete({"id": user.id})
self.assertItemsEqual([], User.objects.filter(id=user.id))
def test_last_login(self):
user = factory.make_User()
now = datetime.datetime.utcnow()
user.last_login = now
user.save()
handler = UserHandler(user, {}, None)
last_login_serialised = handler.get({"id": user.id})["last_login"]
self.assertEqual(last_login_serialised, now.strftime(DATETIME_FORMAT))
def test_create_authorisation_token(self):
user = factory.make_User()
handler = UserHandler(user, {}, None)
observed = handler.create_authorisation_token({})
self.assertItemsEqual(["key", "secret", "consumer"], observed.keys())
self.assertItemsEqual(["key", "name"], observed["consumer"].keys())
event = Event.objects.get(type__level=AUDIT)
self.assertIsNotNone(event)
self.assertEqual(event.description, "Created token.")
def test_list_for_admin(self):
admin = factory.make_admin()
handler = UserHandler(admin, {}, None)
factory.make_User()
expected_users = [
self.dehydrate_user(user, for_self=(user == admin))
for user in User.objects.exclude(username__in=SYSTEM_USERS)
]
self.assertItemsEqual(expected_users, handler.list({}))
def test_delete_authorisation_token(self):
user = factory.make_User()
handler = UserHandler(user, {}, None)
observed = handler.create_authorisation_token({})
handler.delete_authorisation_token({"key": observed["key"]})
self.assertIsNone(Token.objects.filter(key=observed["key"]).first())
event = Event.objects.filter(type__level=AUDIT).last()
self.assertIsNotNone(event)
self.assertEqual(event.description, "Deleted token.")
def test_delete_as_admin_event_log(self):
admin_user = factory.make_admin()
handler = UserHandler(admin_user, {}, None)
user = factory.make_User()
handler.delete({"id": user.id})
event = Event.objects.get(type__level=AUDIT)
self.assertIsNotNone(event)
self.assertEqual(event.description,
"Deleted user '{}'.".format(user.username))
def test_change_password(self):
user = factory.make_User()
user.set_password("oldpassword")
handler = UserHandler(user, {}, None)
observed = handler.change_password({
"new_password1": "newpassword",
"new_password2": "newpassword",
"old_password": "******",
})
self.assertEqual(self.dehydrate_user(user, for_self=True), observed)
self.assertTrue(user.check_password("newpassword"))
def test_list_with_sshkeys_and_machines(self):
user, keys = factory.make_user_with_keys()
num_machines = 3
for _ in range(num_machines):
node = factory.make_Node(status=NODE_STATUS.READY)
node.acquire(user)
handler = UserHandler(user, {}, None)
users_from_ws = handler.list({})
self.assertEqual([self.dehydrate_user(user, for_self=True)],
users_from_ws)
user_from_ws = users_from_ws[0]
self.assertEqual(user_from_ws["sshkeys_count"], len(keys))
self.assertEqual(user_from_ws["machines_count"], num_machines)
def test_create_as_unprivileged(self):
unpriv_user = factory.make_User()
handler = UserHandler(unpriv_user, {}, None)
params = {
"username": factory.make_string(),
"last_name": factory.make_string(30),
"email": factory.make_email_address(),
"is_superuser": factory.pick_bool(),
}
password = factory.make_string()
params.update(make_password_params(password))
with self.assertRaises(HandlerPermissionError):
handler.create(params)
def test_update_token_name(self):
user = factory.make_User()
handler = UserHandler(user, {}, None)
new_token_name = factory.make_string()
observed = handler.create_authorisation_token({})
handler.update_token_name({
"key": observed["key"],
"name": new_token_name
})
auth_token = user.userprofile.get_authorisation_tokens().get(
key=observed["key"])
self.assertEqual(auth_token.consumer.name, new_token_name)
event = (Event.objects.filter(
type__level=AUDIT).order_by("-created").first())
self.assertIsNotNone(event)
self.assertEqual(event.description, "Modified consumer name of token.")
def test_list_num_queries_is_the_expected_number(self):
# Prevent RBAC from making a query.
self.useFixture(RBACForceOffFixture())
admin = factory.make_admin()
handler = UserHandler(admin, {}, None)
for _ in range(3):
factory.make_User()
queries_one, _ = count_queries(handler.list, {"limit": 1})
queries_total, _ = count_queries(handler.list, {})
# This check is to notify the developer that a change was made that
# affects the number of queries performed when doing a user listing.
# It is important to keep this number as low as possible. A larger
# number means regiond has to do more work slowing down its process
# and slowing down the client waiting for the response.
self.assertEqual(
queries_one,
1,
"Number of queries has changed; make sure this is expected.",
)
self.assertEqual(
queries_total,
1,
"Number of queries has changed; make sure this is expected.",
)
def test_get_for_user_not_getting_self(self):
user = factory.make_User()
other_user = factory.make_User()
handler = UserHandler(user, {}, None)
self.assertRaises(
HandlerDoesNotExistError, handler.get, {"id": other_user.id}
)
def test_change_other_users_password_as_admin(self):
admin_user = factory.make_admin()
handler = UserHandler(admin_user, {}, None)
user = factory.make_User()
response = handler.admin_change_password({
"id": user.id,
"password1": "newpassword",
"password2": "newpassword",
})
user = reload_object(user)
self.assertIsNone(response)
self.assertTrue(
user.check_password("newpassword"),
"Password not correctly changed",
)
def test_update_other_as_unprivileged(self):
unpriv_user = factory.make_User()
handler = UserHandler(unpriv_user, {}, None)
user = factory.make_User()
params = make_user_attribute_params(user)
params.update(
{
"id": user.id,
"last_name": factory.make_name("Newname"),
"email": "new-{}@example.com".format(factory.make_string()),
"is_superuser": True,
"username": factory.make_name("newname"),
}
)
with self.assertRaises(HandlerPermissionError):
handler.update(params)
def test_create_as_admin_event_log(self):
admin_user = factory.make_admin()
handler = UserHandler(admin_user, {}, None)
params = {
"username": factory.make_string(),
"last_name": factory.make_string(30),
"email": factory.make_email_address(),
"is_superuser": False,
}
password = factory.make_string()
params.update(make_password_params(password))
handler.create(params)
event = Event.objects.get(type__level=AUDIT)
self.assertIsNotNone(event)
self.assertEqual(event.description,
"Created user '{username}'.".format(**params))
def test_update_self_as_unprivileged(self):
user = factory.make_User()
handler = UserHandler(user, {}, None)
params = make_user_attribute_params(user)
params.update(
{
"id": user.id,
"last_name": factory.make_name("Newname"),
"email": "new-{}@example.com".format(factory.make_string()),
"is_superuser": True,
"username": factory.make_name("newname"),
}
)
handler.update(params)
self.assertAttributes(
reload_object(user), subset_dict(params, user_attributes)
)
def test_create_as_admin(self):
admin_user = factory.make_admin()
handler = UserHandler(admin_user, {}, None)
params = {
"username": factory.make_string(),
"last_name": factory.make_string(30),
"email": factory.make_email_address(),
"is_superuser": factory.pick_bool(),
}
password = factory.make_string()
params.update(make_password_params(password))
handler.create(params)
user = User.objects.get(username=params["username"])
self.assertAttributes(user, subset_dict(params, user_attributes))
self.assertTrue(user.check_password(password))
self.assertTrue(user.userprofile.is_local)
def test_update_other_as_unprivileged(self):
unpriv_user = factory.make_User()
handler = UserHandler(unpriv_user, {}, None)
user = factory.make_User()
params = make_user_attribute_params(user)
params.update({
'id':
user.id,
'last_name':
factory.make_name('Newname'),
'email':
'new-{}@example.com'.format(factory.make_string()),
'is_superuser':
True,
'username':
factory.make_name('newname'),
})
with self.assertRaises(HandlerPermissionError):
handler.update(params)
def test_update_self_as_unprivileged(self):
user = factory.make_User()
handler = UserHandler(user, {}, None)
params = make_user_attribute_params(user)
params.update({
'id':
user.id,
'last_name':
factory.make_name('Newname'),
'email':
'new-{}@example.com'.format(factory.make_string()),
'is_superuser':
True,
'username':
factory.make_name('newname'),
})
handler.update(params)
self.assertAttributes(reload_object(user),
subset_dict(params, user_attributes))
def test_change_password_invalid(self):
user = factory.make_User()
user.set_password("oldpassword")
handler = UserHandler(user, {}, None)
self.assertRaises(
HandlerValidationError,
handler.change_password,
{
"new_password1": "newpassword",
"new_password2": "mismatchpassword",
"old_password": "******",
},
)
def test_cannot_change_own_password_as_unprivileged_using_admin(self):
unprivileged_user = factory.make_User()
handler = UserHandler(unprivileged_user, {}, None)
self.assertRaises(
HandlerPermissionError,
handler.admin_change_password,
{
"id": unprivileged_user.id,
"password1": "newpassword",
"password2": "newpassword",
},
)
def test_cannot_change_other_users_password_as_admin_bad_password(self):
admin_user = factory.make_admin()
handler = UserHandler(admin_user, {}, None)
user = factory.make_User()
self.assertRaises(
HandlerValidationError,
handler.admin_change_password,
{
"id": user.id,
"password1": "foo",
"password2": "bar",
},
)
def test_delete_authorisation_token(self):
user = factory.make_User()
handler = UserHandler(user, {})
observed = handler.create_authorisation_token({})
handler.delete_authorisation_token({'key': observed['key']})
self.assertIsNone(Token.objects.filter(key=observed['key']).first())
def test_auth_user(self):
user = factory.make_User()
handler = UserHandler(user, {}, None)
self.assertEqual(self.dehydrate_user(user, for_self=True),
handler.auth_user({}))
def test_create_authorisation_token(self):
user = factory.make_User()
handler = UserHandler(user, {})
observed = handler.create_authorisation_token({})
self.assertItemsEqual(['key', 'secret', 'consumer'], observed.keys())
self.assertItemsEqual(['key', 'name'], observed['consumer'].keys())
